Jump to content

Search the Community

Showing results for tags 'Mindspark'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 5 results

  1. In our organiztion we are continually experiencing hundreds/thousands of log entries for PUP.Option.MindSpark in various forms within Chrome. Wondering how best to either block these or if this is something we need to worry about? Below is a sample from a Management Console report. Please let me know if I should be looking in a different area. Thank you PUP.Optional.MindSpark 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk Anti-Malware PUP.Optional.MindSpark 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\13.855.14.50873_0 Anti-Malware PUP.Optional.MindSpark 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\13.855.14.50873_0\config Anti-Malware PUP.Optional.MindSpark 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\13.855.14.50873_0\icons Anti-Malware PUP.Optional.MindSpark 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\13.855.14.50873_0\js Anti-Malware PUP.Optional.MindSpark 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\13.855.14.50873_0\_locales Anti-Malware PUP.Optional.MindSpark 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\13.855.14.50873_0\_locales\en Anti-Malware PUP.Optional.MindSpark 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\13.855.14.50873_0\_metadata Anti-Malware PUP.Optional.MindSpark 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mallpejgeafdahhflmliiahjdpgbegpk Anti-Malware PUP.Optional.MindSpark.Generic 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajldmnbefgjhdcpcgppaiimhbdfjoedp\13.855.14.53017_0\config Anti-Malware PUP.Optional.MindSpark.Generic 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajldmnbefgjhdcpcgppaiimhbdfjoedp\13.855.14.53017_0 Anti-Malware PUP.Optional.MindSpark.Generic 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajldmnbefgjhdcpcgppaiimhbdfjoedp\13.855.14.53017_0\icons Anti-Malware PUP.Optional.MindSpark.Generic 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajldmnbefgjhdcpcgppaiimhbdfjoedp\13.855.14.53017_0\js Anti-Malware PUP.Optional.MindSpark.Generic 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajldmnbefgjhdcpcgppaiimhbdfjoedp\13.855.14.53017_0\_locales Anti-Malware PUP.Optional.MindSpark.Generic 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajldmnbefgjhdcpcgppaiimhbdfjoedp\13.855.14.53017_0\_locales\en Anti-Malware PUP.Optional.MindSpark.Generic 02/27/2019 14:13 Quarantined C:\Users\sagerval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajldmnbefgjhdcpcgppaiimhbdfjoedp\13.855.14.53017_0\_metadata Anti-Malware
  2. What is DailyFunnyWorld?The Malwarebytes research team has determined that DailyFunnyWorld is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.DailyFunnyWorld is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by DailyFunnyWorld?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:this icon in the menubar of some of the affected browsers:and this new homepage in the affected browsers:How did DailyFunnyWorld get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.How do I remove DailyFunnyWorld?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of DailyFunnyWorld? No, Malwarebytes' Anti-Malware removes DailyFunnyWorld completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the DailyFunnyWorld hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/dailyfunnyworld/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _roMembers_@free.dailyfunnyworld.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _roMembers_@free.dailyfunnyworld.com FF Extension: (DailyFunnyWorld) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_roMembers_@free.dailyfunnyworld.com.xpi [2019-02-28] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=239939196&version=8.885.14.36697&track=TTAB02&trackRevision=1&fromId=_roMembers_%40free.dailyfunnyworld.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://oiedaodjjdfnkfjaphcklblcolefkigc/newtabproduct.html" CHR Extension: (DailyFunnyWorld) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc [2019-02-28] C:\Users\{username}\AppData\Local\DailyFunnyWorldTooltab DailyFunnyWorld Internet Explorer Homepage and New Tab (HKCU\...\DailyFunnyWorldTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\DailyFunnyWorldTooltab Adds the file TooltabExtension.dll"="6/22/2018 6:22 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0 Adds the file manifest.json"="2/28/2019 9:00 AM, 2699 bytes, A Adds the file newtabproduct.html"="2/8/2019 3:01 PM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_metadata Adds the file computed_hashes.json"="2/28/2019 9:00 AM, 5641 bytes, A Adds the file verified_contents.json"="2/8/2019 3:01 PM, 7177 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\config Adds the file config.json"="2/8/2019 3:01 PM, 1499 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js Adds the file ajax.js"="2/8/2019 3:01 PM, 3263 bytes, A Adds the file babAPI.js"="2/8/2019 3:01 PM, 5703 bytes, A Adds the file babClickHandler.js"="2/8/2019 3:01 PM, 11414 bytes, A Adds the file babContentScript.js"="2/8/2019 3:01 PM, 3275 bytes, A Adds the file babContentScriptAPI.js"="2/8/2019 3:01 PM, 5934 bytes, A Adds the file background.js"="2/8/2019 3:01 PM, 22384 bytes, A Adds the file browserUtils.js"="2/8/2019 3:01 PM, 1532 bytes, A Adds the file chrome.js"="2/8/2019 3:01 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="2/8/2019 3:01 PM, 22629 bytes, A Adds the file dateTimeUtils.js"="2/8/2019 3:01 PM, 1213 bytes, A Adds the file dlp.js"="2/8/2019 3:01 PM, 5815 bytes, A Adds the file dlpHelper.js"="2/8/2019 3:01 PM, 1835 bytes, A Adds the file extensionDetect.js"="2/8/2019 3:01 PM, 4354 bytes, A Adds the file index.js"="2/8/2019 3:01 PM, 49 bytes, A Adds the file localStorageContentScript.js"="2/8/2019 3:01 PM, 2236 bytes, A Adds the file logger.js"="2/8/2019 3:01 PM, 516 bytes, A Adds the file meta.js"="2/8/2019 3:01 PM, 516 bytes, A Adds the file offerService.js"="2/8/2019 3:01 PM, 16950 bytes, A Adds the file pageUtils.js"="2/8/2019 3:01 PM, 3577 bytes, A Adds the file PartnerId.js"="2/8/2019 3:01 PM, 16402 bytes, A Adds the file polyfill.js"="2/8/2019 3:01 PM, 875 bytes, A Adds the file product.js"="2/8/2019 3:01 PM, 8604 bytes, A Adds the file remoteConfigLoader.js"="2/8/2019 3:01 PM, 4961 bytes, A Adds the file splashPageLocalStorageSetter.js"="2/8/2019 3:01 PM, 88 bytes, A Adds the file splashPageRedirectHandler.js"="2/8/2019 3:01 PM, 2868 bytes, A Adds the file storageUtils.js"="2/8/2019 3:01 PM, 1718 bytes, A Adds the file TemplateParser.js"="2/8/2019 3:01 PM, 3153 bytes, A Adds the file ul.js"="2/8/2019 3:01 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="2/8/2019 3:01 PM, 2498 bytes, A Adds the file urlUtils.js"="2/8/2019 3:01 PM, 5906 bytes, A Adds the file util.js"="2/8/2019 3:01 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="2/8/2019 3:01 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="2/8/2019 3:01 PM, 7589 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc Adds the file 000003.log"="2/28/2019 9:02 AM, 5821 bytes, A Adds the file CURRENT"="2/28/2019 9:00 AM, 16 bytes, A Adds the file LOCK"="2/28/2019 9:00 AM, 0 bytes, A Adds the file LOG"="2/28/2019 9:02 AM, 412 bytes, A Adds the file LOG.old"="2/28/2019 9:00 AM, 184 bytes, A Adds the file MANIFEST-000001"="2/28/2019 9:00 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_roMembers_@free.dailyfunnyworld.com Adds the file storage.js"="2/28/2019 9:02 AM, 2723 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _roMembers_@free.dailyfunnyworld.com.xpi"="2/28/2019 8:57 AM, 95523 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\DailyFunnyWorld] "Start Page"="REG_SZ", "http://hp.myway.com/dailyfunnyworld/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2FHYSCVNM%3Fc%3D{ptb}%26ptb%3D{p2}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" ==> REG_SZ, "http://hp.myway.com/dailyfunnyworld/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DailyFunnyWorldTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "DailyFunnyWorld Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\DailyFunnyWorldTooltab\TooltabExtension.dll" U uninstall:DailyFunnyWorld" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/28/19 Scan Time: 9:10 AM Log File: 4e1e18fd-3b30-11e9-9c2d-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9480 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236086 Threats Detected: 90 Threats Quarantined: 90 Time Elapsed: 5 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyFunnyWorldTooltab\TooltabExtension.dll, Quarantined, [1727], [356944],1.0.9480 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DailyFunnyWorldTooltab Uninstall Internet Explorer, Quarantined, [1727], [356944],1.0.9480 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\DailyFunnyWorld, Quarantined, [1727], [444113],1.0.9480 Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\DailyFunnyWorld|START PAGE, Quarantined, [1727], [444113],1.0.9480 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DailyFunnyWorldTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [612], [352442],1.0.9480 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|oiedaodjjdfnkfjaphcklblcolefkigc, Quarantined, [1727], [443121],1.0.9480 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [612], [293497],1.0.9480 Data Stream: 0 (No malicious items detected) Folder: 19 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyFunnyWorldTooltab, Quarantined, [1727], [356944],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_roMembers_@free.dailyfunnyworld.com, Quarantined, [1727], [468075],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\es_419, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\pt_BR, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\pt_PT, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\de, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\en, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\es, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\fr, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\it, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\ja, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_metadata, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\config, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OIEDAODJJDFNKFJAPHCKLBLCOLEFKIGC, Quarantined, [1727], [443121],1.0.9480 File: 64 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyFunnyWorldTooltab\TooltabExtension.dll, Quarantined, [1727], [356944],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_roMembers_@free.dailyfunnyworld.com.xpi, Quarantined, [1727], [457930],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_roMembers_@free.dailyfunnyworld.com\storage.js, Quarantined, [1727], [468075],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\000003.log, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\CURRENT, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\LOCK, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\LOG, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\LOG.old, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiedaodjjdfnkfjaphcklblcolefkigc\MANIFEST-000001, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OIEDAODJJDFNKFJAPHCKLBLCOLEFKIGC\13.855.14.51548_0\MANIFEST.JSON, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\config\config.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon128.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon16.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon19disabled.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon19on.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\icons\icon48.png, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\meta.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\ajax.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\babAPI.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\babClickHandler.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\babContentScript.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\babContentScriptAPI.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\background.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\browserUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\chrome.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\contentScriptConnectionManager.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\dateTimeUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\dlp.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\dlpHelper.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\extensionDetect.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\index.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\localStorageContentScript.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\logger.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\offerService.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\pageUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\PartnerId.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\polyfill.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\product.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\remoteConfigLoader.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\splashPageLocalStorageSetter.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\splashPageRedirectHandler.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\storageUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\TemplateParser.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\ul.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\urlFragmentActions.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\urlUtils.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\util.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\webtooltabAPI.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\js\webTooltabAPIProxy.js, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\de\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\en\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\es\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\es_419\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\fr\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\it\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\ja\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\pt_BR\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_locales\pt_PT\messages.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_metadata\computed_hashes.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\_metadata\verified_contents.json, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedaodjjdfnkfjaphcklblcolefkigc\13.855.14.51548_0\newtabproduct.html, Quarantined, [1727], [443121],1.0.9480 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\DAILYFUNNYWORLD.EXE, Quarantined, [612], [365288],1.0.9480 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is MyMapsExpress? The Malwarebytes research team has determined that MyMapsExpress is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. MyMapsExpress is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by MyMapsExpress? You may see these browser extensions/add-ons: these warnings during install: You may see this entry in your list of installed software: and this new homepage in the affected browsers: How did MyMapsExpress get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website. How do I remove MyMapsExpress? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MyMapsExpress? If you are using an older version of Malwarebytes, you may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the MyMapsExpress entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the MyMapsExpress hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/mymapsexpress/ttab02/index.html?n={n1}&p2={p2}&ptb={ptb}&coid={coid} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_k8Members_@www.mymapsexpress.com.xpi [2018-01-16] C:\Users\{username}\AppData\Local\MyMapsExpressTooltab MyMapsExpress Internet Explorer Homepage and New Tab (HKCU\...\MyMapsExpressTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Most signifiant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0 Adds the file dynamicNewTab.html"="11/9/2017 3:49 PM, 932 bytes, A Adds the file manifest.json"="1/16/2018 9:34 AM, 2482 bytes, A Adds the file product.html"="11/9/2017 3:49 PM, 932 bytes, A Adds the file stubby.html"="11/9/2017 3:49 PM, 932 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\_metadata Adds the file computed_hashes.json"="1/16/2018 9:34 AM, 3620 bytes, A Adds the file verified_contents.json"="11/9/2017 3:49 PM, 4621 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\config Adds the file config.json"="11/9/2017 3:49 PM, 1530 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\icons Adds the file icon128.png"="1/16/2018 9:34 AM, 5516 bytes, A Adds the file icon16.png"="11/9/2017 3:49 PM, 894 bytes, A Adds the file icon19disabled.png"="11/9/2017 3:49 PM, 789 bytes, A Adds the file icon19on.png"="1/16/2018 9:34 AM, 561 bytes, A Adds the file icon48.png"="1/16/2018 9:34 AM, 1800 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js Adds the file ajax.js"="11/9/2017 3:49 PM, 2250 bytes, A Adds the file background.js"="11/9/2017 3:49 PM, 19608 bytes, A Adds the file chrome.js"="11/9/2017 3:49 PM, 180 bytes, A Adds the file content_script.js"="11/9/2017 3:49 PM, 5917 bytes, A Adds the file dlp.js"="11/9/2017 3:49 PM, 5690 bytes, A Adds the file dlpHelper.js"="11/9/2017 3:49 PM, 1836 bytes, A Adds the file extension_detect.js"="11/9/2017 3:49 PM, 4343 bytes, A Adds the file index.js"="11/9/2017 3:49 PM, 82 bytes, A Adds the file logger.js"="11/9/2017 3:49 PM, 575 bytes, A Adds the file pageUtils.js"="11/9/2017 3:49 PM, 2241 bytes, A Adds the file product.js"="11/9/2017 3:49 PM, 4434 bytes, A Adds the file storage.js"="11/9/2017 3:49 PM, 1675 bytes, A Adds the file TabManager.js"="11/9/2017 3:49 PM, 189 bytes, A Adds the file TemplateParser.js"="11/9/2017 3:49 PM, 3080 bytes, A Adds the file ul.js"="11/9/2017 3:49 PM, 3824 bytes, A Adds the file urlFragmentActions.js"="11/9/2017 3:49 PM, 2521 bytes, A Adds the file urlUtils.js"="11/9/2017 3:49 PM, 5385 bytes, A Adds the file util.js"="11/9/2017 3:49 PM, 3840 bytes, A Adds the file webtooltabAPI.js"="11/9/2017 3:49 PM, 8357 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\libs Adds the file PartnerId.js"="11/9/2017 3:49 PM, 22130 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plljhbdegkhnpjnjbhodbjgdmdnnlbcd Adds the file 000003.log"="1/16/2018 9:34 AM, 4609 bytes, A Adds the file CURRENT"="1/16/2018 9:34 AM, 16 bytes, A Adds the file LOCK"="1/16/2018 9:34 AM, 0 bytes, A Adds the file LOG"="1/16/2018 9:36 AM, 412 bytes, A Adds the file LOG.old"="1/16/2018 9:36 AM, 412 bytes, A Adds the file MANIFEST-000001"="1/16/2018 9:34 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\MyMapsExpressTooltab Adds the file TooltabExtension.dll"="8/3/2017 11:30 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_k8Members_@www.mymapsexpress.com Adds the file storage.js"="1/16/2018 9:39 AM, 2279 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _k8Members_@www.mymapsexpress.com.xpi"="1/16/2018 9:37 AM, 46915 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "plljhbdegkhnpjnjbhodbjgdmdnnlbcd"="REG_SZ", "76ED3C314B2D2494829B8E65EA4D0CB1006D4A244382816508D0164ED5CDD80E" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/mymapsexpress/ttab02/index.html?n={n1}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyMapsExpressTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "MyMapsExpress Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\MyMapsExpressTooltab\TooltabExtension.dll" U uninstall:MyMapsExpress" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\MyMapsExpress] "Start Page"="REG_SZ", "http://hp.myway.com/mymapsexpress/ttab02/index.html?n={n1}&p2={p1}&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2F{n}%3Fc%3D{ptb}%26ptb%3D{ptb1}" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/16/18 Scan Time: 9:44 AM Log File: 7f68a311-fa99-11e7-b830-080027750297.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3704 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 241129 Threats Detected: 60 Threats Quarantined: 60 Time Elapsed: 6 min, 47 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MyMapsExpressTooltab\TooltabExtension.dll, Quarantined, [1369], [356944],1.0.3704 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyMapsExpressTooltab Uninstall Internet Explorer, Quarantined, [1369], [356944],1.0.3704 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MyMapsExpress, Quarantined, [1369], [444113],1.0.3704 Registry Value: 2 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyMapsExpressTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [228], [352442],1.0.3704 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MyMapsExpress|START PAGE, Quarantined, [1369], [444113],1.0.3704 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [228], [293497],1.0.3704 Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MyMapsExpressTooltab, Quarantined, [1369], [356944],1.0.3704 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_k8Members_@www.mymapsexpress.com, Quarantined, [1369], [468075],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plljhbdegkhnpjnjbhodbjgdmdnnlbcd, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\_metadata, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\config, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\icons, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\libs, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PLLJHBDEGKHNPJNJBHODBJGDMDNNLBCD, Quarantined, [1369], [467555],1.0.3704 File: 44 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\MyMapsExpressTooltab\TooltabExtension.dll, Quarantined, [1369], [356944],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_k8Members_@www.mymapsexpress.com\storage.js, Quarantined, [1369], [468075],1.0.3704 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_k8Members_@www.mymapsexpress.com.xpi, Quarantined, [1369], [457930],1.0.3704 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\000003.log, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\CURRENT, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\LOCK, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\LOG, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\LOG.old, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\MANIFEST-000001, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PLLJHBDEGKHNPJNJBHODBJGDMDNNLBCD\13.321.12.18585_0\MANIFEST.JSON, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\config\config.json, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\icons\icon128.png, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\icons\icon16.png, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\icons\icon19disabled.png, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\icons\icon19on.png, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\icons\icon48.png, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\ajax.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\background.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\chrome.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\content_script.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\dlp.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\dlpHelper.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\extension_detect.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\index.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\logger.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\pageUtils.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\product.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\storage.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\TabManager.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\TemplateParser.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\ul.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\urlFragmentActions.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\urlUtils.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\util.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\js\webtooltabAPI.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\libs\PartnerId.js, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\_metadata\computed_hashes.json, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\_metadata\verified_contents.json, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\dynamicNewTab.html, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\product.html, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plljhbdegkhnpjnjbhodbjgdmdnnlbcd\13.321.12.18585_0\stubby.html, Quarantined, [1369], [467555],1.0.3704 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\MYMAPSEXPRESS.EXE, Quarantined, [228], [365288],1.0.3704 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is RadioRage? The Malwarebytes research team has determined that RadioRage is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. RadioRage is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by RadioRage? You may see this browser extensions/add-ons: these warnings during install: You may see this entry in your list of installed software: and this new homepage in the affected browsers: How did RadioRage get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website. How do I remove RadioRage? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of RadioRage? If you are using an older version of Malwarebytes, you may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the RadioRage entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the RadioRage hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/radiorage/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_4jMembers_@www.radiorage.com.xpi [2017-12-20] CHR Extension: (RadioRage) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg [2017-12-20] C:\Users\{username}\AppData\Local\RadioRageTooltab RadioRage Internet Explorer Homepage and New Tab (HKCU\...\RadioRageTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Most significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0 Adds the file dynamicNewTab.html"="11/9/2017 4:52 PM, 932 bytes, A Adds the file manifest.json"="12/20/2017 9:47 AM, 2471 bytes, A Adds the file product.html"="11/9/2017 4:52 PM, 932 bytes, A Adds the file stubby.html"="11/9/2017 4:52 PM, 932 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\_metadata Adds the file computed_hashes.json"="12/20/2017 9:47 AM, 3620 bytes, A Adds the file verified_contents.json"="11/9/2017 4:52 PM, 4621 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\config Adds the file config.json"="11/9/2017 4:52 PM, 1485 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\icons Adds the file icon128.png"="12/20/2017 9:47 AM, 9565 bytes, A Adds the file icon16.png"="11/9/2017 4:52 PM, 1626 bytes, A Adds the file icon19disabled.png"="11/9/2017 4:52 PM, 1412 bytes, A Adds the file icon19on.png"="12/20/2017 9:47 AM, 594 bytes, A Adds the file icon48.png"="12/20/2017 9:47 AM, 2352 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js Adds the file ajax.js"="11/9/2017 4:52 PM, 2250 bytes, A Adds the file background.js"="11/9/2017 4:52 PM, 19608 bytes, A Adds the file chrome.js"="11/9/2017 4:52 PM, 180 bytes, A Adds the file content_script.js"="11/9/2017 4:52 PM, 5917 bytes, A Adds the file dlp.js"="11/9/2017 4:52 PM, 5690 bytes, A Adds the file dlpHelper.js"="11/9/2017 4:52 PM, 1836 bytes, A Adds the file extension_detect.js"="11/9/2017 4:52 PM, 4343 bytes, A Adds the file index.js"="11/9/2017 4:52 PM, 82 bytes, A Adds the file logger.js"="11/9/2017 4:52 PM, 575 bytes, A Adds the file pageUtils.js"="11/9/2017 4:52 PM, 2241 bytes, A Adds the file product.js"="11/9/2017 4:52 PM, 4434 bytes, A Adds the file storage.js"="11/9/2017 4:52 PM, 1675 bytes, A Adds the file TabManager.js"="11/9/2017 4:52 PM, 189 bytes, A Adds the file TemplateParser.js"="11/9/2017 4:52 PM, 3080 bytes, A Adds the file ul.js"="11/9/2017 4:52 PM, 3824 bytes, A Adds the file urlFragmentActions.js"="11/9/2017 4:52 PM, 2521 bytes, A Adds the file urlUtils.js"="11/9/2017 4:52 PM, 5385 bytes, A Adds the file util.js"="11/9/2017 4:52 PM, 3840 bytes, A Adds the file webtooltabAPI.js"="11/9/2017 4:52 PM, 8357 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\libs Adds the file PartnerId.js"="11/9/2017 4:52 PM, 22130 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhhglheefabmkonikljoblmbdglpdkpg Adds the file 000003.log"="12/20/2017 9:47 AM, 4735 bytes, A Adds the file CURRENT"="12/20/2017 9:47 AM, 16 bytes, A Adds the file LOCK"="12/20/2017 9:47 AM, 0 bytes, A Adds the file LOG"="12/20/2017 9:49 AM, 412 bytes, A Adds the file LOG.old"="12/20/2017 9:47 AM, 184 bytes, A Adds the file MANIFEST-000001"="12/20/2017 9:47 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\RadioRageTooltab Adds the file TooltabExtension.dll"="8/4/2017 1:29 AM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_4jMembers_@www.radiorage.com Adds the file storage.js"="12/20/2017 9:49 AM, 2335 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _4jMembers_@www.radiorage.com.xpi"="12/20/2017 9:45 AM, 52842 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/radiorage/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\RadioRageTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "RadioRage Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\RadioRageTooltab\TooltabExtension.dll" U uninstall:RadioRage" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" [HKEY_CURRENT_USER\Software\RadioRage] "Start Page"="REG_SZ", "http://hp.myway.com/radiorage/ttab02/index.html?n={n}&p2=^ZX^mni000^TTAB02&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2FHYSCVNM%3Fc%3D{ptb}%26ptb%3D^ZX^mni000^TTAB02" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/20/17 Scan Time: 9:55 AM Log File: 974c251a-e563-11e7-9526-080027750297.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3525 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 244625 Threats Detected: 60 Threats Quarantined: 60 Time Elapsed: 1 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\RadioRageTooltab\TooltabExtension.dll, Quarantined, [1394], [356944],1.0.3525 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RadioRageTooltab Uninstall Internet Explorer, Quarantined, [1394], [356944],1.0.3525 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\RadioRage, Quarantined, [1394], [444113],1.0.3525 Registry Value: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\RadioRage|START PAGE, Quarantined, [1394], [444113],1.0.3525 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RadioRageTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [237], [352442],1.0.3525 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [237], [293497],1.0.3525 Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\RadioRageTooltab, Quarantined, [1394], [356944],1.0.3525 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_4jMembers_@www.radiorage.com, Quarantined, [1394], [468075],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhhglheefabmkonikljoblmbdglpdkpg, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\_metadata, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\config, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\icons, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\libs, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JHHGLHEEFABMKONIKLJOBLMBDGLPDKPG, Quarantined, [1394], [467555],1.0.3525 File: 44 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\RadioRageTooltab\TooltabExtension.dll, Quarantined, [1394], [356944],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_4jMembers_@www.radiorage.com\storage.js, Quarantined, [1394], [468075],1.0.3525 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_4jMembers_@www.radiorage.com.xpi, Quarantined, [1394], [457930],1.0.3525 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhhglheefabmkonikljoblmbdglpdkpg\000003.log, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhhglheefabmkonikljoblmbdglpdkpg\CURRENT, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhhglheefabmkonikljoblmbdglpdkpg\LOCK, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhhglheefabmkonikljoblmbdglpdkpg\LOG, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhhglheefabmkonikljoblmbdglpdkpg\LOG.old, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhhglheefabmkonikljoblmbdglpdkpg\MANIFEST-000001, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JHHGLHEEFABMKONIKLJOBLMBDGLPDKPG\13.321.12.18926_0\MANIFEST.JSON, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\config\config.json, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\icons\icon128.png, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\icons\icon16.png, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\icons\icon19disabled.png, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\icons\icon19on.png, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\icons\icon48.png, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\ajax.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\background.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\chrome.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\content_script.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\dlp.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\dlpHelper.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\extension_detect.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\index.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\logger.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\pageUtils.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\product.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\storage.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\TabManager.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\TemplateParser.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\ul.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\urlFragmentActions.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\urlUtils.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\util.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\js\webtooltabAPI.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\libs\PartnerId.js, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\_metadata\computed_hashes.json, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\_metadata\verified_contents.json, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\dynamicNewTab.html, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\product.html, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhglheefabmkonikljoblmbdglpdkpg\13.321.12.18926_0\stubby.html, Quarantined, [1394], [467555],1.0.3525 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\RADIORAGE.EXE, Quarantined, [237], [365288],1.0.3525 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. For the past three weeks, malware detects many instances of PUP.Optional.MindSpark.Generic whenever I run a scan. When click on it to quarantine the infections, my google chrome browser automatically closes. After quarantining, I then normally delete the quarantined files. Many times I would then shut off my computer and restart it. After a few hours or less of computer usage, if I then run malwarebytes again, I would find that a reinfection has occurred. It seems that I am not able to get rid of the infection with Malwarebytes. Kindly advise me on what to do. It's a bit annoying for me to continually have to restart my computer and my browser so many times.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.