Jump to content

Search the Community

Showing results for tags 'citrio'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. What is Catalina?The Malwarebytes research team has determined that Catalina is a potentially unwanted program (PUP) that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing.How do I know if my computer is affected by Catalina?You may see these warnings during install:these icons in your startmenu, your taskbar and on your desktop:these tasks in your Scheduled Tasks:and this entry in your list of installed Programs and Features:How did Catalina get on my computer?Adware applications use different methods for distributing themselves. This particular one was installed by a bundler.In this case with the Citrio browser:How do I remove Catalina?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Catalina? No, Malwarebytes removes Catalina completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. Malwarebytes does not remove the Citrio browser. If you want to remove it, you can uninstall that from the Windows Control Panel. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the Catalina adware. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: HKCU\...\Run: [CatalinaGroup Update] => C:\Users\{username}\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [132104 2019-02-13] (Catalina Group Limited -> Catalina Group Ltd.) <==== ATTENTION FF Plugin HKCU: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\{username}\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2019-02-13] (Catalina Group Ltd.) FF Plugin HKCU: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\{username}\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2019-02-13] (Catalina Group Ltd.) C:\Users\{username}\Desktop\Chrome Web Store.lnk C:\Users\{username}\Desktop\Facebook.lnk C:\Users\{username}\Desktop\YouTube.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio.lnk C:\Users\{username}\Desktop\Citrio.lnk C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA.job C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core.job C:\Users\{username}\AppData\Local\CatalinaGroup C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core C:\Users\{username}\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe Citrio (HKCU\...\Citrio) (Version: 50.0.2661.276 - © Catalinagroup Ltd.) <==== ATTENTION Task: {18948E4E-B2F0-4193-BCD3-984AB9734C95} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA => C:\Users\{username}\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe (Catalina Group Limited -> Catalina Group Ltd.) [File not signed] <==== ATTENTION Task: {467A2CF4-D247-447D-9C6F-0F2E9E5F9BB6} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core => C:\Users\{username}\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe (Catalina Group Limited -> Catalina Group Ltd.) [File not signed] <==== ATTENTION Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core.job => C:\Users\{username}\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA.job => C:\Users\{username}\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe <==== ATTENTION ShortcutWithArgument: C:\Users\{username}\Desktop\Facebook.lnk -> C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe (CatalinaGroup Ltd.) -> "hxxp://www.facebook.com" ShortcutWithArgument: C:\Users\{username}\Desktop\YouTube.lnk -> C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe (CatalinaGroup Ltd.) -> "hxxp://www.youtube.com" FirewallRules: [{E73D6DA6-FC7D-4EBA-8C14-BBAA3BFDD8FD}] => (Allow) C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe (Catalina Group Limited -> CatalinaGroup Ltd.) Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application Adds the file chrome.VisualElementsManifest.xml"="2/13/2019 10:26 AM, 342 bytes, A Adds the file citrio.exe"="5/31/2017 6:03 AM, 1083264 bytes, A Adds the file debug.log"="2/13/2019 10:26 AM, 258 bytes, A Adds the folder C:\Users\{username}\AppData\Local\CatalinaGroup\CrashReports Adds the folder C:\Users\{username}\AppData\Local\CatalinaGroup\Update Adds the file CatalinaUpdate.exe"="2/13/2019 10:25 AM, 132104 bytes, A Adds the folder C:\Users\{username}\AppData\Local\CatalinaGroup\Update\1.3.25.225 Adds the file CatalinaCrashHandler.exe"="2/13/2019 10:25 AM, 132104 bytes, A Adds the file CatalinaUpdate.exe"="2/13/2019 10:25 AM, 132104 bytes, A Adds the file CatalinaUpdateBroker.exe"="2/13/2019 10:25 AM, 59912 bytes, A Adds the file CatalinaUpdateHelper.msi"="2/13/2019 10:25 AM, 40960 bytes, A Adds the file CatalinaUpdateOnDemand.exe"="2/13/2019 10:25 AM, 59912 bytes, A Adds the file goopdate.dll"="2/13/2019 10:25 AM, 802312 bytes, A Adds the file goopdateres_am.dll"="2/13/2019 10:25 AM, 24072 bytes, A Adds the file goopdateres_ar.dll"="2/13/2019 10:25 AM, 25608 bytes, A Adds the file goopdateres_bg.dll"="2/13/2019 10:25 AM, 29192 bytes, A Adds the file goopdateres_bn.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_ca.dll"="2/13/2019 10:25 AM, 28680 bytes, A Adds the file goopdateres_cs.dll"="2/13/2019 10:25 AM, 27656 bytes, A Adds the file goopdateres_da.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_de.dll"="2/13/2019 10:25 AM, 30216 bytes, A Adds the file goopdateres_el.dll"="2/13/2019 10:25 AM, 29704 bytes, A Adds the file goopdateres_en.dll"="2/13/2019 10:25 AM, 26632 bytes, A Adds the file goopdateres_en-GB.dll"="2/13/2019 10:25 AM, 27144 bytes, A Adds the file goopdateres_es.dll"="2/13/2019 10:25 AM, 30216 bytes, A Adds the file goopdateres_es-419.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_et.dll"="2/13/2019 10:25 AM, 27144 bytes, A Adds the file goopdateres_fa.dll"="2/13/2019 10:25 AM, 26632 bytes, A Adds the file goopdateres_fi.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_fil.dll"="2/13/2019 10:25 AM, 29192 bytes, A Adds the file goopdateres_fr.dll"="2/13/2019 10:25 AM, 29704 bytes, A Adds the file goopdateres_gu.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_hi.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_hr.dll"="2/13/2019 10:25 AM, 28680 bytes, A Adds the file goopdateres_hu.dll"="2/13/2019 10:25 AM, 28680 bytes, A Adds the file goopdateres_id.dll"="2/13/2019 10:25 AM, 27144 bytes, A Adds the file goopdateres_is.dll"="2/13/2019 10:25 AM, 27656 bytes, A Adds the file goopdateres_it.dll"="2/13/2019 10:25 AM, 29704 bytes, A Adds the file goopdateres_iw.dll"="2/13/2019 10:25 AM, 25096 bytes, A Adds the file goopdateres_ja.dll"="2/13/2019 10:25 AM, 23560 bytes, A Adds the file goopdateres_kn.dll"="2/13/2019 10:25 AM, 28680 bytes, A Adds the file goopdateres_ko.dll"="2/13/2019 10:25 AM, 23048 bytes, A Adds the file goopdateres_lt.dll"="2/13/2019 10:25 AM, 27144 bytes, A Adds the file goopdateres_lv.dll"="2/13/2019 10:25 AM, 29192 bytes, A Adds the file goopdateres_ml.dll"="2/13/2019 10:25 AM, 30728 bytes, A Adds the file goopdateres_mr.dll"="2/13/2019 10:25 AM, 27656 bytes, A Adds the file goopdateres_ms.dll"="2/13/2019 10:25 AM, 27656 bytes, A Adds the file goopdateres_nl.dll"="2/13/2019 10:25 AM, 29192 bytes, A Adds the file goopdateres_no.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_pl.dll"="2/13/2019 10:25 AM, 29192 bytes, A Adds the file goopdateres_pt-BR.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_pt-PT.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_ro.dll"="2/13/2019 10:25 AM, 28680 bytes, A Adds the file goopdateres_ru.dll"="2/13/2019 10:25 AM, 27656 bytes, A Adds the file goopdateres_sk.dll"="2/13/2019 10:25 AM, 28680 bytes, A Adds the file goopdateres_sl.dll"="2/13/2019 10:25 AM, 28680 bytes, A Adds the file goopdateres_sr.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_sv.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_sw.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_ta.dll"="2/13/2019 10:25 AM, 29192 bytes, A Adds the file goopdateres_te.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_th.dll"="2/13/2019 10:25 AM, 26632 bytes, A Adds the file goopdateres_tr.dll"="2/13/2019 10:25 AM, 28168 bytes, A Adds the file goopdateres_uk.dll"="2/13/2019 10:25 AM, 27656 bytes, A Adds the file goopdateres_ur.dll"="2/13/2019 10:25 AM, 27656 bytes, A Adds the file goopdateres_vi.dll"="2/13/2019 10:25 AM, 27144 bytes, A Adds the file goopdateres_zh-CN.dll"="2/13/2019 10:25 AM, 21000 bytes, A Adds the file goopdateres_zh-TW.dll"="2/13/2019 10:25 AM, 21000 bytes, A Adds the file npCatalinaUpdate3.dll"="2/13/2019 10:25 AM, 237576 bytes, A Adds the file psmachine.dll"="2/13/2019 10:25 AM, 156680 bytes, A Adds the file psuser.dll"="2/13/2019 10:25 AM, 162824 bytes, A Adds the folder C:\Users\{username}\AppData\Local\CatalinaGroup\Update\Download\{92F8A219-E740-49D5-B785-B962AD819724}\50.0.2661.276 Adds the file citrio_50.0.2661.276_1.exe"="6/1/2017 10:00 AM, 59432320 bytes, A Adds the folder C:\Users\{username}\AppData\Local\CatalinaGroup\Update\Install\{5066949F-6C76-4D2D-B5F4-9BA14B8C062B} Adds the file citrio_50.0.2661.276_1.exe"="6/1/2017 10:00 AM, 59432320 bytes, A Adds the folder C:\Users\{username}\AppData\Local\CatalinaGroup\Update\Offline\{BD55EF3F-9661-4327-B056-D2D1C9BD36F7} In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch Adds the file Citrio.lnk"="2/13/2019 10:26 AM, 2455 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar Adds the file Citrio.lnk"="2/13/2019 10:26 AM, 2478 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs Adds the file Citrio.lnk"="2/13/2019 10:26 AM, 2478 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file Chrome Web Store.lnk"="2/13/2019 10:26 AM, 2533 bytes, A Adds the file Citrio.lnk"="2/13/2019 10:26 AM, 2453 bytes, A Adds the file Facebook.lnk"="2/13/2019 10:26 AM, 2493 bytes, A Adds the file YouTube.lnk"="2/13/2019 10:26 AM, 2489 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core"="2/13/2019 10:25 AM, 3540 bytes, A Adds the file CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA"="2/13/2019 10:25 AM, 3936 bytes, A In the existing folder C:\Windows\Tasks Adds the file CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core.job"="2/13/2019 10:25 AM, 902 bytes, A Adds the file CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA.job"="2/13/2019 10:25 AM, 954 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core.job"="REG_BINARY, ............................$... "CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core.job.fp"="REG_DWORD", 1917796137 "CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA.job"="REG_BINARY, ................................ "CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA.job.fp"="REG_DWORD", 1081281079 [HKEY_CURRENT_USER\Software\CatalinaGroup\CitrioDownloader] [HKEY_CURRENT_USER\Software\CatalinaGroup\Update] "LastInstallerError"="REG_DWORD", 0 "LastInstallerResult"="REG_DWORD", 0 "LastInstallerSuccessLaunchCmdLine"="REG_SZ", ""C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe"" "path"="REG_SZ", "C:\Users\{username}\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe" "uid"="REG_SZ", "{6AC4AB17-5F65-4002-8353-583D7EDA74B4}" "version"="REG_SZ", "1.3.25.225" [HKEY_CURRENT_USER\Software\CatalinaGroup\Update\Clients\{0105EA02-802D-4B37-8161-4ED25C493266}] "bt"="REG_SZ", "1" "lang"="REG_SZ", "en" "name"="REG_SZ", "Citrio App Launcher" "oopcrashes"="REG_DWORD", 1 "pv"="REG_SZ", "50.0.2661.276" [HKEY_CURRENT_USER\Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}] "name"="REG_SZ", "Catalina Update" "pv"="REG_SZ", "1.3.25.225" [HKEY_CURRENT_USER\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}] "bt"="REG_SZ", "1" "lang"="REG_SZ", "en" "name"="REG_SZ", "Citrio" "oopcrashes"="REG_DWORD", 1 "pv"="REG_SZ", "50.0.2661.276" [HKEY_CURRENT_USER\Software\CatalinaGroup\Update\Clients\{92F8A219-E740-49D5-B785-B962AD819724}\Commands\on-os-upgrade] "AutoRunOnOSUpgrade"="REG_DWORD", 1 "CommandLine"="REG_SZ", ""C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.276\Installer\setup.exe" --on-os-upgrade --verbose-logging" [HKEY_CURRENT_USER\Software\CatalinaGroup\Update\ClientState\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}] "brand"="REG_SZ", "GGLS" "iid"="REG_SZ", "{B7A36BE9-E198-4287-9D35-BC1CFD561747}" "InstallTime"="REG_DWORD", 1550049952 "pv"="REG_SZ", "1.3.25.225" [HKEY_CURRENT_USER\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}] "_NumAccounts"="REG_SZ", "1" "_NumSignedIn"="REG_SZ", "0" "brand"="REG_SZ", "GGLS" "bt"="REG_SZ", "1" "dr"="REG_SZ", "1" "iid"="REG_SZ", "{B7A36BE9-E198-4287-9D35-BC1CFD561747}" "InstallTime"="REG_DWORD", 1550049966 "lang"="REG_SZ", "en" "LastCheckSuccess"="REG_DWORD", 1550049978 "LastInstallerError"="REG_DWORD", 0 "LastInstallerResult"="REG_DWORD", 0 "LastInstallerSuccessLaunchCmdLine"="REG_SZ", ""C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe"" "lastrun"="REG_SZ", "13194523582822146" "LastWasDefault"="REG_QWORD, .... "pv"="REG_SZ", "50.0.2661.276" "referral"="REG_SZ", "1:citrio_website" "UninstallArguments"="REG_SZ", " --uninstall" "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.276\Installer\setup.exe" "usagestats"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\CatalinaGroup\Update\network\secure] [HKEY_CURRENT_USER\Software\CatalinaGroup\Update\proxy] "source"="REG_SZ", "IE" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CatalinaGroup Update"="REG_SZ", ""C:\Users\{username}\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe" /c" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Citrio] "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe,0" "DisplayName"="REG_SZ", "Citrio" "DisplayVersion"="REG_SZ", "50.0.2661.276" "InstallDate"="REG_SZ", "20190213" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "© Catalinagroup Ltd." "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.276\Installer\setup.exe" --uninstall" "Version"="REG_SZ", "50.0.2661.276" "VersionMajor"="REG_DWORD", 2661 "VersionMinor"="REG_DWORD", 276 [HKEY_CURRENT_USER\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3] "Description"="REG_SZ", "CatalinaGroup Update" "Path"="REG_SZ", "C:\Users\{username}\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll" "ProductName"="REG_SZ", "CatalinaGroup Update" "Vendor"="REG_SZ", "Catalina Group Ltd." "Version"="REG_SZ", "3" [HKEY_CURRENT_USER\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3\MimeTypes\application/x-vnd.catalinahub.update3webcontrol.3] [HKEY_CURRENT_USER\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9] "Description"="REG_SZ", "CatalinaGroup Update" "Path"="REG_SZ", "C:\Users\{username}\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll" "ProductName"="REG_SZ", "CatalinaGroup Update" "Vendor"="REG_SZ", "Catalina Group Ltd." "Version"="REG_SZ", "9" [HKEY_CURRENT_USER\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9\MimeTypes\application/x-vnd.catalinahub.oneclickctrl.9] [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo\1.2.40_0\binaries\win\imageformats] "qico4.dll"="REG_MULTI_SZ, "2017-02-17T13:35:50 ico " [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\{username}\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo\1.2.40_0\binaries\win\imageformats] "qico4.dll"="REG_MULTI_SZ, "40806 0 Windows msvc release full-config 2017-02-17T13:35:50 " Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/13/19 Scan Time: 10:34 AM Log File: 99374b67-2f72-11e9-8ffc-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.527 Update Package Version: 1.0.9238 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236076 Threats Detected: 26 Threats Quarantined: 26 Time Elapsed: 4 min, 27 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\LOCAL\CATALINAGROUP\UPDATE\1.3.25.225\CATALINACRASHHANDLER.EXE, Quarantined, [500], [635491],1.0.9238 Module: 2 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\LOCAL\CATALINAGROUP\UPDATE\1.3.25.225\GOOPDATE.DLL, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\LOCAL\CATALINAGROUP\UPDATE\1.3.25.225\CATALINACRASHHANDLER.EXE, Quarantined, [500], [635491],1.0.9238 Registry Key: 6 PUP.Optional.Catalina, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{467A2CF4-D247-447D-9C6F-0F2E9E5F9BB6}, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{467A2CF4-D247-447D-9C6F-0F2E9E5F9BB6}, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{18948E4E-B2F0-4193-BCD3-984AB9734C95}, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{18948E4E-B2F0-4193-BCD3-984AB9734C95}, Quarantined, [500], [635491],1.0.9238 Registry Value: 1 PUP.Optional.Catalina, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CatalinaGroup Update, Quarantined, [500], [635491],1.0.9238 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 16 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\LOCAL\CATALINAGROUP\UPDATE\1.3.25.225\GOOPDATE.DLL, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\LOCAL\CATALINAGROUP\UPDATE\1.3.25.225\CATALINACRASHHANDLER.EXE, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\WINDOWS\TASKS\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core.job, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\WINDOWS\SYSTEM32\TASKS\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}Core, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\WINDOWS\TASKS\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA.job, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\WINDOWS\SYSTEM32\TASKS\CatalinaGroupUpdateTaskUserS-1-5-21-{userCLSID}UA, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\LOCAL\CATALINAGROUP\UPDATE\CATALINAUPDATE.EXE, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\DESKTOP\CATALINAUPDATESETUP.EXE, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Citrio.lnk, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Citrio.lnk, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\Citrio.lnk, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\DESKTOP\Chrome Web Store.lnk, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\DESKTOP\Citrio.lnk, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\DESKTOP\Facebook.lnk, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\DESKTOP\YouTube.lnk, Quarantined, [500], [635491],1.0.9238 PUP.Optional.Catalina, C:\USERS\{username}\APPDATA\LOCAL\CATALINAGROUP\CITRIO\APPLICATION\CITRIO.EXE, Quarantined, [500], [635491],1.0.9238 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.