Jump to content

Search the Community

Showing results for tags 'nwjs'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. What is BookLot?The Malwarebytes research team has determined that BookLot is a potentially unwanted program (PUP) that behaves like adware.How do I know if my computer is affected by BookLot?This is the main window of the program:You may have noticed these warnings during install:You may see this entry in your list of installed programs:How did BookLot get on my computer?PUPs use different methods for distributing themselves. This particular one was downloaded from their website:How do I remove BookLot?Our program Malwarebytes can detect and remove this program.For a more complete removal it is advisable to use the built-in uninstaller first. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of BookLot? No, Malwarebytes removes BookLot completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes, as well as Browser Guard, would have protected you against the BookLot adware. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: (BookLot -> BookLot) [File not signed] C:\Users\{username}\AppData\Roaming\BookLot\BookLot.exe <6> HKLM-x32\...\Run: [BookLot] => C:\Users\{username}\AppData\Roaming\BookLot\BookLot.exe [5321568 2021-02-09] (BookLot -> BookLot) [File not signed] C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BookLot C:\Users\{username}\AppData\Roaming\BookLot C:\Users\{username}\AppData\Local\BookLot (BookLot) C:\Users\{username}\Downloads\BookLot.17.2102.1pawk.exe BookLot - BookLot for Desktop (HKLM-x32\...\BookLot) (Version: 17.2102.1pawk - BookLot) Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data Adds the file CrashpadMetrics-active.pma"="7/15/2021 6:50 PM, 1048576 bytes, A Adds the file First Run"="7/15/2021 6:50 PM, 0 bytes, A Adds the file Local State"="7/15/2021 6:52 PM, 3429 bytes, A Adds the file lockfile"="7/15/2021 6:50 PM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\BrowserMetrics Adds the file BrowserMetrics-60F0675C-4D0.pma"="7/15/2021 6:50 PM, 4194304 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Crashpad Adds the file metadata"="7/15/2021 6:50 PM, 0 bytes, A Adds the file settings.dat"="7/15/2021 6:50 PM, 40 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Crashpad\reports Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file Cookies"="7/15/2021 6:52 PM, 32768 bytes, A Adds the file Cookies-journal"="7/15/2021 6:52 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file Favicons"="7/15/2021 6:50 PM, 20480 bytes, A Adds the file Favicons-journal"="7/15/2021 6:50 PM, 0 bytes, A Adds the file Google Profile.ico"="7/15/2021 6:50 PM, 151668 bytes, A Adds the file History"="7/15/2021 6:50 PM, 118784 bytes, A Adds the file History-journal"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file Login Data"="7/15/2021 6:50 PM, 18432 bytes, A Adds the file Login Data-journal"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000002"="7/15/2021 6:50 PM, 50 bytes, A Adds the file Network Action Predictor"="7/15/2021 6:50 PM, 36864 bytes, A Adds the file Network Action Predictor-journal"="7/15/2021 6:50 PM, 0 bytes, A Adds the file Network Persistent State"="7/15/2021 6:52 PM, 702 bytes, A Adds the file page_load_capping_opt_out.db"="7/15/2021 6:50 PM, 16384 bytes, A Adds the file page_load_capping_opt_out.db-journal"="7/15/2021 6:50 PM, 0 bytes, A Adds the file Preferences"="7/15/2021 6:52 PM, 2439 bytes, A Adds the file previews_opt_out.db"="7/15/2021 6:50 PM, 16384 bytes, A Adds the file previews_opt_out.db-journal"="7/15/2021 6:50 PM, 0 bytes, A Adds the file QuotaManager"="7/15/2021 6:52 PM, 53248 bytes, A Adds the file QuotaManager-journal"="7/15/2021 6:52 PM, 0 bytes, A Adds the file README"="7/15/2021 6:50 PM, 162 bytes, A Adds the file Secure Preferences"="7/15/2021 6:50 PM, 4720 bytes, A Adds the file Top Sites"="7/15/2021 6:50 PM, 20480 bytes, A Adds the file Top Sites-journal"="7/15/2021 6:50 PM, 0 bytes, A Adds the file TransportSecurity"="7/15/2021 6:52 PM, 1908 bytes, A Adds the file Visited Links"="7/15/2021 6:50 PM, 0 bytes, A Adds the file Web Data"="7/15/2021 6:50 PM, 65536 bytes, A Adds the file Web Data-journal"="7/15/2021 6:50 PM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\blob_storage\ac77392b-6b1d-47e6-8573-7cce486e9cff Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\Cache Adds the file data_0"="7/15/2021 6:50 PM, 45056 bytes, A Adds the file data_1"="7/15/2021 6:50 PM, 270336 bytes, A Adds the file f_000016"="7/15/2021 6:51 PM, 40148 bytes, A Adds the file f_000017"="7/15/2021 6:51 PM, 19777 bytes, A Adds the file index"="7/15/2021 6:50 PM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\data_reduction_proxy_leveldb Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000002"="7/15/2021 6:50 PM, 50 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\databases Adds the file Databases.db"="7/15/2021 6:50 PM, 28672 bytes, A Adds the file Databases.db-journal"="7/15/2021 6:50 PM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\databases\chrome-extension_cofhcpgfklpkiokgamillmifcmjfdmpf_0 Adds the file 1"="7/15/2021 6:50 PM, 16384 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\Extension Rules Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:50 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\Extension State Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:50 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\File System\000\t Adds the file .usage"="7/15/2021 6:50 PM, 24 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\File System\000\t\Paths Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:50 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\File System\001\t Adds the file .usage"="7/15/2021 6:51 PM, 24 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\File System\001\t\Paths Adds the file 000003.log"="7/15/2021 6:51 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:51 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:51 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:51 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:51 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\File System\Origins Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:50 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\GPUCache Adds the file data_0"="7/15/2021 6:50 PM, 8192 bytes, A Adds the file data_1"="7/15/2021 6:50 PM, 270336 bytes, A Adds the file data_2"="7/15/2021 6:50 PM, 8192 bytes, A Adds the file data_3"="7/15/2021 6:50 PM, 8192 bytes, A Adds the file index"="7/15/2021 6:50 PM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\Local Storage\leveldb Adds the file 000004.log"="7/15/2021 6:51 PM, 0 bytes, A Adds the file 000005.ldb"="7/15/2021 6:51 PM, 508632 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:51 PM, 176 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\Session Storage Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:50 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\Site Characteristics Database Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:50 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\Sync Data\LevelDB Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:50 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\Thumbnails Adds the file 000003.log"="7/15/2021 6:50 PM, 0 bytes, A Adds the file CURRENT"="7/15/2021 6:50 PM, 16 bytes, A Adds the file LOCK"="7/15/2021 6:50 PM, 0 bytes, A Adds the file LOG"="7/15/2021 6:50 PM, 0 bytes, A Adds the file MANIFEST-000001"="7/15/2021 6:50 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Default\Web Applications\_nwjs_cofhcpgfklpkiokgamillmifcmjfdmpf Adds the file BookLot.ico"="7/15/2021 6:50 PM, 189361 bytes, A Adds the file BookLot.ico.md5"="7/15/2021 6:50 PM, 16 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\ShaderCache\GPUCache Adds the file data_0"="7/15/2021 6:50 PM, 8192 bytes, A Adds the file data_1"="7/15/2021 6:50 PM, 270336 bytes, A Adds the file data_2"="7/15/2021 6:50 PM, 8192 bytes, A Adds the file data_3"="7/15/2021 6:50 PM, 8192 bytes, A Adds the file index"="7/15/2021 6:50 PM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BookLot\User Data\Stability Adds the file 1232-1626367835995868.pma"="7/15/2021 6:50 PM, 1048576 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\BookLot Adds the file BookLot.exe"="2/9/2021 9:56 AM, 5321568 bytes, A Adds the file d3dcompiler_47.dll"="2/9/2021 9:56 AM, 3710720 bytes, A Adds the file ffmpeg.dll"="2/9/2021 9:56 AM, 1488128 bytes, A Adds the file icudtl.dat"="1/19/2021 11:29 AM, 10245952 bytes, A Adds the file libEGL.dll"="2/9/2021 9:56 AM, 96512 bytes, A Adds the file libGLESv2.dll"="2/9/2021 9:56 AM, 4434688 bytes, A Adds the file natives_blob.bin"="1/19/2021 11:29 AM, 92247 bytes, A Adds the file node.dll"="2/9/2021 9:56 AM, 12371712 bytes, A Adds the file notification_helper.exe"="2/9/2021 9:56 AM, 493312 bytes, A Adds the file nw.dll"="2/9/2021 9:56 AM, 94750464 bytes, A Adds the file nw_100_percent.pak"="1/19/2021 11:29 AM, 1021430 bytes, A Adds the file nw_200_percent.pak"="1/19/2021 11:29 AM, 1341563 bytes, A Adds the file nw_elf.dll"="2/9/2021 9:56 AM, 493824 bytes, A Adds the file resources.pak"="1/19/2021 11:29 AM, 5550400 bytes, A Adds the file snapshot_blob.bin"="1/19/2021 11:29 AM, 1283220 bytes, A Adds the file storage.json"="7/15/2021 6:50 PM, 80 bytes, A Adds the file Uninstall.exe"="7/15/2021 6:50 PM, 472522 bytes, A Adds the file v8_context_snapshot.bin"="1/19/2021 11:29 AM, 1607648 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\BookLot\locales Adds the folder C:\Users\{username}\AppData\Roaming\BookLot\swiftshader Adds the file libEGL.dll"="1/19/2021 11:29 AM, 122368 bytes, A Adds the file libGLESv2.dll"="1/19/2021 11:29 AM, 2256896 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BookLot Adds the file BookLot.lnk"="7/15/2021 6:50 PM, 1821 bytes, A Adds the file Uninstall.lnk"="7/15/2021 6:50 PM, 1837 bytes, A In the existing folder C:\Users\{username}\Downloads Adds the file BookLot.17.2102.1pawk.exe"="7/15/2021 6:49 PM, 73077304 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BookLot"="REG_SZ", "C:\Users\{username}\AppData\Roaming\BookLot\BookLot.exe --su" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BookLot] "DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\BookLot\Uninstall.exe"" "DisplayName"="REG_SZ", "BookLot - BookLot for Desktop" "DisplayVersion"="REG_SZ", "17.2102.1pawk" "EstimatedSize"="REG_DWORD", 179813 "Publisher"="REG_SZ", "BookLot" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\BookLot\Uninstall.exe"" [HKEY_CURRENT_USER\Software\AppDataLow\Software\BookLot] "uid"="REG_SZ", "DA45BCA5-CF3A-4F7F-9413-6A3CB57EC5B2" [HKEY_CURRENT_USER\Software\nwjs] "FirstNotDefault"="REG_QWORD, .../ "metricsid"="REG_SZ", "38bc064e-9870-4b1f-86b5-062244d54abc" "metricsid_enableddate"="REG_SZ", "1626367836" "metricsid_installdate"="REG_SZ", "1626367836" [HKEY_CURRENT_USER\Software\nwjs\BLBeacon] "failed_count"="REG_DWORD", 0 "state"="REG_DWORD", 1 "version"="REG_SZ", "71.0.3578.98" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default] "browser.show_home_button"="REG_SZ", "D4AE6B748030C65B37203BF504F4BAB6B7189D30A8068E933D27D272B9825121" "default_search_provider_data.template_url_data"="REG_SZ", "577902E48778C2084EA38A666D6F118AC7A10E564E6D2C614157FE4553B1CDF1" "google.services.account_id"="REG_SZ", "6FD09700B4A149D948B55F3C0AB72673D5C367B9E751454C6202DC1D3DFA6802" "google.services.last_account_id"="REG_SZ", "6AF24852E27EDB5DFA7E36D3AC87D5EBDB6B1A2ACB4AF4E651C22798B2394A67" "google.services.last_username"="REG_SZ", "BF235C9F83153EC2D71D60021ED0AA56728D62A5264E811DCEBFF589EA33BE81" "google.services.username"="REG_SZ", "A70B5C736433139A005D3E49D73AB8574672434936A4FA21F55757B0E4882F3C" "homepage"="REG_SZ", "6BEC350ECF8125372A826D71D2DB258A636A08AF0C652D9E774072EFB372A346" "homepage_is_newtabpage"="REG_SZ", "71E415DF84698054516E68295FA7E443543243920785F715BF71F2641FD03239" "media.storage_id_salt"="REG_SZ", "7CB55C624C43F9AF857E83B87E0E531816C28E8B247C5FBF4E6515960AD67692" "pinned_tabs"="REG_SZ", "988BA7AF49CBEED46002524FB1DC5972CCCEE6DF03B77A755B3E322D74E33697" "prefs.preference_reset_time"="REG_SZ", "3BB6D1CF1E2266580804D7B343EB3D436157898CC157308C74F704B5D85BFEB3" "safebrowsing.incidents_sent"="REG_SZ", "749D4F2A5067553DBA6E47E7C37A086D83F1623F54420951FD2646E8E8E27C80" "search_provider_overrides"="REG_SZ", "D868509C983E4D4868450576F8A3D3E7E05C68568CF8D7DF91589972AEF37E93" "session.restore_on_startup"="REG_SZ", "43A753CE09B9BF0DC9660872B81B90FD2A0D9B708609FE84D2B964F6828053EA" "session.startup_urls"="REG_SZ", "5622145A2429114A31AC87D39A6757FFC8802A76D4158BC08DC268C76568D401" "settings_reset_prompt.last_triggered_for_default_search"="REG_SZ", "1B7549747E6FD7C37E6D498A93AB6980CF3A2002D339CFD5D09C6997B37FA7E3" "settings_reset_prompt.last_triggered_for_homepage"="REG_SZ", "3937DC165E7432A408A1AEAC832766F0C8D5A7C7ADB070399FE60CB887003332" "settings_reset_prompt.last_triggered_for_startup_urls"="REG_SZ", "9CA5289F21296A288C9A358716171FDF673C04D4A30D443BB97A408B83B08135" "settings_reset_prompt.prompt_wave"="REG_SZ", "8E49A1A3D2AA3456F777518FDCC2BA30722E089ECFD7B7265C2EE8BB90D3EF15" "software_reporter.prompt_seed"="REG_SZ", "CC15095EDB89D7530910B1296F1D27AF2AC038D4F6B627A0668381488E697535" "software_reporter.prompt_version"="REG_SZ", "04FFA133961EA613587BC3C40EBACF2A6F42BCECBCEAE1CE4312993E3A3E752E" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default\extensions.settings] "cofhcpgfklpkiokgamillmifcmjfdmpf"="REG_SZ", "546C6F39CA94AB8674A5B2A48ABF29AC6FB490D863717CD02E0E13B4C94B2938" "mhjfbmdgcfjbbpaeojofohoefgiehjai"="REG_SZ", "0F00F8907440E641CFF1BF70927A0E67B789114BFA04968866EC3812738E5AB5" [HKEY_CURRENT_USER\Software\nwjs\StabilityMetrics] "user_experience_metrics.stability.exited_cleanly"="REG_DWORD", 0 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/15/21 Scan Time: 6:57 PM Log File: b32627c6-e58d-11eb-96c5-080027235d76.json -Software Information- Version: 4.4.2.123 Components Version: 1.0.1358 Update Package Version: 1.0.43135 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 258024 Threats Detected: 27 Threats Quarantined: 26 Time Elapsed: 2 min, 4 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 Module: 9 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\SWIFTSHADER\LIBEGL.DLL, Quarantined, 611, 958698, , , , , 1C85AE3C2CD01A0FA35306E4A79AB09D, E73AEE1DF92CC5ED40F38097310F98C58C41E729C05FE554877B42B620C7D658 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\SWIFTSHADER\LIBGLESV2.DLL, Quarantined, 611, 958698, , , , , DC0A1C2539D26524AADF8AA8937CEF0B, 6C3F9D4062A383983716C6956DEE35C6832E6C7D5DE82D60220D3BF6BEB74A56 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\D3DCOMPILER_47.DLL, Quarantined, 611, 958842, , , , , 16CE419EA09CF06A4DA2F2834101B537, 53AFC756CBE3D08549FBD1B28D7D9ABB40FA03B0F646CD0A156CCE808CDBE7A2 Registry Key: 2 PUP.Optional.BookLot, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\BookLot, Quarantined, 611, 958694, 1.0.43135, , ame, , , PUP.Optional.BookLot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BookLot, Quarantined, 611, 958696, 1.0.43135, , ame, , , Registry Value: 1 PUP.Optional.BookLot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BOOKLOT, Quarantined, 611, 958695, 1.0.43135, , ame, , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BOOKLOT, Quarantined, 611, 958697, 1.0.43135, , ame, , , PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT, Quarantined, 611, 958698, 1.0.43135, , ame, , , PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\LOCAL\BOOKLOT, Removal Failed, 611, 958699, 1.0.43135, , ame, , , File: 6 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\BOOKLOT.EXE, Quarantined, 611, 958695, , , , , AB87FE73A386F63C49D474CBC52B79C8, 187047B6542CB613194F8E3C449D61978735FC28F952EE7B26532A47C697B3D6 PUP.Optional.BookLot, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BookLot\BookLot.lnk, Quarantined, 611, 958697, , , , , DC939E7BF6CF68FAB4F5318ECDB42908, 63BCFBF57B6DED92215F4A71AB77061A31435EA5C9A82CBAE804701ACC45D6FB PUP.Optional.BookLot, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BookLot\Uninstall.lnk, Quarantined, 611, 958697, , , , , D7AFFA393BD5ECEF58066C6293714C3B, D0CB5AF4AB0C9466F2168ADF226F0818AB52143C99F33DE1F5678A928595E6CF PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\SWIFTSHADER\LIBEGL.DLL, Quarantined, 611, 958698, 1.0.43135, , ame, , 1C85AE3C2CD01A0FA35306E4A79AB09D, E73AEE1DF92CC5ED40F38097310F98C58C41E729C05FE554877B42B620C7D658 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\SWIFTSHADER\LIBGLESV2.DLL, Quarantined, 611, 958698, 1.0.43135, , ame, , DC0A1C2539D26524AADF8AA8937CEF0B, 6C3F9D4062A383983716C6956DEE35C6832E6C7D5DE82D60220D3BF6BEB74A56 PUP.Optional.BookLot, C:\USERS\{username}\APPDATA\ROAMING\BOOKLOT\D3DCOMPILER_47.DLL, Quarantined, 611, 958842, 1.0.43135, , ame, , 16CE419EA09CF06A4DA2F2834101B537, 53AFC756CBE3D08549FBD1B28D7D9ABB40FA03B0F646CD0A156CCE808CDBE7A2 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is WeekiPedia?The Malwarebytes research team has determined that WeekiPedia is a potentially unwanted program (PUP) that behaves like adware.How do I know if my computer is affected by WeekiPedia?This is the main window of the program:You may have noticed these warnings during install:You may see this entry in your list of installed programs:and this icon in your startmenu, your taskbar and on your desktop:How did WeekiPedia get on my computer?PUPs use different methods for distributing themselves. This particular one was downloaded from their website:How do I remove WeekiPedia?Our program Malwarebytes can detect and remove this program. For a more complete removal it is advisable to use the built-in uninstaller first. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of WeekiPedia? No, Malwarebytes removes WeekiPedia completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes, as well as Browser Guard would have protected you against the WeekiPedia adware. It would have blocked the website before it became too late. Technical details for expertsPossible signs in FRST logs: (WeekiPedia -> WeekiPedia) [File not signed] C:\Users\{username}\AppData\Roaming\WeekiPedia\WeekiPedia.exe <6> HKLM-x32\...\Run: [WeekiPedia] => C:\Users\{username}\AppData\Roaming\WeekiPedia\WeekiPedia.exe [5320624 2021-04-29] (WeekiPedia -> WeekiPedia) [File not signed] C:\Users\{username}\AppData\Local\WeekiPedia C:\Users\{username}\AppData\Roaming\WeekiPedia C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeekiPedia (WeekiPedia) C:\Users\{username}\Downloads\WeekiPedia.17.2104.1acsm.exe WeekiPedia - WeekiPedia for Desktop (HKLM-x32\...\WeekiPedia) (Version: 17.2104.1acsm - WeekiPedia) Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data Adds the file CrashpadMetrics-active.pma"="7/2/2021 8:54 AM, 1048576 bytes, A Adds the file First Run"="7/2/2021 8:54 AM, 0 bytes, A Adds the file Local State"="7/2/2021 8:55 AM, 3428 bytes, A Adds the file lockfile"="7/2/2021 8:54 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\BrowserMetrics Adds the file BrowserMetrics-60DEB80A-230.pma"="7/2/2021 8:54 AM, 4194304 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Crashpad Adds the file metadata"="7/2/2021 8:54 AM, 0 bytes, A Adds the file settings.dat"="7/2/2021 8:54 AM, 40 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Crashpad\reports Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file Cookies"="7/2/2021 8:54 AM, 32768 bytes, A Adds the file Cookies-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file Favicons"="7/2/2021 8:54 AM, 20480 bytes, A Adds the file Favicons-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the file Google Profile.ico"="7/2/2021 8:54 AM, 151668 bytes, A Adds the file History"="7/2/2021 8:54 AM, 118784 bytes, A Adds the file History-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file Login Data"="7/2/2021 8:54 AM, 18432 bytes, A Adds the file Login Data-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000002"="7/2/2021 8:54 AM, 50 bytes, A Adds the file Network Action Predictor"="7/2/2021 8:54 AM, 36864 bytes, A Adds the file Network Action Predictor-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the file Network Persistent State"="7/2/2021 8:55 AM, 816 bytes, A Adds the file page_load_capping_opt_out.db"="7/2/2021 8:54 AM, 16384 bytes, A Adds the file page_load_capping_opt_out.db-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the file Preferences"="7/2/2021 8:55 AM, 2439 bytes, A Adds the file previews_opt_out.db"="7/2/2021 8:54 AM, 16384 bytes, A Adds the file previews_opt_out.db-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the file QuotaManager"="7/2/2021 8:54 AM, 53248 bytes, A Adds the file QuotaManager-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the file README"="7/2/2021 8:54 AM, 162 bytes, A Adds the file Secure Preferences"="7/2/2021 8:54 AM, 4724 bytes, A Adds the file Top Sites"="7/2/2021 8:54 AM, 20480 bytes, A Adds the file Top Sites-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the file TransportSecurity"="7/2/2021 8:55 AM, 2224 bytes, A Adds the file Visited Links"="7/2/2021 8:54 AM, 0 bytes, A Adds the file Web Data"="7/2/2021 8:54 AM, 65536 bytes, A Adds the file Web Data-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\blob_storage\d4c114d7-3da0-4662-bec0-78486c1f9ed7 Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\Cache Adds the file data_0"="7/2/2021 8:54 AM, 45056 bytes, A Adds the file data_1"="7/2/2021 8:54 AM, 270336 bytes, A Adds the file data_2"="7/2/2021 8:54 AM, 1056768 bytes, A Adds the file data_3"="7/2/2021 8:54 AM, 4202496 bytes, A Adds the file f_000001"="7/2/2021 8:54 AM, 52162 bytes, A Adds the file f_000017"="7/2/2021 8:54 AM, 19777 bytes, A Adds the file index"="7/2/2021 8:54 AM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\data_reduction_proxy_leveldb Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000002"="7/2/2021 8:54 AM, 50 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\databases Adds the file Databases.db"="7/2/2021 8:54 AM, 28672 bytes, A Adds the file Databases.db-journal"="7/2/2021 8:54 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\databases\chrome-extension_olcfdkgmjpanipcocbooiieebhjjdhkp_0 Adds the file 1"="7/2/2021 8:54 AM, 16384 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\Extension Rules Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000001"="7/2/2021 8:54 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\Extension State Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000001"="7/2/2021 8:54 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\File System\000\t Adds the file .usage"="7/2/2021 8:54 AM, 24 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\File System\000\t\Paths Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000001"="7/2/2021 8:54 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\File System\001\t Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\File System\Origins Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000001"="7/2/2021 8:54 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\GPUCache Adds the file data_0"="7/2/2021 8:54 AM, 8192 bytes, A Adds the file data_1"="7/2/2021 8:54 AM, 270336 bytes, A Adds the file data_2"="7/2/2021 8:54 AM, 8192 bytes, A Adds the file data_3"="7/2/2021 8:54 AM, 8192 bytes, A Adds the file index"="7/2/2021 8:54 AM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\Local Storage\leveldb Adds the file 000004.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file 000005.ldb"="7/2/2021 8:54 AM, 505968 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000001"="7/2/2021 8:54 AM, 176 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\Session Storage Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000001"="7/2/2021 8:54 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\Site Characteristics Database Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000001"="7/2/2021 8:54 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\Sync Data\LevelDB Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000001"="7/2/2021 8:54 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\Thumbnails Adds the file 000003.log"="7/2/2021 8:54 AM, 0 bytes, A Adds the file CURRENT"="7/2/2021 8:54 AM, 16 bytes, A Adds the file LOCK"="7/2/2021 8:54 AM, 0 bytes, A Adds the file LOG"="7/2/2021 8:54 AM, 0 bytes, A Adds the file MANIFEST-000001"="7/2/2021 8:54 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Default\Web Applications\_nwjs_olcfdkgmjpanipcocbooiieebhjjdhkp Adds the file WeekiPedia.ico"="7/2/2021 8:54 AM, 189361 bytes, A Adds the file WeekiPedia.ico.md5"="7/2/2021 8:54 AM, 16 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\ShaderCache\GPUCache Adds the file data_0"="7/2/2021 8:54 AM, 8192 bytes, A Adds the file data_1"="7/2/2021 8:54 AM, 270336 bytes, A Adds the file data_2"="7/2/2021 8:54 AM, 8192 bytes, A Adds the file data_3"="7/2/2021 8:54 AM, 8192 bytes, A Adds the file index"="7/2/2021 8:54 AM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\WeekiPedia\User Data\Stability Adds the file 560-1625208841306486.pma"="7/2/2021 8:54 AM, 1048576 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeekiPedia Adds the file Uninstall.lnk"="7/2/2021 8:53 AM, 1866 bytes, A Adds the file WeekiPedia.lnk"="7/2/2021 8:53 AM, 1873 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\WeekiPedia Adds the file d3dcompiler_47.dll"="4/29/2021 9:52 AM, 3710768 bytes, A Adds the file ffmpeg.dll"="4/29/2021 9:52 AM, 1488176 bytes, A Adds the file icudtl.dat"="2/22/2021 9:30 AM, 10245952 bytes, A Adds the file libEGL.dll"="4/29/2021 9:52 AM, 96560 bytes, A Adds the file libGLESv2.dll"="4/29/2021 9:52 AM, 4434736 bytes, A Adds the file natives_blob.bin"="2/22/2021 9:30 AM, 92247 bytes, A Adds the file node.dll"="4/29/2021 9:52 AM, 12371760 bytes, A Adds the file notification_helper.exe"="4/29/2021 9:52 AM, 493360 bytes, A Adds the file nw.dll"="4/29/2021 9:52 AM, 94750512 bytes, A Adds the file nw_100_percent.pak"="2/22/2021 9:30 AM, 1021430 bytes, A Adds the file nw_200_percent.pak"="2/22/2021 9:30 AM, 1341563 bytes, A Adds the file nw_elf.dll"="4/29/2021 9:53 AM, 493872 bytes, A Adds the file resources.pak"="2/22/2021 9:30 AM, 5550400 bytes, A Adds the file snapshot_blob.bin"="2/22/2021 9:30 AM, 1283220 bytes, A Adds the file storage.json"="7/2/2021 8:53 AM, 80 bytes, A Adds the file Uninstall.exe"="7/2/2021 8:53 AM, 472521 bytes, A Adds the file v8_context_snapshot.bin"="2/22/2021 9:30 AM, 1607648 bytes, A Adds the file WeekiPedia.exe"="4/29/2021 9:52 AM, 5320624 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\WeekiPedia\locales Adds the folder C:\Users\{username}\AppData\Roaming\WeekiPedia\swiftshader Adds the file libEGL.dll"="2/22/2021 9:30 AM, 122368 bytes, A Adds the file libGLESv2.dll"="2/22/2021 9:30 AM, 2256896 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WeekiPedia"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WeekiPedia\WeekiPedia.exe --su" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WeekiPedia] "DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\WeekiPedia\Uninstall.exe"" "DisplayName"="REG_SZ", "WeekiPedia - WeekiPedia for Desktop" "DisplayVersion"="REG_SZ", "17.2104.1acsm" "EstimatedSize"="REG_DWORD", 179813 "Publisher"="REG_SZ", "WeekiPedia" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\WeekiPedia\Uninstall.exe"" [HKEY_CURRENT_USER\Software\AppDataLow\Software\WeekiPedia] "uid"="REG_SZ", "ECE0EBBA-E917-43CB-B3D3-9FD29F795AF8" [HKEY_CURRENT_USER\Software\nwjs] "FirstNotDefault"="REG_QWORD, .../ "metricsid"="REG_SZ", "b06b8008-95f6-46e6-b452-699a91d1d254" "metricsid_enableddate"="REG_SZ", "1625208842" "metricsid_installdate"="REG_SZ", "1625208842" [HKEY_CURRENT_USER\Software\nwjs\BLBeacon] "failed_count"="REG_DWORD", 0 "state"="REG_DWORD", 1 "version"="REG_SZ", "71.0.3578.98" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default] "browser.show_home_button"="REG_SZ", "D4AE6B748030C65B37203BF504F4BAB6B7189D30A8068E933D27D272B9825121" "default_search_provider_data.template_url_data"="REG_SZ", "577902E48778C2084EA38A666D6F118AC7A10E564E6D2C614157FE4553B1CDF1" "google.services.account_id"="REG_SZ", "6FD09700B4A149D948B55F3C0AB72673D5C367B9E751454C6202DC1D3DFA6802" "google.services.last_account_id"="REG_SZ", "6AF24852E27EDB5DFA7E36D3AC87D5EBDB6B1A2ACB4AF4E651C22798B2394A67" "google.services.last_username"="REG_SZ", "BF235C9F83153EC2D71D60021ED0AA56728D62A5264E811DCEBFF589EA33BE81" "google.services.username"="REG_SZ", "A70B5C736433139A005D3E49D73AB8574672434936A4FA21F55757B0E4882F3C" "homepage"="REG_SZ", "6BEC350ECF8125372A826D71D2DB258A636A08AF0C652D9E774072EFB372A346" "homepage_is_newtabpage"="REG_SZ", "71E415DF84698054516E68295FA7E443543243920785F715BF71F2641FD03239" "media.storage_id_salt"="REG_SZ", "7CB55C624C43F9AF857E83B87E0E531816C28E8B247C5FBF4E6515960AD67692" "pinned_tabs"="REG_SZ", "988BA7AF49CBEED46002524FB1DC5972CCCEE6DF03B77A755B3E322D74E33697" "prefs.preference_reset_time"="REG_SZ", "3BB6D1CF1E2266580804D7B343EB3D436157898CC157308C74F704B5D85BFEB3" "safebrowsing.incidents_sent"="REG_SZ", "749D4F2A5067553DBA6E47E7C37A086D83F1623F54420951FD2646E8E8E27C80" "search_provider_overrides"="REG_SZ", "D868509C983E4D4868450576F8A3D3E7E05C68568CF8D7DF91589972AEF37E93" "session.restore_on_startup"="REG_SZ", "43A753CE09B9BF0DC9660872B81B90FD2A0D9B708609FE84D2B964F6828053EA" "session.startup_urls"="REG_SZ", "5622145A2429114A31AC87D39A6757FFC8802A76D4158BC08DC268C76568D401" "settings_reset_prompt.last_triggered_for_default_search"="REG_SZ", "1B7549747E6FD7C37E6D498A93AB6980CF3A2002D339CFD5D09C6997B37FA7E3" "settings_reset_prompt.last_triggered_for_homepage"="REG_SZ", "3937DC165E7432A408A1AEAC832766F0C8D5A7C7ADB070399FE60CB887003332" "settings_reset_prompt.last_triggered_for_startup_urls"="REG_SZ", "9CA5289F21296A288C9A358716171FDF673C04D4A30D443BB97A408B83B08135" "settings_reset_prompt.prompt_wave"="REG_SZ", "8E49A1A3D2AA3456F777518FDCC2BA30722E089ECFD7B7265C2EE8BB90D3EF15" "software_reporter.prompt_seed"="REG_SZ", "CC15095EDB89D7530910B1296F1D27AF2AC038D4F6B627A0668381488E697535" "software_reporter.prompt_version"="REG_SZ", "04FFA133961EA613587BC3C40EBACF2A6F42BCECBCEAE1CE4312993E3A3E752E" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default\extensions.settings] "mhjfbmdgcfjbbpaeojofohoefgiehjai"="REG_SZ", "9593465F26DDC6DBFE83AD1087D3D1333D7061ABE55BCFF617CDAB4923496750" "olcfdkgmjpanipcocbooiieebhjjdhkp"="REG_SZ", "D5C3831E953AB6A24E154258E8E1329457BF4EBA5DDC02038EFDA492035D5426" [HKEY_CURRENT_USER\Software\nwjs\StabilityMetrics] "user_experience_metrics.stability.exited_cleanly"="REG_DWORD", 0 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/2/21 Scan Time: 1:39 PM Log File: 332f23a0-db2a-11eb-8fea-080027235d76.json -Software Information- Version: 4.4.2.123 Components Version: 1.0.1358 Update Package Version: 1.0.42562 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 257979 Threats Detected: 16 Threats Quarantined: 0 Time Elapsed: 1 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 4 PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\WEEKIPEDIA\D3DCOMPILER_47.DLL, No Action By User, 3681, 955523, , , , , 4008F961CEF9E2B522304A3675B71414, 262413BDD13F3A81849873DEBAF98042E4D42B638FF00007E36530FF21C8B8BC PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\WEEKIPEDIA\NODE.DLL, No Action By User, 3681, 955523, , , , , 8F5C648B76C142F437105BA2783F3BAA, B3E09B03B6B2360226694667209019A42CD91C697A25BA1D2D948AB5C0773E59 PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\WEEKIPEDIA\SWIFTSHADER\LIBGLESV2.DLL, No Action By User, 3681, 955523, , , , , DC0A1C2539D26524AADF8AA8937CEF0B, 6C3F9D4062A383983716C6956DEE35C6832E6C7D5DE82D60220D3BF6BEB74A56 PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\WEEKIPEDIA\SWIFTSHADER\LIBEGL.DLL, No Action By User, 3681, 955523, , , , , 1C85AE3C2CD01A0FA35306E4A79AB09D, E73AEE1DF92CC5ED40F38097310F98C58C41E729C05FE554877B42B620C7D658 Registry Key: 2 PUP.Optional.WeekiPedia, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\WeekiPedia, No Action By User, 3681, 955527, 1.0.42562, , ame, , , PUP.Optional.WeekiPedia, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WeekiPedia, No Action By User, 3681, 955525, 1.0.42562, , ame, , , Registry Value: 1 PUP.Optional.WeekiPedia, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WEEKIPEDIA, No Action By User, 3681, 955526, 1.0.42562, , ame, , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\LOCAL\WEEKIPEDIA, No Action By User, 3681, 955522, 1.0.42562, , ame, , , PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\WEEKIPEDIA, No Action By User, 3681, 955523, 1.0.42562, , ame, , , PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WEEKIPEDIA, No Action By User, 3681, 955524, 1.0.42562, , ame, , , File: 6 PUP.Optional.WeekiPedia, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeekiPedia\Uninstall.lnk, No Action By User, 3681, 955524, , , , , 5D970565FE466142543594D5A2800F0C, FAEA884F040AB2C599FF13393B87C4A64318082B8F3964D08C81D6AA50B08B2F PUP.Optional.WeekiPedia, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeekiPedia\WeekiPedia.lnk, No Action By User, 3681, 955524, , , , , 2E487197C9126092D86BB2FDFEEC6A34, A15BABC238E6B1C2C3DD1CFECFE3181BE0260B0A7C5B7FCB570A6CF5B034FE7D PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\WEEKIPEDIA\D3DCOMPILER_47.DLL, No Action By User, 3681, 955523, 1.0.42562, , ame, , 4008F961CEF9E2B522304A3675B71414, 262413BDD13F3A81849873DEBAF98042E4D42B638FF00007E36530FF21C8B8BC PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\WEEKIPEDIA\NODE.DLL, No Action By User, 3681, 955523, 1.0.42562, , ame, , 8F5C648B76C142F437105BA2783F3BAA, B3E09B03B6B2360226694667209019A42CD91C697A25BA1D2D948AB5C0773E59 PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\WEEKIPEDIA\SWIFTSHADER\LIBGLESV2.DLL, No Action By User, 3681, 955523, 1.0.42562, , ame, , DC0A1C2539D26524AADF8AA8937CEF0B, 6C3F9D4062A383983716C6956DEE35C6832E6C7D5DE82D60220D3BF6BEB74A56 PUP.Optional.WeekiPedia, C:\USERS\{username}\APPDATA\ROAMING\WEEKIPEDIA\SWIFTSHADER\LIBEGL.DLL, No Action By User, 3681, 955523, 1.0.42562, , ame, , 1C85AE3C2CD01A0FA35306E4A79AB09D, E73AEE1DF92CC5ED40F38097310F98C58C41E729C05FE554877B42B620C7D658 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is ePedia? The Malwarebytes research team has determined that ePedia is a potentially unwanted program that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by ePedia? This is the main windows of the application: You may have noticed these warnings during install: and see this entry in your list of installed Programs: How did ePedia get on my computer? Potentially unwanted programs use different methods for distributing themselves. This particular one was downloaded from their website: How do I remove ePedia? Our program Malwarebytes can detect and remove this adware program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of ePedia? No, Malwarebytes removes ePedia completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below Malwarebytes Browser Guard, as well as the full version of Malwarebytes would have protected you against the ePedia PUP. It would have blocked the installer before it became too late. Technical details for experts Possible signs in FRST logs: (ePedia -> ePedia) [File not signed] C:\Users\{username}\AppData\Roaming\ePedia\ePedia.exe <5> HKLM-x32\...\Run: [ePedia] => C:\Users\{username}\AppData\Roaming\ePedia\ePedia.exe [5321576 2021-04-22] (ePedia -> ePedia) [File not signed] C:\Users\{username}\AppData\Local\ePedia C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePedia C:\Users\{username}\AppData\Roaming\ePedia (ePedia) C:\Users\{username}\Desktop\ePedia.17.2104.1ac.exe ePedia - ePedia for Desktop (HKLM-x32\...\ePedia) (Version: 17.2104.1ac - ePedia) Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data Adds the file BrowserMetrics-spare.pma"="4/23/2021 10:28 AM, 4194304 bytes, A Adds the file CrashpadMetrics-active.pma"="4/23/2021 10:26 AM, 1048576 bytes, A Adds the file First Run"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Local State"="4/23/2021 10:27 AM, 3428 bytes, A Adds the file lockfile"="4/23/2021 10:26 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\BrowserMetrics Adds the file BrowserMetrics-608284B1-CE4.pma"="4/23/2021 10:26 AM, 4194304 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Crashpad Adds the file metadata"="4/23/2021 10:26 AM, 0 bytes, A Adds the file settings.dat"="4/23/2021 10:26 AM, 40 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Crashpad\reports Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Cookies"="4/23/2021 10:27 AM, 32768 bytes, A Adds the file Cookies-journal"="4/23/2021 10:27 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file Favicons"="4/23/2021 10:26 AM, 20480 bytes, A Adds the file Favicons-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Google Profile.ico"="4/23/2021 10:26 AM, 151668 bytes, A Adds the file History"="4/23/2021 10:26 AM, 118784 bytes, A Adds the file History-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Login Data"="4/23/2021 10:26 AM, 18432 bytes, A Adds the file Login Data-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000002"="4/23/2021 10:26 AM, 50 bytes, A Adds the file Network Action Predictor"="4/23/2021 10:26 AM, 36864 bytes, A Adds the file Network Action Predictor-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Network Persistent State"="4/23/2021 10:27 AM, 700 bytes, A Adds the file page_load_capping_opt_out.db"="4/23/2021 10:26 AM, 16384 bytes, A Adds the file page_load_capping_opt_out.db-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Preferences"="4/23/2021 10:27 AM, 2439 bytes, A Adds the file previews_opt_out.db"="4/23/2021 10:26 AM, 16384 bytes, A Adds the file previews_opt_out.db-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file QuotaManager"="4/23/2021 10:26 AM, 53248 bytes, A Adds the file QuotaManager-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file README"="4/23/2021 10:26 AM, 162 bytes, A Adds the file Secure Preferences"="4/23/2021 10:26 AM, 4721 bytes, A Adds the file Top Sites"="4/23/2021 10:26 AM, 20480 bytes, A Adds the file Top Sites-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file TransportSecurity"="4/23/2021 10:27 AM, 2225 bytes, A Adds the file Visited Links"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Web Data"="4/23/2021 10:26 AM, 65536 bytes, A Adds the file Web Data-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Cache Adds the file data_0"="4/23/2021 10:26 AM, 45056 bytes, A Adds the file data_1"="4/23/2021 10:26 AM, 270336 bytes, A Adds the file data_2"="4/23/2021 10:26 AM, 1056768 bytes, A Adds the file data_3"="4/23/2021 10:26 AM, 4202496 bytes, A Adds the file f_000001"="4/23/2021 10:26 AM, 59432 bytes, A Adds the file f_000017"="4/23/2021 10:27 AM, 19658 bytes, A Adds the file index"="4/23/2021 10:26 AM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\data_reduction_proxy_leveldb Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000002"="4/23/2021 10:26 AM, 50 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\databases Adds the file Databases.db"="4/23/2021 10:26 AM, 28672 bytes, A Adds the file Databases.db-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\databases\chrome-extension_kgcdghlhmaciddfdhlacdgnonmchoeen_0 Adds the file 1"="4/23/2021 10:26 AM, 16384 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Extension Rules Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Extension State Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\000\t Adds the file .usage"="4/23/2021 10:26 AM, 24 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\000\t\Paths Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\001\t Adds the file .usage"="4/23/2021 10:26 AM, 24 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\001\t\Paths Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\Origins Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\GPUCache Adds the file data_0"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file data_1"="4/23/2021 10:26 AM, 270336 bytes, A Adds the file data_2"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file data_3"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file index"="4/23/2021 10:26 AM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Local Storage\leveldb Adds the file 000004.log"="4/23/2021 10:27 AM, 0 bytes, A Adds the file 000005.ldb"="4/23/2021 10:27 AM, 504591 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:27 AM, 176 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Session Storage Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Site Characteristics Database Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Sync Data\LevelDB Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Thumbnails Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Web Applications\_nwjs_kgcdghlhmaciddfdhlacdgnonmchoeen Adds the file ePedia.ico"="4/23/2021 10:26 AM, 189361 bytes, A Adds the file ePedia.ico.md5"="4/23/2021 10:26 AM, 16 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\ShaderCache\GPUCache Adds the file data_0"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file data_1"="4/23/2021 10:26 AM, 270336 bytes, A Adds the file data_2"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file data_3"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file index"="4/23/2021 10:26 AM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Stability Adds the file 3300-1619166383844550.pma"="4/23/2021 10:26 AM, 1048576 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\ePedia Adds the file d3dcompiler_47.dll"="4/22/2021 9:08 PM, 3710728 bytes, A Adds the file ePedia.exe"="4/22/2021 9:08 PM, 5321576 bytes, A Adds the file ffmpeg.dll"="4/22/2021 9:08 PM, 1488136 bytes, A Adds the file icudtl.dat"="2/22/2021 9:30 AM, 10245952 bytes, A Adds the file libEGL.dll"="4/22/2021 9:09 PM, 96520 bytes, A Adds the file libGLESv2.dll"="4/22/2021 9:09 PM, 4434696 bytes, A Adds the file natives_blob.bin"="2/22/2021 9:30 AM, 92247 bytes, A Adds the file node.dll"="4/22/2021 9:09 PM, 12371720 bytes, A Adds the file notification_helper.exe"="4/22/2021 9:08 PM, 493320 bytes, A Adds the file nw.dll"="4/22/2021 9:09 PM, 94750472 bytes, A Adds the file nw_100_percent.pak"="2/22/2021 9:30 AM, 1021430 bytes, A Adds the file nw_200_percent.pak"="2/22/2021 9:30 AM, 1341563 bytes, A Adds the file nw_elf.dll"="4/22/2021 9:09 PM, 493832 bytes, A Adds the file resources.pak"="2/22/2021 9:30 AM, 5550400 bytes, A Adds the file snapshot_blob.bin"="2/22/2021 9:30 AM, 1283220 bytes, A Adds the file storage.json"="4/23/2021 10:25 AM, 78 bytes, A Adds the file Uninstall.exe"="4/23/2021 10:25 AM, 472519 bytes, A Adds the file v8_context_snapshot.bin"="2/22/2021 9:30 AM, 1607648 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\ePedia\locales Adds the folder C:\Users\{username}\AppData\Roaming\ePedia\swiftshader Adds the file libEGL.dll"="2/22/2021 9:30 AM, 122368 bytes, A Adds the file libGLESv2.dll"="2/22/2021 9:30 AM, 2256896 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePedia Adds the file ePedia.lnk"="4/23/2021 10:25 AM, 1805 bytes, A Adds the file Uninstall.lnk"="4/23/2021 10:25 AM, 1828 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ePedia"="REG_SZ", "C:\Users\{username}\AppData\Roaming\ePedia\ePedia.exe --su" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ePedia] "DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\ePedia\Uninstall.exe"" "DisplayName"="REG_SZ", "ePedia - ePedia for Desktop" "DisplayVersion"="REG_SZ", "17.2104.1ac" "EstimatedSize"="REG_DWORD", 179813 "Publisher"="REG_SZ", "ePedia" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\ePedia\Uninstall.exe"" [HKEY_CURRENT_USER\Software\AppDataLow\Software\ePedia] "uid"="REG_SZ", "33D082B8-24A7-4321-A765-CB6468763577" [HKEY_CURRENT_USER\Software\nwjs] "FirstNotDefault"="REG_QWORD, .../ "metricsid"="REG_SZ", "c79a3995-1bff-45f9-acce-88f4c1930efa" "metricsid_enableddate"="REG_SZ", "1619166385" "metricsid_installdate"="REG_SZ", "1619166385" [HKEY_CURRENT_USER\Software\nwjs\BLBeacon] "failed_count"="REG_DWORD", 0 "state"="REG_DWORD", 1 "version"="REG_SZ", "71.0.3578.98" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default] "browser.show_home_button"="REG_SZ", "D4AE6B748030C65B37203BF504F4BAB6B7189D30A8068E933D27D272B9825121" "default_search_provider_data.template_url_data"="REG_SZ", "577902E48778C2084EA38A666D6F118AC7A10E564E6D2C614157FE4553B1CDF1" "google.services.account_id"="REG_SZ", "6FD09700B4A149D948B55F3C0AB72673D5C367B9E751454C6202DC1D3DFA6802" "google.services.last_account_id"="REG_SZ", "6AF24852E27EDB5DFA7E36D3AC87D5EBDB6B1A2ACB4AF4E651C22798B2394A67" "google.services.last_username"="REG_SZ", "BF235C9F83153EC2D71D60021ED0AA56728D62A5264E811DCEBFF589EA33BE81" "google.services.username"="REG_SZ", "A70B5C736433139A005D3E49D73AB8574672434936A4FA21F55757B0E4882F3C" "homepage"="REG_SZ", "6BEC350ECF8125372A826D71D2DB258A636A08AF0C652D9E774072EFB372A346" "homepage_is_newtabpage"="REG_SZ", "71E415DF84698054516E68295FA7E443543243920785F715BF71F2641FD03239" "media.storage_id_salt"="REG_SZ", "7CB55C624C43F9AF857E83B87E0E531816C28E8B247C5FBF4E6515960AD67692" "pinned_tabs"="REG_SZ", "988BA7AF49CBEED46002524FB1DC5972CCCEE6DF03B77A755B3E322D74E33697" "prefs.preference_reset_time"="REG_SZ", "3BB6D1CF1E2266580804D7B343EB3D436157898CC157308C74F704B5D85BFEB3" "safebrowsing.incidents_sent"="REG_SZ", "749D4F2A5067553DBA6E47E7C37A086D83F1623F54420951FD2646E8E8E27C80" "search_provider_overrides"="REG_SZ", "D868509C983E4D4868450576F8A3D3E7E05C68568CF8D7DF91589972AEF37E93" "session.restore_on_startup"="REG_SZ", "43A753CE09B9BF0DC9660872B81B90FD2A0D9B708609FE84D2B964F6828053EA" "session.startup_urls"="REG_SZ", "5622145A2429114A31AC87D39A6757FFC8802A76D4158BC08DC268C76568D401" "settings_reset_prompt.last_triggered_for_default_search"="REG_SZ", "1B7549747E6FD7C37E6D498A93AB6980CF3A2002D339CFD5D09C6997B37FA7E3" "settings_reset_prompt.last_triggered_for_homepage"="REG_SZ", "3937DC165E7432A408A1AEAC832766F0C8D5A7C7ADB070399FE60CB887003332" "settings_reset_prompt.last_triggered_for_startup_urls"="REG_SZ", "9CA5289F21296A288C9A358716171FDF673C04D4A30D443BB97A408B83B08135" "settings_reset_prompt.prompt_wave"="REG_SZ", "8E49A1A3D2AA3456F777518FDCC2BA30722E089ECFD7B7265C2EE8BB90D3EF15" "software_reporter.prompt_seed"="REG_SZ", "CC15095EDB89D7530910B1296F1D27AF2AC038D4F6B627A0668381488E697535" "software_reporter.prompt_version"="REG_SZ", "04FFA133961EA613587BC3C40EBACF2A6F42BCECBCEAE1CE4312993E3A3E752E" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default\extensions.settings] "kgcdghlhmaciddfdhlacdgnonmchoeen"="REG_SZ", "AA84C13FE969DBAF19DCD8191411D88E1A3009D9905AE436213BCB5E0CD5FFDB" "mhjfbmdgcfjbbpaeojofohoefgiehjai"="REG_SZ", "0587C0D0BA0469EB273ACFC3E2D5EE454FD81895FB407821E25EEE6AA3EB053A" [HKEY_CURRENT_USER\Software\nwjs\StabilityMetrics] "user_experience_metrics.stability.exited_cleanly"="REG_DWORD", 0 Malwarebytes log: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data Adds the file BrowserMetrics-spare.pma"="4/23/2021 10:28 AM, 4194304 bytes, A Adds the file CrashpadMetrics-active.pma"="4/23/2021 10:26 AM, 1048576 bytes, A Adds the file First Run"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Local State"="4/23/2021 10:27 AM, 3428 bytes, A Adds the file lockfile"="4/23/2021 10:26 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\BrowserMetrics Adds the file BrowserMetrics-608284B1-CE4.pma"="4/23/2021 10:26 AM, 4194304 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Crashpad Adds the file metadata"="4/23/2021 10:26 AM, 0 bytes, A Adds the file settings.dat"="4/23/2021 10:26 AM, 40 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Crashpad\reports Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Cookies"="4/23/2021 10:27 AM, 32768 bytes, A Adds the file Cookies-journal"="4/23/2021 10:27 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file Favicons"="4/23/2021 10:26 AM, 20480 bytes, A Adds the file Favicons-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Google Profile.ico"="4/23/2021 10:26 AM, 151668 bytes, A Adds the file History"="4/23/2021 10:26 AM, 118784 bytes, A Adds the file History-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Login Data"="4/23/2021 10:26 AM, 18432 bytes, A Adds the file Login Data-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000002"="4/23/2021 10:26 AM, 50 bytes, A Adds the file Network Action Predictor"="4/23/2021 10:26 AM, 36864 bytes, A Adds the file Network Action Predictor-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Network Persistent State"="4/23/2021 10:27 AM, 700 bytes, A Adds the file page_load_capping_opt_out.db"="4/23/2021 10:26 AM, 16384 bytes, A Adds the file page_load_capping_opt_out.db-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Preferences"="4/23/2021 10:27 AM, 2439 bytes, A Adds the file previews_opt_out.db"="4/23/2021 10:26 AM, 16384 bytes, A Adds the file previews_opt_out.db-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file QuotaManager"="4/23/2021 10:26 AM, 53248 bytes, A Adds the file QuotaManager-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file README"="4/23/2021 10:26 AM, 162 bytes, A Adds the file Secure Preferences"="4/23/2021 10:26 AM, 4721 bytes, A Adds the file Top Sites"="4/23/2021 10:26 AM, 20480 bytes, A Adds the file Top Sites-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the file TransportSecurity"="4/23/2021 10:27 AM, 2225 bytes, A Adds the file Visited Links"="4/23/2021 10:26 AM, 0 bytes, A Adds the file Web Data"="4/23/2021 10:26 AM, 65536 bytes, A Adds the file Web Data-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Cache Adds the file data_0"="4/23/2021 10:26 AM, 45056 bytes, A Adds the file data_1"="4/23/2021 10:26 AM, 270336 bytes, A Adds the file data_2"="4/23/2021 10:26 AM, 1056768 bytes, A Adds the file data_3"="4/23/2021 10:26 AM, 4202496 bytes, A Adds the file f_000001"="4/23/2021 10:26 AM, 59432 bytes, A Adds the file f_000017"="4/23/2021 10:27 AM, 19658 bytes, A Adds the file index"="4/23/2021 10:26 AM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\data_reduction_proxy_leveldb Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000002"="4/23/2021 10:26 AM, 50 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\databases Adds the file Databases.db"="4/23/2021 10:26 AM, 28672 bytes, A Adds the file Databases.db-journal"="4/23/2021 10:26 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\databases\chrome-extension_kgcdghlhmaciddfdhlacdgnonmchoeen_0 Adds the file 1"="4/23/2021 10:26 AM, 16384 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Extension Rules Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Extension State Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\000\t Adds the file .usage"="4/23/2021 10:26 AM, 24 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\000\t\Paths Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\001\t Adds the file .usage"="4/23/2021 10:26 AM, 24 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\001\t\Paths Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\File System\Origins Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\GPUCache Adds the file data_0"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file data_1"="4/23/2021 10:26 AM, 270336 bytes, A Adds the file data_2"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file data_3"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file index"="4/23/2021 10:26 AM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Local Storage\leveldb Adds the file 000004.log"="4/23/2021 10:27 AM, 0 bytes, A Adds the file 000005.ldb"="4/23/2021 10:27 AM, 504591 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:27 AM, 176 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Session Storage Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Site Characteristics Database Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Sync Data\LevelDB Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Thumbnails Adds the file 000003.log"="4/23/2021 10:26 AM, 0 bytes, A Adds the file CURRENT"="4/23/2021 10:26 AM, 16 bytes, A Adds the file LOCK"="4/23/2021 10:26 AM, 0 bytes, A Adds the file LOG"="4/23/2021 10:26 AM, 0 bytes, A Adds the file MANIFEST-000001"="4/23/2021 10:26 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Default\Web Applications\_nwjs_kgcdghlhmaciddfdhlacdgnonmchoeen Adds the file ePedia.ico"="4/23/2021 10:26 AM, 189361 bytes, A Adds the file ePedia.ico.md5"="4/23/2021 10:26 AM, 16 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\ShaderCache\GPUCache Adds the file data_0"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file data_1"="4/23/2021 10:26 AM, 270336 bytes, A Adds the file data_2"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file data_3"="4/23/2021 10:26 AM, 8192 bytes, A Adds the file index"="4/23/2021 10:26 AM, 262512 bytes, A Adds the folder C:\Users\{username}\AppData\Local\ePedia\User Data\Stability Adds the file 3300-1619166383844550.pma"="4/23/2021 10:26 AM, 1048576 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\ePedia Adds the file d3dcompiler_47.dll"="4/22/2021 9:08 PM, 3710728 bytes, A Adds the file ePedia.exe"="4/22/2021 9:08 PM, 5321576 bytes, A Adds the file ffmpeg.dll"="4/22/2021 9:08 PM, 1488136 bytes, A Adds the file icudtl.dat"="2/22/2021 9:30 AM, 10245952 bytes, A Adds the file libEGL.dll"="4/22/2021 9:09 PM, 96520 bytes, A Adds the file libGLESv2.dll"="4/22/2021 9:09 PM, 4434696 bytes, A Adds the file natives_blob.bin"="2/22/2021 9:30 AM, 92247 bytes, A Adds the file node.dll"="4/22/2021 9:09 PM, 12371720 bytes, A Adds the file notification_helper.exe"="4/22/2021 9:08 PM, 493320 bytes, A Adds the file nw.dll"="4/22/2021 9:09 PM, 94750472 bytes, A Adds the file nw_100_percent.pak"="2/22/2021 9:30 AM, 1021430 bytes, A Adds the file nw_200_percent.pak"="2/22/2021 9:30 AM, 1341563 bytes, A Adds the file nw_elf.dll"="4/22/2021 9:09 PM, 493832 bytes, A Adds the file resources.pak"="2/22/2021 9:30 AM, 5550400 bytes, A Adds the file snapshot_blob.bin"="2/22/2021 9:30 AM, 1283220 bytes, A Adds the file storage.json"="4/23/2021 10:25 AM, 78 bytes, A Adds the file Uninstall.exe"="4/23/2021 10:25 AM, 472519 bytes, A Adds the file v8_context_snapshot.bin"="2/22/2021 9:30 AM, 1607648 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\ePedia\locales Adds the folder C:\Users\{username}\AppData\Roaming\ePedia\swiftshader Adds the file libEGL.dll"="2/22/2021 9:30 AM, 122368 bytes, A Adds the file libGLESv2.dll"="2/22/2021 9:30 AM, 2256896 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePedia Adds the file ePedia.lnk"="4/23/2021 10:25 AM, 1805 bytes, A Adds the file Uninstall.lnk"="4/23/2021 10:25 AM, 1828 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ePedia"="REG_SZ", "C:\Users\{username}\AppData\Roaming\ePedia\ePedia.exe --su" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ePedia] "DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\ePedia\Uninstall.exe"" "DisplayName"="REG_SZ", "ePedia - ePedia for Desktop" "DisplayVersion"="REG_SZ", "17.2104.1ac" "EstimatedSize"="REG_DWORD", 179813 "Publisher"="REG_SZ", "ePedia" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\ePedia\Uninstall.exe"" [HKEY_CURRENT_USER\Software\AppDataLow\Software\ePedia] "uid"="REG_SZ", "33D082B8-24A7-4321-A765-CB6468763577" [HKEY_CURRENT_USER\Software\nwjs] "FirstNotDefault"="REG_QWORD, .../ "metricsid"="REG_SZ", "c79a3995-1bff-45f9-acce-88f4c1930efa" "metricsid_enableddate"="REG_SZ", "1619166385" "metricsid_installdate"="REG_SZ", "1619166385" [HKEY_CURRENT_USER\Software\nwjs\BLBeacon] "failed_count"="REG_DWORD", 0 "state"="REG_DWORD", 1 "version"="REG_SZ", "71.0.3578.98" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default] "browser.show_home_button"="REG_SZ", "D4AE6B748030C65B37203BF504F4BAB6B7189D30A8068E933D27D272B9825121" "default_search_provider_data.template_url_data"="REG_SZ", "577902E48778C2084EA38A666D6F118AC7A10E564E6D2C614157FE4553B1CDF1" "google.services.account_id"="REG_SZ", "6FD09700B4A149D948B55F3C0AB72673D5C367B9E751454C6202DC1D3DFA6802" "google.services.last_account_id"="REG_SZ", "6AF24852E27EDB5DFA7E36D3AC87D5EBDB6B1A2ACB4AF4E651C22798B2394A67" "google.services.last_username"="REG_SZ", "BF235C9F83153EC2D71D60021ED0AA56728D62A5264E811DCEBFF589EA33BE81" "google.services.username"="REG_SZ", "A70B5C736433139A005D3E49D73AB8574672434936A4FA21F55757B0E4882F3C" "homepage"="REG_SZ", "6BEC350ECF8125372A826D71D2DB258A636A08AF0C652D9E774072EFB372A346" "homepage_is_newtabpage"="REG_SZ", "71E415DF84698054516E68295FA7E443543243920785F715BF71F2641FD03239" "media.storage_id_salt"="REG_SZ", "7CB55C624C43F9AF857E83B87E0E531816C28E8B247C5FBF4E6515960AD67692" "pinned_tabs"="REG_SZ", "988BA7AF49CBEED46002524FB1DC5972CCCEE6DF03B77A755B3E322D74E33697" "prefs.preference_reset_time"="REG_SZ", "3BB6D1CF1E2266580804D7B343EB3D436157898CC157308C74F704B5D85BFEB3" "safebrowsing.incidents_sent"="REG_SZ", "749D4F2A5067553DBA6E47E7C37A086D83F1623F54420951FD2646E8E8E27C80" "search_provider_overrides"="REG_SZ", "D868509C983E4D4868450576F8A3D3E7E05C68568CF8D7DF91589972AEF37E93" "session.restore_on_startup"="REG_SZ", "43A753CE09B9BF0DC9660872B81B90FD2A0D9B708609FE84D2B964F6828053EA" "session.startup_urls"="REG_SZ", "5622145A2429114A31AC87D39A6757FFC8802A76D4158BC08DC268C76568D401" "settings_reset_prompt.last_triggered_for_default_search"="REG_SZ", "1B7549747E6FD7C37E6D498A93AB6980CF3A2002D339CFD5D09C6997B37FA7E3" "settings_reset_prompt.last_triggered_for_homepage"="REG_SZ", "3937DC165E7432A408A1AEAC832766F0C8D5A7C7ADB070399FE60CB887003332" "settings_reset_prompt.last_triggered_for_startup_urls"="REG_SZ", "9CA5289F21296A288C9A358716171FDF673C04D4A30D443BB97A408B83B08135" "settings_reset_prompt.prompt_wave"="REG_SZ", "8E49A1A3D2AA3456F777518FDCC2BA30722E089ECFD7B7265C2EE8BB90D3EF15" "software_reporter.prompt_seed"="REG_SZ", "CC15095EDB89D7530910B1296F1D27AF2AC038D4F6B627A0668381488E697535" "software_reporter.prompt_version"="REG_SZ", "04FFA133961EA613587BC3C40EBACF2A6F42BCECBCEAE1CE4312993E3A3E752E" [HKEY_CURRENT_USER\Software\nwjs\PreferenceMACs\Default\extensions.settings] "kgcdghlhmaciddfdhlacdgnonmchoeen"="REG_SZ", "AA84C13FE969DBAF19DCD8191411D88E1A3009D9905AE436213BCB5E0CD5FFDB" "mhjfbmdgcfjbbpaeojofohoefgiehjai"="REG_SZ", "0587C0D0BA0469EB273ACFC3E2D5EE454FD81895FB407821E25EEE6AA3EB053A" [HKEY_CURRENT_USER\Software\nwjs\StabilityMetrics] "user_experience_metrics.stability.exited_cleanly"="REG_DWORD", 0 As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.