Jump to content

Search the Community

Showing results for tags 'pup.optional.forcedextension'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 14 results

  1. What is Domain Trust Checker? The Malwarebytes research team has determined that Domain Trust Checker is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Domain Trust Checker? You may see this entry in your list of installed Chrome extensions: and these warnings during install: How did Domain Trust Checker get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was promoted using fake alert sites. After a few redirects we ended up in the webstore. and is being promoted on their website: How do I remove Domain Trust Checker? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Domain Trust Checker? No, Malwarebytes removes Domain Trust Checker completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Domain Trust Checker hijacker. It would have blocked the domains redirecting you to the webstore: Technical details for experts Possible signs in FRST logs: CHR Extension: (Domain Trust Checker) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpeimiplhoapnlpldgapfbhgfnblgdp [2021-11-29] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpeimiplhoapnlpldgapfbhgfnblgdp\1.0_0 Adds the file krakFianim.js"="9/24/2021 3:41 AM, 9254 bytes, A Adds the file manifest.json"="11/29/2021 12:58 PM, 994 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpeimiplhoapnlpldgapfbhgfnblgdp\1.0_0\_metadata Adds the file computed_hashes.json"="11/29/2021 12:58 PM, 230 bytes, A Adds the file verified_contents.json"="9/24/2021 3:21 AM, 1885 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpeimiplhoapnlpldgapfbhgfnblgdp\1.0_0\gotHas Adds the file image128.png"="11/29/2021 12:58 PM, 6713 bytes, A Adds the file image16.png"="11/29/2021 12:58 PM, 723 bytes, A Adds the file image32.png"="11/29/2021 12:58 PM, 1687 bytes, A Adds the file image64.png"="11/29/2021 12:58 PM, 3587 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp Adds the file 000003.log"="11/29/2021 1:00 PM, 385 bytes, A Adds the file CURRENT"="11/29/2021 12:58 PM, 16 bytes, A Adds the file LOCK"="11/29/2021 12:58 PM, 0 bytes, A Adds the file LOG"="11/29/2021 12:58 PM, 371 bytes, A Adds the file MANIFEST-000001"="11/29/2021 12:58 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "acpeimiplhoapnlpldgapfbhgfnblgdp"="REG_SZ", "D6082339746C7BF48534C47330FAB3067C47F68BDAABEA8129B9FCCF70508E15" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/29/21 Scan Time: 1:08 PM Log File: 01eac764-510d-11ec-8c73-080027235d76.json -Software Information- Version: 4.4.11.149 Components Version: 1.0.1513 Update Package Version: 1.0.47866 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 242865 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 1 min, 56 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|acpeimiplhoapnlpldgapfbhgfnblgdp, Quarantined, 289, 1001449, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp, Quarantined, 289, 1001449, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\acpeimiplhoapnlpldgapfbhgfnblgdp, Quarantined, 289, 1001449, 1.0.47866, , ame, , , File: 7 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 289, 1001449, , , , , EBF61DB459A8C3448E3EE40D792C4968, EF7943B7E7D1FEDBABA2DD4079920C12AA0D86350F87E58626E91DBB13DEDB20 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 289, 1001449, , , , , 7422C33110DC853FDEFC2C9713541ED4, C4B0BAD9517DD4D8BB8F67D15B122341D719FD1D33579EC49CC4EB5D71189B02 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\000003.log, Quarantined, 289, 1001449, , , , , EC3EAF184A10597C994518D791E5164C, C068D90251E31A17385073D885B371684E1479423EC285AADC0F6D0781EB8457 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\CURRENT, Quarantined, 289, 1001449, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\LOCK, Quarantined, 289, 1001449, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\LOG, Quarantined, 289, 1001449, , , , , 05470A1CFED9B73F3D0DE9C52F95D612, ADAFB2592060835F1A96CE4839A8533F293C6E8934A430A71D3D5013CC1EB63F PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acpeimiplhoapnlpldgapfbhgfnblgdp\MANIFEST-000001, Quarantined, 289, 1001449, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is Ad Avenger? The Malwarebytes research team has determined that Ad Avenger is a browser hijacker and forced Chrome extension. How do I know if my computer is affected by Ad Avenger? You may see these warnings during install: And this entry in your list of installed extensions: How did Ad Avenger get on my computer? Forced extensions use typical methods for distributing themselves. This particular one was promoted by a site mimicking a BSOD: and the extension was available in the webstore. How do I remove Ad Avenger? Our program Malwarebytes can detect and remove this unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Ad Avenger? No, Malwarebytes removes Ad Avenger completely. How would the full version of Malwarebytes help protect me? We protect our customers from these extensions by blocking the domains that spread them: Technical details for experts Possible signs in FRST logs: CHR Extension: (Ad Avenger) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp [2021-11-23] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0 Adds the file 52e286516679b6c2d008.svg"="9/21/2021 1:45 AM, 4463 bytes, A Adds the file 9dfe622de6dc7a5cdc2e.svg"="9/21/2021 1:45 AM, 2941 bytes, A Adds the file background.bundle.js"="9/24/2021 3:39 AM, 25398 bytes, A Adds the file db58c24b4bfbd18676af.svg"="9/21/2021 1:45 AM, 502 bytes, A Adds the file e3c2c7bee71bc670f6a5.svg"="9/21/2021 1:45 AM, 2804 bytes, A Adds the file e9879ccc8df45d3edffe.svg"="9/21/2021 1:45 AM, 502 bytes, A Adds the file f4e52e839adc286566c4.svg"="9/21/2021 1:45 AM, 7834 bytes, A Adds the file firstAdBlockedPopup.bundle.js"="9/22/2021 6:11 AM, 29717 bytes, A Adds the file manifest.json"="11/23/2021 10:43 AM, 1604 bytes, A Adds the file popup.bundle.js"="9/24/2021 3:39 AM, 3282 bytes, A Adds the file popup.css"="9/22/2021 6:11 AM, 2186 bytes, A Adds the file popup.html"="9/22/2021 6:11 AM, 3282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\de Adds the file messages.json"="11/23/2021 10:43 AM, 1748 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\en Adds the file messages.json"="11/23/2021 10:43 AM, 1632 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\es Adds the file messages.json"="11/23/2021 10:43 AM, 1782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\fr Adds the file messages.json"="11/23/2021 10:43 AM, 1866 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\it Adds the file messages.json"="11/23/2021 10:43 AM, 1753 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\nl Adds the file messages.json"="11/23/2021 10:43 AM, 1738 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_locales\pt_PT Adds the file messages.json"="11/23/2021 10:43 AM, 1799 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\_metadata Adds the file computed_hashes.json"="11/23/2021 10:43 AM, 39269 bytes, A Adds the file verified_contents.json"="9/21/2021 1:45 AM, 6553 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\adguard Adds the file adguard-api.js"="9/21/2021 3:00 AM, 1432010 bytes, A Adds the file adguard-assistant.js"="9/21/2021 1:45 AM, 9951 bytes, A Adds the file adguard-content.js"="9/21/2021 1:45 AM, 235507 bytes, A Adds the file filters.json"="9/21/2021 1:45 AM, 52213 bytes, A Adds the file filters_i18n.json"="9/21/2021 1:45 AM, 786872 bytes, A Adds the file redirects.yml"="9/21/2021 1:45 AM, 69056 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\adguard\assistant Adds the file assistant.js"="9/22/2021 6:11 AM, 476881 bytes, A Adds the file assistant.js.LICENSE.txt"="9/22/2021 6:11 AM, 66 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\icons\disabled Adds the file 128x128.png"="9/21/2021 1:45 AM, 2082 bytes, A Adds the file 16x16.png"="9/21/2021 1:45 AM, 386 bytes, A Adds the file 24x24.png"="9/21/2021 1:45 AM, 1320 bytes, A Adds the file 32x32.png"="9/21/2021 1:45 AM, 617 bytes, A Adds the file 48x48.png"="9/21/2021 1:45 AM, 910 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\icons\enabled Adds the file 128x128.png"="11/23/2021 10:43 AM, 2279 bytes, A Adds the file 16x16.png"="11/23/2021 10:43 AM, 394 bytes, A Adds the file 24x24.png"="11/23/2021 10:43 AM, 978 bytes, A Adds the file 300x300.png"="9/21/2021 1:45 AM, 5342 bytes, A Adds the file 32x32.png"="11/23/2021 10:43 AM, 657 bytes, A Adds the file 48x48.png"="11/23/2021 10:43 AM, 967 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcnnmihfbpfblmeflmggaccdjlpfpp\1.0.0_0\icons\paused Adds the file 128x128.png"="9/21/2021 1:45 AM, 2106 bytes, A Adds the file 16x16.png"="9/21/2021 1:45 AM, 411 bytes, A Adds the file 24x24.png"="9/21/2021 1:45 AM, 1514 bytes, A Adds the file 32x32.png"="9/21/2021 1:45 AM, 630 bytes, A Adds the file 48x48.png"="9/21/2021 1:45 AM, 915 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp Adds the file 000004.log"="11/23/2021 10:43 AM, 47 bytes, A Adds the file 000005.ldb"="11/23/2021 10:43 AM, 3187284 bytes, A Adds the file CURRENT"="11/23/2021 10:43 AM, 16 bytes, A Adds the file LOCK"="11/23/2021 10:43 AM, 0 bytes, A Adds the file LOG"="11/23/2021 10:43 AM, 528 bytes, A Adds the file MANIFEST-000001"="11/23/2021 10:43 AM, 106 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "aabcnnmihfbpfblmeflmggaccdjlpfpp"="REG_SZ", "9BE250A1FB13FF810B53080319E2E28A2F7753C1BA7B85E32602EC3C6CD4D30B" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/23/21 Scan Time: 10:51 AM Log File: fcf03380-4c42-11ec-a06d-080027235d76.json -Software Information- Version: 4.4.11.149 Components Version: 1.0.1513 Update Package Version: 1.0.47539 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 243147 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 0 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|aabcnnmihfbpfblmeflmggaccdjlpfpp, Quarantined, 290, 999753, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp, Quarantined, 290, 999753, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\aabcnnmihfbpfblmeflmggaccdjlpfpp, Quarantined, 290, 999753, 1.0.47539, , ame, , , File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 290, 999753, , , , , F88F08FFCF4016B6F561F7BE6D69917D, 08F79CF373A3A0973CC3254B059DC7F442B4938B7EA054D320CA51D9974436F8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 290, 999753, , , , , 5D97162A5404EFBFC1CB01305EDF7181, 51FB74C1F45AAFF2316DEFC3675851E30B2B7506C7CB30C0BC63D74DCE0564A3 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\000004.log, Quarantined, 290, 999753, , , , , 4282EA14DF01A55AB2687A81A9633D89, FED16FB5E294C1022BE4212041BA4CF5FCEEC73978B736EDD4ED4A4C312A0B66 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\000005.ldb, Quarantined, 290, 999753, , , , , 7F157FA006DDE4EB5AD43046E0C1753D, A0017BF6FC0B37A824E5AE19C379C60F50AB2D69DA09AF56B3994FD78BF263ED PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\CURRENT, Quarantined, 290, 999753, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\LOCK, Quarantined, 290, 999753, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\LOG, Quarantined, 290, 999753, , , , , D9241EA5893EBD1A0E7AA5D565570510, 4CA77E3B669897F7F41A89AAEA908E585000682B125E1733B1F7DBD6C4D4D6A5 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aabcnnmihfbpfblmeflmggaccdjlpfpp\MANIFEST-000001, Quarantined, 290, 999753, , , , , A44370B5654C26C5F182A43733452105, 3406A540A4195A9FAE333C4946B98D81F1B1792E97392A33400974592F490408 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is Speed Check? The Malwarebytes research team has determined that Speed Check is a browser hijacker and forced Edge extension. This extension was available for Chrome and Firefox according tho their website, but those have been removed from the webstores. How do I know if my computer is affected by Speed Check? You may see these warnings during install: You may see this entry in your list of installed Edge extensions: and this icon in the browser's menu-bar: How did Speed Check get on my computer? Forced extensions use a typical method for distributing themselves. This particular one was also available in the webstore. and is being promoted on their website: How do I remove Speed Check? Our program Malwarebytes can detect and remove this unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Speed Check? No, Malwarebytes removes Speed Check completely. Technical details for experts Possible signs in FRST logs: Edge Extension: (Speed Check) - C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll [2021-11-04] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0 Adds the file manifest.json"="11/4/2021 11:21 AM, 987 bytes, A Adds the file ttrag.js"="9/9/2021 5:17 PM, 8869 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\__MACOSX Adds the file ._ics"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._manifest.json"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._ttrag.js"="9/9/2021 5:17 PM, 211 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\__MACOSX\ics Adds the file ._image128.png"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._image16.png"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._image32.png"="9/9/2021 3:37 PM, 211 bytes, A Adds the file ._image64.png"="9/9/2021 3:37 PM, 211 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\_metadata Adds the file computed_hashes.json"="11/4/2021 11:21 AM, 1045 bytes, A Adds the file verified_contents.json"="9/13/2021 11:54 AM, 2960 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\ics Adds the file image128.png"="11/4/2021 11:21 AM, 8193 bytes, A Adds the file image16.png"="11/4/2021 11:21 AM, 818 bytes, A Adds the file image32.png"="11/4/2021 11:21 AM, 1934 bytes, A Adds the file image64.png"="11/4/2021 11:21 AM, 3940 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll Adds the file 000003.log"="11/4/2021 11:21 AM, 317 bytes, A Adds the file CURRENT"="11/4/2021 11:21 AM, 16 bytes, A Adds the file LOCK"="11/4/2021 11:21 AM, 0 bytes, A Adds the file LOG"="11/4/2021 11:21 AM, 371 bytes, A Adds the file MANIFEST-000001"="11/4/2021 11:21 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings] "kncjaipolcjphijglhbalgdpigdeldll"="REG_SZ", "A89589C024F1C7CAC3B15D3C54D86230006D5604BC18FE9E533C5BAC1769E25B" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/4/21 Scan Time: 11:31 AM Log File: 53ebb40e-3d5a-11ec-9ba9-080027235d76.json -Software Information- Version: 4.4.9.142 Components Version: 1.0.1486 Update Package Version: 1.0.46768 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259693 Threats Detected: 9 Threats Quarantined: 9 Time Elapsed: 2 min, 15 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|kncjaipolcjphijglhbalgdpigdeldll, Quarantined, 298, 994286, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll, Quarantined, 298, 994286, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\EXTENSIONS\kncjaipolcjphijglhbalgdpigdeldll, Quarantined, 298, 994286, 1.0.46768, , ame, , , File: 6 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 298, 994286, , , , , 184C32B404CEF12D2EB4B502A4DACEF2, F5861FF291C9F1E30C06C9A89910FCDF1ED5995F3BCCAF561EE77C44389B9CC2 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\000003.log, Quarantined, 298, 994286, , , , , 92BFC1ADD9549F52AF3C696DCC36A681, D0662BBB6AB0A62566195D19F7688E9CB51838899ECDF08ADC3D62F4FDE1EBEA PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\CURRENT, Quarantined, 298, 994286, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\LOCK, Quarantined, 298, 994286, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\LOG, Quarantined, 298, 994286, , , , , BD55481E29F5E906466345224A6E8F9A, 45F3940977E658510C3DF1D39D5C52F5172957B5A586FB6FE11337C960C0282C PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\MANIFEST-000001, Quarantined, 298, 994286, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is Domain Quality? The Malwarebytes research team has determined that Domain Quality is a browser hijacker and forced Edge extension. This extension was available for Chrome and Firefox according tho their website, but those have been removed from the webstores. How do I know if my computer is affected by Domain Quality? You may see these warnings during install: You may see this entry in your list of installed Edge extensions: How did Domain Quality get on my computer? Forced extensions use a typical method for distributing themselves. This particular one was also available in the webstore. and is being promoted on their website: How do I remove Domain Quality? Our program Malwarebytes can detect and remove this unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Domain Quality? No, Malwarebytes removes Domain Quality completely. Technical details for experts Possible signs in FRST logs: Edge Extension: (Domain Quality) - C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll [2021-11-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll\1.0_0 Adds the file fundPas.js"="9/3/2021 12:34 PM, 8682 bytes, A Adds the file manifest.json"="11/3/2021 10:54 AM, 1013 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll\1.0_0\_metadata Adds the file computed_hashes.json"="11/3/2021 10:54 AM, 227 bytes, A Adds the file verified_contents.json"="9/3/2021 3:29 PM, 2109 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll\1.0_0\conesF Adds the file image128.png"="11/3/2021 10:54 AM, 6078 bytes, A Adds the file image16.png"="11/3/2021 10:54 AM, 727 bytes, A Adds the file image32.png"="11/3/2021 10:54 AM, 1611 bytes, A Adds the file image64.png"="11/3/2021 10:54 AM, 2842 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings] "mibdbcmijlhpfbghdpgecafbaimbihll"="REG_SZ", "C7DFADA31CA78AA91900A543871A060BDA90795836EECC8A86933D15E3C86A03" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/3/21 Scan Time: 11:14 AM Log File: e297b5f8-3c8e-11ec-beef-080027235d76.json -Software Information- Version: 4.4.9.142 Components Version: 1.0.1486 Update Package Version: 1.0.46718 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259683 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 2 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|mibdbcmijlhpfbghdpgecafbaimbihll, Quarantined, 298, 980942, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll, Quarantined, 298, 980942, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\MIBDBCMIJLHPFBGHDPGECAFBAIMBIHLL, Quarantined, 298, 980942, 1.0.46718, , ame, , , File: 7 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 298, 980942, , , , , 89A9F853B5164E3CC514B36F1AD2CC4C, 17056E84BC27F3F42D8A8F432D59A452D2C66C1E80A349CA021C22589784C139 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\000003.log, Quarantined, 298, 980942, , , , , 04745E4090E6D2D6FCC2DD53D80F8CFD, 8D7DB095B372D95503CABD522A82B49EEE66678C2F13D5EE16CC678836B2D103 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\CURRENT, Quarantined, 298, 980942, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\LOCK, Quarantined, 298, 980942, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\LOG, Quarantined, 298, 980942, , , , , 33033261C3A3EBB2DD072A322D6033EE, B749B33F8434E616F021485E5665F2FE4E518883CD9A02134BD4F35699DBC7E1 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\MANIFEST-000001, Quarantined, 298, 980942, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\MIBDBCMIJLHPFBGHDPGECAFBAIMBIHLL\1.0_0\FUNDPAS.JS, Quarantined, 298, 980942, 1.0.46718, , ame, , 1A123AD0900F3197034142AE00887421, C1759C6FC33983A3C021FE36636A812EF9D9A394DE94736833DB624C9BE6686D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is color ssc? The Malwarebytes research team has determined that color ssc is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one redirects searches to their own search engine. How do I know if my computer is affected by color ssc? You may see this entry in your list of installed Chrome extensions: and this additional menu: You may have noticed these warnings during install: How did color ssc get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove color ssc? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of color ssc? No, Malwarebytes removes color ssc completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the color ssc hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (color ssc) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plolkgdlfpkjjacjghoeeondfalilcld [2021-10-21] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plolkgdlfpkjjacjghoeeondfalilcld\0.2_0 Adds the file Background.js"="10/12/2021 12:58 AM, 195914 bytes, A Adds the file Content.js"="10/11/2021 6:41 AM, 691 bytes, A Adds the file icon.png"="10/21/2021 10:38 AM, 6854 bytes, A Adds the file manifest.json"="10/21/2021 10:38 AM, 1034 bytes, A Adds the file popup.html"="9/26/2021 8:32 PM, 1081 bytes, A Adds the file popup.js"="10/10/2021 8:23 AM, 1479 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plolkgdlfpkjjacjghoeeondfalilcld\0.2_0\_metadata Adds the file computed_hashes.json"="10/21/2021 10:38 AM, 2655 bytes, A Adds the file verified_contents.json"="10/12/2021 12:58 AM, 1836 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "plolkgdlfpkjjacjghoeeondfalilcld"="REG_SZ", "77AA82B69C7B7A6B956B82F56EECCFAEB8505EE0D6A186D35BE5BCDAEBBAF74E" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/21/21 Scan Time: 4:37 PM Log File: 761e7e64-327c-11ec-b948-080027235d76.json -Software Information- Version: 4.4.8.137 Components Version: 1.0.1474 Update Package Version: 1.0.46214 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 259560 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 2 min, 20 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|plolkgdlfpkjjacjghoeeondfalilcld, Quarantined, 298, 990128, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld, Quarantined, 298, 990128, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\plolkgdlfpkjjacjghoeeondfalilcld, Quarantined, 298, 990128, 1.0.46214, , ame, , , File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 298, 990128, , , , , FA8EBC8A9FF4991D01D6D119DBC3779D, A5EDA45371860843CCA03356FBE36144023776C4341E6496BAFAE6EE7F93AD20 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 298, 990128, , , , , AF673518CA0111B36EA98E766FE18572, B430DB08ADB7E132160C7C26D5E0CDD575089333F5A7F6F2BFC0A4B42936AB1A PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\000003.log, Quarantined, 298, 990128, , , , , E76C1270CAE9687913807D4400F1C56E, D4A5B8C0A2F83904837E5F72AD92CB26B7BA993E8A8977004510122BA5AD980D PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\CURRENT, Quarantined, 298, 990128, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\LOCK, Quarantined, 298, 990128, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\LOG, Quarantined, 298, 990128, , , , , 5576B19660268375F6D212255975AFC9, 157F558DD461BC1AB41D14EA8971EAFF0AB0DF683F04F1CF3327A7F6A16BB04A PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\LOG.old, Quarantined, 298, 990128, , , , , 3EE75E39DF31AFAA50CCF06DFBFC7175, E7989EC3E0C8B7A610A64D5FD6B20DB7F2AC8F20ABDFE1459F5465B650A06E1F PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plolkgdlfpkjjacjghoeeondfalilcld\MANIFEST-000001, Quarantined, 298, 990128, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. What is Clip Finder? The Malwarebytes research team has determined that Clip Finder is a potentially unwanted program (PUP) that behaves like adware. This PUP was pushed by malvertising websites as fake updates. How do I know if my computer is affected by Clip Finder? You may see one of these entries in your list of installed browser extensions: You may have noticed one of these warnings during install: and this new rightclick menu for selected text: How did Clip Finder get on my computer? PUPs use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Clip Finder? Our program Malwarebytes can detect and remove this PUP. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found items. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Clip Finder? No, Malwarebytes removes Clip Finder completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you remove this PUP. As you can see below the full version of Malwarebytes would have protected you against the Clip Finder PUP. It would have blocked the installer before it became too late. Technical details for experts Possible signs in FRST logs: Edge Extension: (Clip Finder) - C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\adofelgdgkoeiclilehfciedimiepdnl [2021-07-01] FF Extension: (Clip Finder) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\Extensions\clipsearch@ext.xpi [2021-07-01] [UpdateUrl:hxxps://clip-finder.com/FirefoxApiFolder/extension.json] CHR Extension: (Clip Finder) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmjhifihjacdmhmdapcjgjkhhpcjdd [2021-07-01] Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmjhifihjacdmhmdapcjgjkhhpcjdd\1.0_0 Adds the file jquery.js"="5/11/2021 6:09 AM, 86671 bytes, A Adds the file manifest.json"="7/1/2021 9:03 AM, 1097 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmjhifihjacdmhmdapcjgjkhhpcjdd\1.0_0\_metadata Adds the file computed_hashes.json"="7/1/2021 9:03 AM, 1328 bytes, A Adds the file verified_contents.json"="5/13/2021 5:48 PM, 1991 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmjhifihjacdmhmdapcjgjkhhpcjdd\1.0_0\pics Adds the file image128.png"="7/1/2021 9:03 AM, 3894 bytes, A Adds the file image16.png"="7/1/2021 9:03 AM, 409 bytes, A Adds the file image32.png"="7/1/2021 9:03 AM, 927 bytes, A Adds the file image64.png"="7/1/2021 9:03 AM, 1959 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmjhifihjacdmhmdapcjgjkhhpcjdd\1.0_0\ScriptdBacks Adds the file bckgd.js"="5/11/2021 7:02 AM, 8953 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmjhifihjacdmhmdapcjgjkhhpcjdd Adds the file 000003.log"="7/1/2021 9:03 AM, 290 bytes, A Adds the file CURRENT"="7/1/2021 9:03 AM, 16 bytes, A Adds the file LOCK"="7/1/2021 9:03 AM, 0 bytes, A Adds the file LOG"="7/1/2021 9:03 AM, 371 bytes, A Adds the file MANIFEST-000001"="7/1/2021 9:03 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\adofelgdgkoeiclilehfciedimiepdnl\1.0_0 Adds the file jquery.js"="5/11/2021 11:38 PM, 105696 bytes, A Adds the file manifest.json"="7/1/2021 8:59 AM, 1034 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\adofelgdgkoeiclilehfciedimiepdnl\1.0_0\_metadata Adds the file computed_hashes.json"="7/1/2021 8:59 AM, 1469 bytes, A Adds the file verified_contents.json"="5/14/2021 4:37 PM, 2219 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\adofelgdgkoeiclilehfciedimiepdnl\1.0_0\pics Adds the file image128.png"="7/1/2021 8:59 AM, 3894 bytes, A Adds the file image16.png"="7/1/2021 8:59 AM, 409 bytes, A Adds the file image32.png"="7/1/2021 8:59 AM, 927 bytes, A Adds the file image64.png"="7/1/2021 8:59 AM, 1959 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\adofelgdgkoeiclilehfciedimiepdnl\1.0_0\ScriptdBacks Adds the file bckgd.js"="5/11/2021 11:45 PM, 5640 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\adofelgdgkoeiclilehfciedimiepdnl Adds the file 000003.log"="7/1/2021 8:59 AM, 233 bytes, A Adds the file CURRENT"="7/1/2021 8:59 AM, 16 bytes, A Adds the file LOCK"="7/1/2021 8:59 AM, 0 bytes, A Adds the file LOG"="7/1/2021 8:59 AM, 373 bytes, A Adds the file MANIFEST-000001"="7/1/2021 8:59 AM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\profile.default\extensions Adds the file clipsearch@ext.xpi"="7/1/2021 9:01 AM, 48758 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "njnmjhifihjacdmhmdapcjgjkhhpcjdd"="REG_SZ", "099F4AFCA09077B9A5BA4037590DE4104BAC3DD1649738929DA16860C96F67E3" [HKEY_CURRENT_USER\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings] "adofelgdgkoeiclilehfciedimiepdnl"="REG_SZ", "37DE9BEBAE2A577469DD50CF1606088BE577508598FAA323A24F771CCC28CEC7" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/1/21 Scan Time: 9:13 AM Log File: e2211e1c-da3b-11eb-887e-080027235d76.json -Software Information- Version: 4.4.0.117 Components Version: 1.0.1344 Update Package Version: 1.0.42510 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 257616 Threats Detected: 23 Threats Quarantined: 23 Time Elapsed: 1 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 2 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|njnmjhifihjacdmhmdapcjgjkhhpcjdd, Quarantined, 298, 954145, , , , , , PUP.Optional.ForcedExtension, HKCU\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|adofelgdgkoeiclilehfciedimiepdnl, Quarantined, 298, 954145, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\njnmjhifihjacdmhmdapcjgjkhhpcjdd, Quarantined, 298, 954145, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\njnmjhifihjacdmhmdapcjgjkhhpcjdd, Quarantined, 298, 954145, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Extensions\adofelgdgkoeiclilehfciedimiepdnl, Quarantined, 298, 954145, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\adofelgdgkoeiclilehfciedimiepdnl, Quarantined, 298, 954145, , , , , , File: 17 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PROFILE.DEFAULT\EXTENSIONS\CLIPSEARCH@EXT.XPI, Quarantined, 298, 954877, 1.0.42510, , ame, , B7F47856162C6B807F9DD7DE66F16AFD, 37EE6F82878A1175377B7C7C552AD69DE981542C88D2EDF139B5C44156DD8D2A PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 298, 954145, , , , , 505796177AD854B6C7CC3FF1FC793E5C, DDE556CA1F1C73455A9E5880FE5A9BBB3FEA422230DAAA71020ECFBE036EC07F PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 298, 954145, , , , , ECDDECB5DEDD2CF14734FF57445C6C6F, 91B74BACA8500696A517F54C8A6E59711952890A0D27ABCCEB2BB7C04FA3F057 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmjhifihjacdmhmdapcjgjkhhpcjdd\000003.log, Quarantined, 298, 954145, , , , , F2A4805B2836556DED20FFCA829E1236, 950BF09D3749CCF981D5B48FC4CAB607F0AFEDB076DBDDB8BA919983242DA760 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmjhifihjacdmhmdapcjgjkhhpcjdd\CURRENT, Quarantined, 298, 954145, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmjhifihjacdmhmdapcjgjkhhpcjdd\LOCK, Quarantined, 298, 954145, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmjhifihjacdmhmdapcjgjkhhpcjdd\LOG, Quarantined, 298, 954145, , , , , DCB03B6025004E527BDFFD33128A48E0, D6BB2C345339E9575C8688F84528D18A6C7C704A1DA44060667ED237408694A8 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmjhifihjacdmhmdapcjgjkhhpcjdd\MANIFEST-000001, Quarantined, 298, 954145, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NJNMJHIFIHJACDMHMDAPCJGJKHHPCJDD\1.0_0\SCRIPTDBACKS\BCKGD.JS, Quarantined, 298, 954145, 1.0.42510, , ame, , 6B67A60BEFB6BCED2379AA4815445D49, 9E174CCB38B65C2F5375FFA1224F16A950F4E80747D29CB9131EC6EF5EB74D2E PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 298, 954145, , , , , BF57D114540C40FDD20D8609443CA8AB, 6BF036BF20E6B8E877C81382DF70786FA96219CB936319AC12B489E6CB345AF3 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Preferences, Replaced, 298, 954145, , , , , FFA9E3DA6D9C4911542591B34DF3CE04, 0054545B391C152EDD282BDFBE0E87B428E087C9822CEA901C0F397BA9A35B32 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\adofelgdgkoeiclilehfciedimiepdnl\000003.log, Quarantined, 298, 954145, , , , , 48918D476B8322903C177281E371183B, 879530FACAC981EB99B79CD8F0AE71F8F3BD4BE0C15BC614ECE879F83CCB41E4 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\adofelgdgkoeiclilehfciedimiepdnl\CURRENT, Quarantined, 298, 954145, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\adofelgdgkoeiclilehfciedimiepdnl\LOCK, Quarantined, 298, 954145, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\adofelgdgkoeiclilehfciedimiepdnl\LOG, Quarantined, 298, 954145, , , , , 431C528D29E604EED258C878845F6204, A4379BA3313A9C6A751959173A3400631598D69FF109BE542A56015E5C1F8419 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\adofelgdgkoeiclilehfciedimiepdnl\MANIFEST-000001, Quarantined, 298, 954145, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\ADOFELGDGKOEICLILEHFCIEDIMIEPDNL\1.0_0\SCRIPTDBACKS\BCKGD.JS, Quarantined, 298, 954145, 1.0.42510, , ame, , 5F1E1C6F66A3AE4BFA00F7AED17BB078, 9DDAAA3A78B4976E676151E43F30E95D60BB4A9A57BE82B57C3DE2E4ED17D739 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected. Like This Pieter Arntz
  7. What is Clean Master? The Malwarebytes research team has determined that Clean Master pushes notifications and qualifies as a forced Edge extension. How do I know if my computer is affected by Clean Master? You may see these warnings during install: You may see this entry in your list of installed Edge extensions: and this icon in the browser menu bar: This is the main screen of the application: How did Clean Master get on my computer? Forced extensions use misleading methods for distributing themselves. This particular one was pushed by a fake system popup: that redirected the user to the webstore: How do I remove Clean Master? Our program Malwarebytes can detect and remove this unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Clean Master? No, Malwarebytes removes Clean Master completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this forced extension. We protect our customers from these extensions by blocking the sites that spread them: Technical details for experts Possible signs in FRST logs: Edge Extension: (Clean Master) - C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe [2021-06-16] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0 Adds the file bg.js"="5/20/2021 4:21 PM, 8384 bytes, A Adds the file manifest.json"="6/16/2021 8:40 AM, 1039 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\_metadata Adds the file computed_hashes.json"="6/16/2021 8:40 AM, 4636 bytes, A Adds the file verified_contents.json"="5/20/2021 3:19 PM, 2572 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\fonts Adds the file Roboto-Bold.ttf"="1/8/2013 11:00 PM, 170348 bytes, A Adds the file Roboto-Regular.ttf"="1/8/2013 11:00 PM, 171272 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images Adds the file icon-128.png"="6/16/2021 8:40 AM, 3635 bytes, A Adds the file icon-16.png"="6/16/2021 8:40 AM, 418 bytes, A Adds the file icon-64.png"="6/16/2021 8:40 AM, 1911 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\main Adds the file popup.html"="1/23/2021 3:55 PM, 624 bytes, A Adds the file style.css"="1/23/2021 2:36 PM, 3655 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\scripts Adds the file index.js"="1/23/2021 3:04 PM, 388 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings] "fglppimedodihgiikeephjaepcflbeoe"="REG_SZ", "FF5337FD477876B5623DDBA67330355D2C1F7CEB4078DDF351BF6CF99E427DEB" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/16/21 Scan Time: 8:52 AM Log File: 7677f636-ce6f-11eb-b224-080027235d76.json -Software Information- Version: 4.4.0.117 Components Version: 1.0.1318 Update Package Version: 1.0.41779 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234722 Threats Detected: 19 Threats Quarantined: 19 Time Elapsed: 2 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\_metadata, Quarantined, 298, 949801, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\scripts, Quarantined, 298, 949801, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images, Quarantined, 298, 949801, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\fonts, Quarantined, 298, 949801, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\main, Quarantined, 298, 949801, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0, Quarantined, 298, 949801, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\FGLPPIMEDODIHGIIKEEPHJAEPCFLBEOE, Quarantined, 298, 949801, 1.0.41779, , ame, , , File: 12 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\FGLPPIMEDODIHGIIKEEPHJAEPCFLBEOE\1.4_0\BG.JS, Quarantined, 298, 949801, 1.0.41779, , ame, , C7455590E105B4A46DB70CE3F3E35410, 30395A9B395B46159308F273406AB95B27477614E2913E47F0533E9F860D8A9E PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\fonts\Roboto-Bold.ttf, Quarantined, 298, 949801, , , , , E07DF86CEF2E721115583D61D1FB68A6, C9CC991DEB5D27F267830A19F2301EB164D9E61EC08669C1A1A291C5620FF40A PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\fonts\Roboto-Regular.ttf, Quarantined, 298, 949801, , , , , 11EABCA2251325CFC5589C9C6FB57B46, 017C0BE9AAA6D0359737E1FA762AD304C0E0107927FAFF5A6C1F415C7F5244ED PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images\icon-128.png, Quarantined, 298, 949801, , , , , 893D03DBFF3BCBD2DB8A00524F69FB0E, 6C5602F649BBBA62D9B95D732E7437A9E551315C1F4D91985E317C17914689AF PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images\icon-16.png, Quarantined, 298, 949801, , , , , 90A76668D2A91BDA6B69055BB940B656, 9FA40205E7096A2CC42CD463A4583EE43AE0C4AACD678641A353A2D64FE74235 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images\icon-64.png, Quarantined, 298, 949801, , , , , 952C643F7CD0C3A6DD2BF853DF6048FA, 84390A1F60338C0DDF7A06B0395FD3B51FE7BEE068A585EC63FE3EDDEFA2606B PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\main\popup.html, Quarantined, 298, 949801, , , , , 7F0A5966279F1800B26EA669BD5A60A8, 987E60FD8F1812271851D9AE8AD061D639D08A416639557824B92332E2B33722 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\main\style.css, Quarantined, 298, 949801, , , , , 43955E10538679C14D7DE6C2CDF94D0B, C648703A7702FB796339FF09B713BBEAD2D534C46BC89A4CB3C67CCBAFAF8137 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\scripts\index.js, Quarantined, 298, 949801, , , , , B24A46C6442F5A5579853ADAE3137D85, 864C132434910BBE06591D62838BE1706278B2264BBFAE5865EE161907EF9049 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\_metadata\computed_hashes.json, Quarantined, 298, 949801, , , , , 93D7BCC0000C13B2BE8E094337894321, 061A57272B2D8B8D26AAB486503EB1868A1AD87E962E3404189FF709D7BDA177 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\_metadata\verified_contents.json, Quarantined, 298, 949801, , , , , 35723EA8F03B4D18AA4509FB057232C8, 8ED7671A38C28565F9238DFD5EFB4E5D0D7B868AEF4B9A80A17FEABD4E95117A PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\manifest.json, Quarantined, 298, 949801, , , , , 4C87FA10FDDF90E0849F0DFB32F49080, EC5444E091D92E0308B7275C8657BB77016DF9094587640880C81D0C8E3517BC Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  8. What is Tag Search? The Malwarebytes research team has determined that Tag Search is adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Tag Search? You may see this entry in your list of installed Chrome extensions: these warnings during install: and this new context menu when you select text on a website: How did Tag Search get on my computer? Adware applications use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Tag Search? Our program Malwarebytes can detect and remove this adware program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Tag Search? No, Malwarebytes removes Tag Search completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below, Malwarebytes Browser Guard, as well as the full version of Malwarebytes would have protected you against the Tag Search adware. It would have blocked the installer before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Tag Search) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdeljicacjfkikakemhlhmnnepbinpgf [2021-03-31] Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdeljicacjfkikakemhlhmnnepbinpgf\2.0_0 Adds the file manifest.json"="3/31/2021 8:55 AM, 1115 bytes, A Adds the file methods.js"="12/29/2020 2:40 PM, 3980 bytes, A Adds the file tag.js"="12/29/2020 1:53 PM, 5252 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdeljicacjfkikakemhlhmnnepbinpgf\2.0_0\_metadata Adds the file computed_hashes.json"="3/31/2021 8:55 AM, 1377 bytes, A Adds the file verified_contents.json"="12/29/2020 2:40 PM, 2151 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdeljicacjfkikakemhlhmnnepbinpgf\2.0_0\image Adds the file 128magnifying-glass.png"="3/31/2021 8:55 AM, 8302 bytes, A Adds the file 16magnifying-glass.png"="3/31/2021 8:55 AM, 811 bytes, A Adds the file 32magnifying-glass.png"="3/31/2021 8:55 AM, 1783 bytes, A Adds the file 64magnifying-glass.png"="3/31/2021 8:55 AM, 3846 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdeljicacjfkikakemhlhmnnepbinpgf\2.0_0\js_lib Adds the file jquery.js"="11/26/2020 6:48 PM, 86670 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdeljicacjfkikakemhlhmnnepbinpgf Adds the file 000003.log"="3/31/2021 8:55 AM, 224 bytes, A Adds the file CURRENT"="3/31/2021 8:55 AM, 16 bytes, A Adds the file LOCK"="3/31/2021 8:55 AM, 0 bytes, A Adds the file LOG"="3/31/2021 8:55 AM, 185 bytes, A Adds the file MANIFEST-000001"="3/31/2021 8:55 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "gdeljicacjfkikakemhlhmnnepbinpgf"="REG_SZ", "77BBD7C4E03E9B3360EDDE091ADDE5672DD007FAEF693ED2DAB73D6596F3E5E0" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/31/21 Scan Time: 1:56 PM Log File: 21bacf12-9218-11eb-9207-080027235d76.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1236 Update Package Version: 1.0.38934 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233730 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 2 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|gdeljicacjfkikakemhlhmnnepbinpgf, Quarantined, 298, 926811, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\gdeljicacjfkikakemhlhmnnepbinpgf, Quarantined, 298, 926811, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\Google\Chrome\USER DATA\Default\EXTENSIONS\gdeljicacjfkikakemhlhmnnepbinpgf, Quarantined, 298, 926811, 1.0.38934, , ame, , , File: 7 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 298, 926811, , , , , F3153FE17CB442FF8037EBD2CE56E025, FA2554B1E9807019B15795668A7400C1B98760323549E23784FE9F557FDC125F PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 298, 926811, , , , , B65DCAF86E01EDC9EA6B5E53056973BE, ACBE02E782A9C7E6C8023A973292D903A842CA7962CA6DB900B3F024D920F5A6 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdeljicacjfkikakemhlhmnnepbinpgf\000003.log, Quarantined, 298, 926811, , , , , BDD4E6E04A4397AF7BC83417945C8D9F, 58D42CDCE1DFA83D87E7F20945ACF4379CC9F046160E764C794C51894B83BD1F PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdeljicacjfkikakemhlhmnnepbinpgf\CURRENT, Quarantined, 298, 926811, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdeljicacjfkikakemhlhmnnepbinpgf\LOCK, Quarantined, 298, 926811, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdeljicacjfkikakemhlhmnnepbinpgf\LOG, Quarantined, 298, 926811, , , , , 7F612FDA0225E1D800BC5A5D4167EF19, 99DEF1E21088FB0CDA60930C8BD468BA1F5A3E8B0D54CE3B1EABEA1684207607 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdeljicacjfkikakemhlhmnnepbinpgf\MANIFEST-000001, Quarantined, 298, 926811, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  9. What is Screenshot Tool and Editor? The Malwarebytes research team has determined that Screenshot Tool and Editor is a forced Chrome extension. This particular extension was pushed through persistent pop-ups and opens connections to blocked domains. How do I know if my computer is affected by Screenshot Tool and Editor? You may see these warnings during install: and this extension in the list of installed extensions: After the install you may see this menu accessible from the browser menu-bar: How did Screenshot Tool and Editor get on my computer? Forced extensions use a typical method for distributing themselves. This particular one was also available in the webstore. How do I remove Screenshot Tool and Editor? Our program Malwarebytes can detect and remove this unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Screenshot Tool and Editor? No, Malwarebytes removes Screenshot Tool and Editor completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this forced extension. We protect our customers from these extensions by blocking the sites that spread them and by alerting users about the connections to unwanted sites: Technical details for experts Possible signs in FRST logs: CHR Extension: (Screenshot Tool and Editor) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijejnggjjphlenbhmjhhgcdpehhacaal [2021-01-15] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijejnggjjphlenbhmjhhgcdpehhacaal\3.1_0 Adds the file index.html"="12/22/2020 4:37 AM, 354 bytes, A Adds the file manifest.json"="1/15/2021 9:18 AM, 1359 bytes, A Adds the file modal.html"="12/22/2020 4:37 AM, 611 bytes, A Adds the file settings.html"="12/22/2020 4:37 AM, 409 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijejnggjjphlenbhmjhhgcdpehhacaal\3.1_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijejnggjjphlenbhmjhhgcdpehhacaal\3.1_0\_metadata Adds the file computed_hashes.json"="1/15/2021 9:18 AM, 49382 bytes, A Adds the file verified_contents.json"="12/22/2020 4:37 AM, 14672 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijejnggjjphlenbhmjhhgcdpehhacaal\3.1_0\assets Adds the file 128.png"="1/15/2021 9:18 AM, 12226 bytes, A Adds the file 32.png"="1/15/2021 9:18 AM, 2327 bytes, A Adds the file 64.png"="1/15/2021 9:18 AM, 5654 bytes, A Adds the file f.js"="12/22/2020 4:37 AM, 296959 bytes, A Adds the file hot-reload.js"="12/22/2020 4:37 AM, 1291 bytes, A Adds the file jspdf.js"="12/22/2020 4:37 AM, 307591 bytes, A Adds the file konva.js"="12/22/2020 4:37 AM, 154759 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijejnggjjphlenbhmjhhgcdpehhacaal\3.1_0\assets\css Adds the file didactgothic.css"="12/22/2020 4:37 AM, 180 bytes, A Adds the file hidescrollbar.css"="12/22/2020 4:37 AM, 83 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijejnggjjphlenbhmjhhgcdpehhacaal\3.1_0\assets\css\fonts Adds the file DidactGothic-Regular.woff"="12/22/2020 4:37 AM, 94416 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijejnggjjphlenbhmjhhgcdpehhacaal\3.1_0\assets\images Adds the file 128_disabled.png"="12/22/2020 4:37 AM, 25143 bytes, A Adds the file 32_disabled.png"="12/22/2020 4:37 AM, 19168 bytes, A Adds the file 64_disabled.png"="12/22/2020 4:37 AM, 21454 bytes, A Adds the file add-page.svg"="12/22/2020 4:37 AM, 1619 bytes, A Adds the file arrow.png"="12/22/2020 4:37 AM, 17115 bytes, A Adds the file back.svg"="12/22/2020 4:37 AM, 1494 bytes, A Adds the file browser-window.svg"="12/22/2020 4:37 AM, 1760 bytes, A Adds the file circle.png"="12/22/2020 4:37 AM, 17443 bytes, A Adds the file circle.svg"="12/22/2020 4:37 AM, 864 bytes, A Adds the file cursor-image.svg"="12/22/2020 4:37 AM, 1278 bytes, A Adds the file cursor-imagen.svg"="12/22/2020 4:37 AM, 737 bytes, A Adds the file dotted-line.svg"="12/22/2020 4:37 AM, 752 bytes, A Adds the file download-entire-page.svg"="12/22/2020 4:37 AM, 2030 bytes, A Adds the file edit.png"="12/22/2020 4:37 AM, 17587 bytes, A Adds the file entire-page.svg"="12/22/2020 4:37 AM, 2043 bytes, A Adds the file line.svg"="12/22/2020 4:37 AM, 791 bytes, A Adds the file line-width.svg"="12/22/2020 4:37 AM, 1085 bytes, A Adds the file logo-vvvv.png"="12/22/2020 4:37 AM, 13972 bytes, A Adds the file message.svg"="12/22/2020 4:37 AM, 2284 bytes, A Adds the file new-arrow.svg"="12/22/2020 4:37 AM, 1326 bytes, A Adds the file new-double-arrow.svg"="12/22/2020 4:37 AM, 1138 bytes, A Adds the file new-zig-zag-arrow.svg"="12/22/2020 4:37 AM, 1394 bytes, A Adds the file next.svg"="12/22/2020 4:37 AM, 1577 bytes, A Adds the file not-working.png"="12/22/2020 4:37 AM, 8957 bytes, A Adds the file options.png"="12/22/2020 4:37 AM, 244206 bytes, A Adds the file remove.svg"="12/22/2020 4:37 AM, 457 bytes, A Adds the file selected-area.svg"="12/22/2020 4:37 AM, 2253 bytes, A Adds the file square.svg"="12/22/2020 4:37 AM, 890 bytes, A Adds the file text.png"="12/22/2020 4:37 AM, 16490 bytes, A Adds the file text-edit.png"="12/22/2020 4:37 AM, 18147 bytes, A Adds the file text-edit.svg"="12/22/2020 4:37 AM, 1932 bytes, A Adds the file triangle.svg"="12/22/2020 4:37 AM, 375 bytes, A Adds the file update-arrows.svg"="12/22/2020 4:37 AM, 2874 bytes, A Adds the file visible-page.svg"="12/22/2020 4:37 AM, 2048 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijejnggjjphlenbhmjhhgcdpehhacaal\3.1_0\js Adds the file background.js"="12/22/2020 4:37 AM, 132590 bytes, A Adds the file content-script.js"="12/22/2020 4:37 AM, 104706 bytes, A Adds the file modal.js"="12/22/2020 4:37 AM, 1859040 bytes, A Adds the file popup.js"="12/22/2020 4:37 AM, 114018 bytes, A Adds the file settings.js"="12/22/2020 4:37 AM, 315139 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijejnggjjphlenbhmjhhgcdpehhacaal Adds the file 000003.log"="1/15/2021 9:18 AM, 929 bytes, A Adds the file CURRENT"="1/15/2021 9:18 AM, 16 bytes, A Adds the file LOCK"="1/15/2021 9:18 AM, 0 bytes, A Adds the file LOG"="1/15/2021 9:18 AM, 184 bytes, A Adds the file MANIFEST-000001"="1/15/2021 9:18 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ijejnggjjphlenbhmjhhgcdpehhacaal"="REG_SZ", "3FDD3E3B7E75D0B00F8F3216E0408337D9EECF9C74464A60DFC2383719542DFE" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/15/21 Scan Time: 9:33 AM Log File: 55b42454-570c-11eb-adb6-080027235d76.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1130 Update Package Version: 1.0.35775 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232858 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 3 min, 30 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ijejnggjjphlenbhmjhhgcdpehhacaal, Quarantined, 8634, 897256, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ijejnggjjphlenbhmjhhgcdpehhacaal, Quarantined, 8634, 897256, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\ijejnggjjphlenbhmjhhgcdpehhacaal, Quarantined, 8634, 897256, 1.0.35775, , ame, , , File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 8634, 897256, , , , , 0EB3A57DF61F08DB108AF1FB8DD20794, 213643B03991F947863069FF185D2DA9F917EB15D92DBB4A6DCB97B900C872E9 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 8634, 897256, , , , , 5E674D532607383CD6921D4978C70733, 83E98A6BADDF6EBFF6677817328F04AF3E2EE589601683D5D89884DD9EA01B49 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijejnggjjphlenbhmjhhgcdpehhacaal\000003.log, Quarantined, 8634, 897256, , , , , 1F36C498B0B629A28FFC44D2FBFA7639, B455ECD2D976423F07C1DE1F1F877911878B0944D790DB1460DCEC46566077FA PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijejnggjjphlenbhmjhhgcdpehhacaal\CURRENT, Quarantined, 8634, 897256, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijejnggjjphlenbhmjhhgcdpehhacaal\LOCK, Quarantined, 8634, 897256, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijejnggjjphlenbhmjhhgcdpehhacaal\LOG, Quarantined, 8634, 897256, , , , , 983D1B2AFD021613B393E9696C59FE43, 3B5CA9EEF93772305DE855FD914BAC438296BC1D1D32DF4DFAC9063B18146080 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijejnggjjphlenbhmjhhgcdpehhacaal\LOG.old, Quarantined, 8634, 897256, , , , , F5F8C9A1A9035D8EAB3F179679E5D3D9, 39F839F24EA7E4CE933E74214908782C89B7BBBD5EC9CFBE070A1E1773D3F562 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijejnggjjphlenbhmjhhgcdpehhacaal\MANIFEST-000001, Quarantined, 8634, 897256, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  10. What is InternetSpeedUtility?The Malwarebytes research team has determined that InternetSpeedUtility is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by InternetSpeedUtility?You may see this browser extension:these warnings during install:this new startpage:and this new setting:How did get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove InternetSpeedUtility?Our program Malwarebytes can detect and remove this potentially unwanted program.[Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of InternetSpeedUtility? No, Malwarebytes' Anti-Malware removes InternetSpeedUtility completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://bdmpgbmbdllbpdidgdcliliimmkeocin/ntp1.html" CHR Extension: (InternetSpeedUtility) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin [2020-12-01] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0 Adds the file manifest.json"="12/1/2020 9:33 AM, 2688 bytes, A Adds the file ntp1.html"="10/30/2020 6:12 PM, 1348 bytes, A Adds the file ntp2.html"="10/30/2020 6:12 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\de Adds the file messages.json"="12/1/2020 9:33 AM, 223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\en Adds the file messages.json"="12/1/2020 9:33 AM, 311 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\es Adds the file messages.json"="12/1/2020 9:33 AM, 232 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\es_419 Adds the file messages.json"="12/1/2020 9:33 AM, 236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\fr Adds the file messages.json"="12/1/2020 9:33 AM, 244 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\it Adds the file messages.json"="12/1/2020 9:33 AM, 230 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\ja Adds the file messages.json"="12/1/2020 9:33 AM, 371 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\pt_BR Adds the file messages.json"="12/1/2020 9:33 AM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\pt_PT Adds the file messages.json"="12/1/2020 9:33 AM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_metadata Adds the file computed_hashes.json"="12/1/2020 9:33 AM, 8698 bytes, A Adds the file verified_contents.json"="10/30/2020 6:12 PM, 9289 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\config Adds the file config.json"="10/30/2020 6:12 PM, 3151 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\icons Adds the file icon128.png"="12/1/2020 9:33 AM, 5055 bytes, A Adds the file icon16.png"="12/1/2020 9:33 AM, 406 bytes, A Adds the file icon19disabled.png"="10/30/2020 6:12 PM, 1499 bytes, A Adds the file icon19on.png"="12/1/2020 9:33 AM, 706 bytes, A Adds the file icon48.png"="12/1/2020 9:33 AM, 1891 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\js Adds the file ajax.js"="10/30/2020 6:12 PM, 3263 bytes, A Adds the file B2BService.js"="10/30/2020 6:12 PM, 11775 bytes, A Adds the file babAPI.js"="10/30/2020 6:12 PM, 5950 bytes, A Adds the file babClickHandler.js"="10/30/2020 6:12 PM, 3485 bytes, A Adds the file babContentScript.js"="10/30/2020 6:12 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="10/30/2020 6:12 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="10/30/2020 6:12 PM, 4311 bytes, A Adds the file babTypeFactory.js"="10/30/2020 6:12 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="10/30/2020 6:12 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="10/30/2020 6:12 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="10/30/2020 6:12 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="10/30/2020 6:12 PM, 4111 bytes, A Adds the file background.js"="10/30/2020 6:12 PM, 30047 bytes, A Adds the file browserUtils.js"="10/30/2020 6:12 PM, 1896 bytes, A Adds the file chrome.js"="10/30/2020 6:12 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="10/30/2020 6:12 PM, 23601 bytes, A Adds the file dailyContentService.js"="10/30/2020 6:12 PM, 11632 bytes, A Adds the file dateTimeUtils.js"="10/30/2020 6:12 PM, 1213 bytes, A Adds the file dlp.js"="10/30/2020 6:12 PM, 13393 bytes, A Adds the file dlpHelper.js"="10/30/2020 6:12 PM, 1717 bytes, A Adds the file extensionDetect.js"="10/30/2020 6:12 PM, 4357 bytes, A Adds the file extensionDetectWithHash.js"="10/30/2020 6:12 PM, 3986 bytes, A Adds the file globalConfigService.js"="10/30/2020 6:12 PM, 1319 bytes, A Adds the file index.js"="10/30/2020 6:12 PM, 49 bytes, A Adds the file localStorageContentScript.js"="10/30/2020 6:12 PM, 2237 bytes, A Adds the file logger.js"="10/30/2020 6:12 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="10/30/2020 6:12 PM, 1976 bytes, A Adds the file meta.js"="10/30/2020 6:12 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="10/30/2020 6:12 PM, 2902 bytes, A Adds the file notificationService.js"="10/30/2020 6:12 PM, 15360 bytes, A Adds the file offerService.js"="10/30/2020 6:12 PM, 17241 bytes, A Adds the file pageUtils.js"="10/30/2020 6:12 PM, 4197 bytes, A Adds the file PartnerId.js"="10/30/2020 6:12 PM, 16402 bytes, A Adds the file polyfill.js"="10/30/2020 6:12 PM, 875 bytes, A Adds the file product.js"="10/30/2020 6:12 PM, 8337 bytes, A Adds the file pTagService.js"="10/30/2020 6:12 PM, 7300 bytes, A Adds the file remoteConfigLoader.js"="10/30/2020 6:12 PM, 6653 bytes, A Adds the file scheduler.js"="10/30/2020 6:12 PM, 4419 bytes, A Adds the file splashPageRedirectHandler.js"="10/30/2020 6:12 PM, 3762 bytes, A Adds the file storageUtils.js"="10/30/2020 6:12 PM, 1718 bytes, A Adds the file surveyService.js"="10/30/2020 6:12 PM, 5401 bytes, A Adds the file templateParser.js"="10/30/2020 6:12 PM, 3153 bytes, A Adds the file ul.js"="10/30/2020 6:12 PM, 7044 bytes, A Adds the file urlFragmentActions.js"="10/30/2020 6:12 PM, 2453 bytes, A Adds the file urlUtils.js"="10/30/2020 6:12 PM, 6382 bytes, A Adds the file util.js"="10/30/2020 6:12 PM, 6714 bytes, A Adds the file watchExtensionsHandler.js"="10/30/2020 6:12 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="10/30/2020 6:12 PM, 12619 bytes, A Adds the file webTooltabAPIProxy.js"="10/30/2020 6:12 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin Adds the file 000003.log"="12/1/2020 9:33 AM, 0 bytes, A Adds the file CURRENT"="12/1/2020 9:33 AM, 16 bytes, A Adds the file LOCK"="12/1/2020 9:33 AM, 0 bytes, A Adds the file LOG"="12/1/2020 9:33 AM, 0 bytes, A Adds the file MANIFEST-000001"="12/1/2020 9:33 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "bdmpgbmbdllbpdidgdcliliimmkeocin"="REG_SZ", "73FDE5921469BF56B41A236CD22620D11A1C811840C5B2F7D41EC1DCA2766168" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/1/20 Scan Time: 9:42 AM Log File: 16193736-33b1-11eb-92b8-080027235d76.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.33690 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232121 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 3 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bdmpgbmbdllbpdidgdcliliimmkeocin, Quarantined, 298, 848753, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin, Quarantined, 298, 848753, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\bdmpgbmbdllbpdidgdcliliimmkeocin, Quarantined, 298, 848753, 1.0.33690, , ame, , , File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 298, 848753, , , , , 368606E0FD1369BD2421E087865EA150, 879F9FB25041D948DAAF9F8ABEAAC6EE719816239685C98D37F9FCA7BAD07F87 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 298, 848753, , , , , 6986B542ACE6C54F13DF9307442093AF, 5BC659E626EE2ADF0477BC344F6853D7EAD9283EA710354431D77C37F3DE3869 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\000003.log, Quarantined, 298, 848753, , , , , 630B4389437976B19C1228BDA31AEFD6, 062CCD2B3AF5A69C658A186B2867BA2D0002C4C12478EFAD0B18985AF477809B PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\CURRENT, Quarantined, 298, 848753, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\LOCK, Quarantined, 298, 848753, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\LOG, Quarantined, 298, 848753, , , , , 5CF3822DCF7EC7B1C9B799092DE2BBEC, 4C935B57C0B6E4527CA0412A2CBF0C3319D64AE2F88263A6C9BA909332A1DC6A PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\MANIFEST-000001, Quarantined, 298, 848753, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BDMPGBMBDLLBPDIDGDCLILIIMMKEOCIN\13.958.19.24177_0\MANIFEST.JSON, Quarantined, 1836, 867816, 1.0.33690, , ame, , 01C16F0FB59E2E94116D674FF0E81B63, B436518B30A2EDE814182A925D1B7633E599ADD8DE6C098F0734931B82C88968 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  11. What is Free Package Tracker Plus? The Malwarebytes research team has determined that Free Package Tracker Plus is a potentially unwanted program (PUP) that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing. How do I know if my computer is affected by Free Package Tracker Plus? You may see these warnings during install: and this entry in your list of installed browser extensions: This particular one displays an advertisement on every page you visit: or the minimized version: How did Free Package Tracker Plus get on my computer? Adware applications use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Free Package Tracker Plus? Our program Malwarebytes can detect and remove this adware program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Free Package Tracker Plus? No, Malwarebytes removes Free Package Tracker Plus completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. The full version of Malwarebytes would have protected you against the Free Package Tracker Plus adware. It would have blocked their site before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Free Package Tracker Plus) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc [2020-07-10] Significant changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0 Adds the file background.html"="7/3/2020 1:30 AM, 1958 bytes, A Adds the file block-list.txt"="7/3/2020 1:30 AM, 254 bytes, A Adds the file manifest.json"="7/10/2020 8:53 AM, 1742 bytes, A Adds the file widget.config.json"="7/2/2020 8:08 AM, 11390 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\_metadata Adds the file computed_hashes.json"="7/10/2020 8:53 AM, 6383 bytes, A Adds the file verified_contents.json"="7/3/2020 1:30 AM, 6803 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\control\background Adds the file ad-request-handler.js"="7/3/2020 1:30 AM, 3307 bytes, A Adds the file ad-response-handler.js"="7/3/2020 1:30 AM, 3119 bytes, A Adds the file background-event-manager.js"="7/3/2020 1:30 AM, 8816 bytes, A Adds the file background-initializer.js"="7/3/2020 1:30 AM, 2286 bytes, A Adds the file block-list-handler.js"="7/3/2020 1:30 AM, 548 bytes, A Adds the file branding-event-handler.js"="7/3/2020 1:30 AM, 798 bytes, A Adds the file display-ad-delivery-handler.js"="7/3/2020 1:30 AM, 4243 bytes, A Adds the file ext-install-handler.js"="7/3/2020 1:30 AM, 483 bytes, A Adds the file ext-update-handler.js"="7/3/2020 1:30 AM, 94 bytes, A Adds the file lightbox-ad-delivery-handler.js"="7/3/2020 1:30 AM, 2095 bytes, A Adds the file push-ad-delivery-handler.js"="7/3/2020 1:30 AM, 3642 bytes, A Adds the file survey-event-handler.js"="7/3/2020 1:30 AM, 3779 bytes, A Adds the file timer-heart-beat-handler.js"="7/3/2020 1:30 AM, 275 bytes, A Adds the file widget-handler.js"="7/3/2020 1:30 AM, 1975 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\control\content Adds the file content.js"="7/3/2020 1:30 AM, 93054 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\helper Adds the file constants.js"="7/3/2020 1:30 AM, 3545 bytes, A Adds the file utility.js"="7/3/2020 1:30 AM, 6125 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\helper\logger Adds the file logger.js"="7/3/2020 1:30 AM, 966 bytes, A Adds the file logger-chrome-message-channel.js"="7/3/2020 1:30 AM, 250 bytes, A Adds the file logger-console-channel.js"="7/3/2020 1:30 AM, 122 bytes, A Adds the file logger-network-channel.js"="7/3/2020 1:30 AM, 648 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\icons Adds the file 128.png"="7/10/2020 8:53 AM, 5784 bytes, A Adds the file 16.png"="7/10/2020 8:53 AM, 519 bytes, A Adds the file 19.png"="7/10/2020 8:53 AM, 661 bytes, A Adds the file 32.png"="7/10/2020 8:53 AM, 1026 bytes, A Adds the file 38.png"="7/10/2020 8:53 AM, 1367 bytes, A Adds the file 48.png"="7/10/2020 8:53 AM, 2121 bytes, A Adds the file 64.png"="7/10/2020 8:53 AM, 2295 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\lib Adds the file cntx.js"="7/3/2020 1:30 AM, 26109 bytes, A Adds the file fdbck.js"="7/3/2020 1:30 AM, 19932 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\model Adds the file ad-info.js"="7/3/2020 1:30 AM, 1650 bytes, A Adds the file ad-request.js"="7/3/2020 1:30 AM, 3253 bytes, A Adds the file ad-response.js"="7/3/2020 1:30 AM, 1051 bytes, A Adds the file context.js"="7/3/2020 1:30 AM, 2049 bytes, A Adds the file ext-config.js"="7/3/2020 1:30 AM, 8941 bytes, A Adds the file thank-you-page.js"="7/3/2020 1:30 AM, 941 bytes, A Adds the file user.js"="7/3/2020 1:30 AM, 5495 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\view Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc\2.2.1075.102_0\view\background Adds the file display-ad-renderer.js"="7/3/2020 1:30 AM, 4191 bytes, A Adds the file thank-you-page-renderer.js"="7/3/2020 1:30 AM, 715 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbconaaffabelmgeenpebcapbnnoigpc Adds the file 000003.log"="7/10/2020 8:57 AM, 1890 bytes, A Adds the file CURRENT"="7/10/2020 8:53 AM, 16 bytes, A Adds the file LOCK"="7/10/2020 8:53 AM, 0 bytes, A Adds the file LOG"="7/10/2020 8:58 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/10/2020 8:53 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lbconaaffabelmgeenpebcapbnnoigpc"="REG_SZ", "E2DD05A6A7BCF2DAD3831B3D99FBB14E826871AE0A4673FD8244D7D095CEB39E" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/10/20 Scan Time: 9:03 AM Log File: 712428f4-c27b-11ea-99a5-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.976 Update Package Version: 1.0.26647 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232046 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 4 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lbconaaffabelmgeenpebcapbnnoigpc, Quarantined, 335, 838945, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\lbconaaffabelmgeenpebcapbnnoigpc, Quarantined, 335, 838945, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\lbconaaffabelmgeenpebcapbnnoigpc, Quarantined, 335, 838945, 1.0.26647, , ame, File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 335, 838945, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 335, 838945, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbconaaffabelmgeenpebcapbnnoigpc\000003.log, Quarantined, 335, 838945, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbconaaffabelmgeenpebcapbnnoigpc\CURRENT, Quarantined, 335, 838945, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbconaaffabelmgeenpebcapbnnoigpc\LOCK, Quarantined, 335, 838945, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbconaaffabelmgeenpebcapbnnoigpc\LOG, Quarantined, 335, 838945, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbconaaffabelmgeenpebcapbnnoigpc\MANIFEST-000001, Quarantined, 335, 838945, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCONAAFFABELMGEENPEBCAPBNNOIGPC\2.2.1075.102_0\MANIFEST.JSON, Quarantined, 335, 838944, 1.0.26647, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  12. What is Secured Search?The Malwarebytes research team has determined that Secured Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one is also a browser NewTab.How do I know if my computer is affected by Secured Search?You may see this entry in your list of installed Chrome extensions:this icon in the Chrome menu-bar:these changed settings:and this new startpage:You may have noticed these warnings during install:How did Secured Search get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Secured Search?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Secured Search? No, Malwarebytes removes Secured Search completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.Malwarebytes Browser Guard, as well as the full version of Malwarebytes would have protected you against the Secured Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late.Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://ilnidodcffjfecahcfiihlhiohnaobic/index.html" CHR DefaultSearchURL: Default -> hxxp://securedserch.com/?q={searchTerms} CHR DefaultSearchKeyword: Default -> sse CHR DefaultSuggestURL: Default -> hxxp://securedsearch.xyz/?s={searchTerms} CHR Extension: (Secured Search) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic [2020-05-22] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0 Adds the file background.html"="10/29/2019 1:07 PM, 276 bytes, A Adds the file e_.json"="10/29/2019 1:07 PM, 113 bytes, A Adds the file index.html"="10/29/2019 1:07 PM, 738 bytes, A Adds the file manifest.json"="5/22/2020 9:28 AM, 2500 bytes, A Adds the file responseConfig.json"="10/29/2019 1:07 PM, 158356 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\_metadata Adds the file computed_hashes.json"="5/22/2020 9:28 AM, 29429 bytes, A Adds the file verified_contents.json"="10/29/2019 1:07 PM, 7349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\content\fonts Adds the file HelveticaNeueLT-Roman.woff"="10/29/2019 1:07 PM, 16320 bytes, A Adds the file HelveticaNeue-Thin.otf"="10/29/2019 1:07 PM, 24888 bytes, A Adds the file neue.woff"="10/29/2019 1:07 PM, 14492 bytes, A Adds the file neue-bold.woff"="10/29/2019 1:07 PM, 48112 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\content\fonts\websafe-awesome Adds the file websafe-awesome.css"="10/29/2019 1:07 PM, 1476 bytes, A Adds the file websafe-awesome.woff2"="10/29/2019 1:07 PM, 2820 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\content\images Adds the file radio-selected.svg"="10/29/2019 1:07 PM, 504 bytes, A Adds the file radio-unselected.svg"="10/29/2019 1:07 PM, 832 bytes, A Adds the file star.svg"="10/29/2019 1:07 PM, 666 bytes, A Adds the file star-unselected.svg"="10/29/2019 1:07 PM, 786 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\content\images\bsb Adds the file bad.png"="10/29/2019 1:07 PM, 354 bytes, A Adds the file bytefence-logo-transparent.svg"="10/29/2019 1:07 PM, 4765 bytes, A Adds the file close.png"="10/29/2019 1:07 PM, 348 bytes, A Adds the file logo.svg"="10/29/2019 1:07 PM, 24289 bytes, A Adds the file logo-small.svg"="10/29/2019 1:07 PM, 4117 bytes, A Adds the file ok.png"="10/29/2019 1:07 PM, 1065 bytes, A Adds the file search-icon.png"="10/29/2019 1:07 PM, 380 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\content\images\bsb\icons Adds the file icon-red.svg"="10/29/2019 1:07 PM, 3160 bytes, A Adds the file red-favicon.ico"="10/29/2019 1:07 PM, 15086 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\content\images\icons Adds the file 128.png"="5/22/2020 9:28 AM, 6001 bytes, A Adds the file 16.png"="5/22/2020 9:28 AM, 804 bytes, A Adds the file 19.png"="5/22/2020 9:28 AM, 806 bytes, A Adds the file 32.png"="5/22/2020 9:28 AM, 1983 bytes, A Adds the file 38.png"="5/22/2020 9:28 AM, 1800 bytes, A Adds the file 48.png"="5/22/2020 9:28 AM, 3103 bytes, A Adds the file favicon.ico"="10/29/2019 1:07 PM, 1150 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\content\scripts Adds the file search.css"="10/29/2019 1:07 PM, 3867 bytes, A Adds the file search.js"="10/29/2019 1:07 PM, 6539 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\css Adds the file style.css"="10/29/2019 1:07 PM, 4815 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\fonts Adds the file HelveticaNeueLT-Roman.woff"="10/29/2019 1:07 PM, 16320 bytes, A Adds the file HelveticaNeue-Thin.otf"="10/29/2019 1:07 PM, 24888 bytes, A Adds the file neue.woff"="10/29/2019 1:07 PM, 14492 bytes, A Adds the file neue-bold.woff"="10/29/2019 1:07 PM, 48112 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\fonts\websafe-awesome Adds the file websafe-awesome.css"="10/29/2019 1:07 PM, 1425 bytes, A Adds the file websafe-awesome.woff2"="10/29/2019 1:07 PM, 2820 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\js Adds the file background.v0.0.1.min.js"="10/29/2019 1:07 PM, 8188 bytes, A Adds the file common.v0.0.1.min.js"="10/29/2019 1:07 PM, 1457455 bytes, A Adds the file common.v0.0.1.min.js.LICENSE"="10/29/2019 1:07 PM, 4323 bytes, A Adds the file index.v0.0.1.min.js"="10/29/2019 1:07 PM, 212212 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\skin\icons Adds the file 16.png"="10/29/2019 1:07 PM, 805 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnidodcffjfecahcfiihlhiohnaobic\10.1.4.60_0\vendor Adds the file md5.min.js"="10/29/2019 1:07 PM, 9202 bytes, A Adds the file react-with-addons.min.js"="10/29/2019 1:07 PM, 38232 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ilnidodcffjfecahcfiihlhiohnaobic"="REG_SZ", "CCA0FD20CBB64EA263D9CFA85D7CAA7F98DA5E3F0449DEC715C214A25A93781A" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/22/20 Scan Time: 9:46 AM Log File: 4a17283e-9c00-11ea-962f-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.24238 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232770 Threats Detected: 8 Threats Quarantined: 8 Time Elapsed: 6 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ilnidodcffjfecahcfiihlhiohnaobic, Quarantined, 333, 823161, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\ilnidodcffjfecahcfiihlhiohnaobic, Quarantined, 333, 823161, 1.0.24238, , ame, File: 6 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 333, 823161, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 333, 823161, , , , PUP.Optional.SecuredSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ILNIDODCFFJFECAHCFIIHLHIOHNAOBIC\10.1.4.60_0\MANIFEST.JSON, Quarantined, 15280, 443103, 1.0.24238, , ame, PUP.Optional.SearchManager.BITSRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ILNIDODCFFJFECAHCFIIHLHIOHNAOBIC\10.1.4.60_0\RESPONSECONFIG.JSON, Quarantined, 283, 626727, 1.0.24238, , ame, PUP.Optional.SecuredSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 235, 551753, 1.0.24238, , ame, Adware.SearchEngineHijack, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 405, 462944, 1.0.24238, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  13. What is Tab Recovery - Save & Organize Your Tabs? The Malwarebytes research team has determined that Tab Recovery is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one is also a browser NewTab. How do I know if my computer is affected by Tab Recovery? You may see this entry in your list of installed Chrome extensions: this icon in the Chrome menu-bar: these changed settings: and this new startpage: and searchpage: You may have noticed these warnings during install: How did Tab Recovery get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: How do I remove Tab Recovery? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Tab Recovery? No, Malwarebytes removes Tab Recovery completely. We hope our application and this guide have helped you eradicate this hijacker. Technical details for experts Possible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://pbkpcnlmaopgbmjepnnlinggpbdlhfll/newtab.html" CHR DefaultSearchURL: Default -> hxxp://explormatrix.com/?q={searchTerms} CHR DefaultSearchKeyword: Default -> e CHR Extension: (ExplorMatrix) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkpcnlmaopgbmjepnnlinggpbdlhfll [2020-03-24] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkpcnlmaopgbmjepnnlinggpbdlhfll\0.0.20_0 Adds the file background.bundle.js"="3/9/2020 5:23 PM, 6625 bytes, A Adds the file icon-128.png"="3/24/2020 8:59 AM, 7719 bytes, A Adds the file icon-16.png"="3/24/2020 8:59 AM, 578 bytes, A Adds the file icon-32.png"="3/24/2020 8:59 AM, 1324 bytes, A Adds the file icon-48.png"="3/9/2020 5:23 PM, 2463 bytes, A Adds the file manifest.json"="3/24/2020 8:59 AM, 1746 bytes, A Adds the file newtab.bundle.js"="3/9/2020 5:23 PM, 1065230 bytes, A Adds the file newtab.html"="3/9/2020 5:23 PM, 1304 bytes, A Adds the file options.bundle.js"="3/9/2020 5:23 PM, 9608 bytes, A Adds the file options.html"="3/9/2020 5:23 PM, 170 bytes, A Adds the file popup.bundle.js"="3/9/2020 5:23 PM, 10461 bytes, A Adds the file popup.html"="3/9/2020 5:23 PM, 293 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkpcnlmaopgbmjepnnlinggpbdlhfll\0.0.20_0\_metadata Adds the file computed_hashes.json"="3/24/2020 8:59 AM, 13348 bytes, A Adds the file verified_contents.json"="3/9/2020 5:23 PM, 2529 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll Adds the file 000003.log"="3/24/2020 9:07 AM, 41120 bytes, A Adds the file CURRENT"="3/24/2020 8:59 AM, 16 bytes, A Adds the file LOCK"="3/24/2020 8:59 AM, 0 bytes, A Adds the file LOG"="3/24/2020 9:08 AM, 185 bytes, A Adds the file MANIFEST-000001"="3/24/2020 8:59 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pbkpcnlmaopgbmjepnnlinggpbdlhfll"="REG_SZ", "B0889A1DD7A8E4BB42403445301E71644389315666FCD0AD532942ED863921A6" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/24/20 Scan Time: 9:17 AM Log File: f5c18f44-6da7-11ea-b90e-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.835 Update Package Version: 1.0.21278 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234623 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 10 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pbkpcnlmaopgbmjepnnlinggpbdlhfll, Quarantined, 334, 803109, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PBKPCNLMAOPGBMJEPNNLINGGPBDLHFLL, Quarantined, 334, 803109, 1.0.21278, , ame, File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\000003.log, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\CURRENT, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\LOCK, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\LOG, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbkpcnlmaopgbmjepnnlinggpbdlhfll\MANIFEST-000001, Quarantined, 334, 803109, , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 334, 803108, 1.0.21278, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) The full version of Malwarebytes could have protected your computer against this type of threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  14. What is firequestions?The Malwarebytes research team has determined that firequestions is a potentially unwanted program that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing.How do I know if my computer is affected by firequestions?You may see these warnings during install:and this Firefox add-on in your list of installed add-ons:After install you may see this warning in the latest version of Firefox:or a bunch of new tabs and popups if they weren't blocked.You may also see extra advertisements added at the top of your search results, accompanied by the message "Ads by Lyrics":How did firequestions get on my computer?Adware applications use different methods for distributing themselves. This particular one was installed by their website:How do I remove firequestions?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of firequestions? No, Malwarebytes removes firequestions completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the firequestions adware. It would have blocked their domain.Users of the Malwarebytes browser extension (BETA) would have been protected even before we added this domain to our blocklist: Technical details for expertsPossible signs in FRST logs: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\firequestions@mozilla.com.xpi [2018-08-24] Changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file firequestions@mozilla.com.xpi"="8/24/2018 11:47 AM, 58282 bytes, A Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/24/18 Scan Time: 12:40 PM Log File: 20c10188-a78a-11e8-a6e9-00ffdcc6fdfc.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6489 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 251719 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 3 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\FIREQUESTIONS@MOZILLA.COM.XPI, Quarantined, [2250], [556864],1.0.6489 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\firequestions@mozilla.com.xpi [2018-08-24] As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.