Jump to content

Search the Community

Showing results for tags 'pup.optional.mindspark.generic'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 4 results

  1. What is Muzik Fury?The Malwarebytes research team has determined that Muzik Fury is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Muzik Fury is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Muzik Fury?You may see these browser extensions/add-ons:these warnings during install:You may see this type of new settings:and this newtab-page in the affected browsers:How did Muzik Fury get on my computer?Browser hijackers use different methods for distributing themselves. This particular Firefox add-on was downloaded from their website.and the Chrome extension was available in the webstore:How do I remove Muzik Fury?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Muzik Fury? No, Malwarebytes' Anti-Malware removes Muzik Fury completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Muzik Fury hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in a FRST log: FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _otMembers_@muzikfury.thewhizmarketing.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _otMembers_@muzikfury.thewhizmarketing.com FF Extension: (Muzik Fury) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_otMembers_@muzikfury.thewhizmarketing.com.xpi [2018-12-13] CHR NewTab: Default -> Active:"chrome-extension://njnmnphjljmejmfacphkagccdnajkghk/newtabproduct.html" CHR Extension: (Muzik Fury) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk [2018-12-13] Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0 Adds the file manifest.json"="12/13/2018 8:28 PM, 2389 bytes, A Adds the file newtabproduct.html"="10/17/2018 7:26 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en Adds the file messages.json"="12/13/2018 8:28 PM, 252 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata Adds the file computed_hashes.json"="12/13/2018 8:28 PM, 4560 bytes, A Adds the file verified_contents.json"="10/17/2018 7:26 PM, 5403 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config Adds the file config.json"="10/17/2018 7:26 PM, 1975 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons Adds the file icon128.png"="12/13/2018 8:28 PM, 2874 bytes, A Adds the file icon16.png"="10/17/2018 7:26 PM, 227 bytes, A Adds the file icon19disabled.png"="10/17/2018 7:26 PM, 265 bytes, A Adds the file icon19on.png"="12/13/2018 8:28 PM, 412 bytes, A Adds the file icon48.png"="12/13/2018 8:28 PM, 1353 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js Adds the file ajax.js"="10/17/2018 7:26 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="10/17/2018 7:26 PM, 11186 bytes, A Adds the file background.js"="10/17/2018 7:26 PM, 21476 bytes, A Adds the file browserUtils.js"="10/17/2018 7:26 PM, 912 bytes, A Adds the file chrome.js"="10/17/2018 7:26 PM, 146 bytes, A Adds the file content_script.js"="10/17/2018 7:26 PM, 2151 bytes, A Adds the file dlp.js"="10/17/2018 7:26 PM, 5659 bytes, A Adds the file dlpHelper.js"="10/17/2018 7:26 PM, 1799 bytes, A Adds the file extension_detect.js"="10/17/2018 7:26 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="10/17/2018 7:26 PM, 2855 bytes, A Adds the file index.js"="10/17/2018 7:26 PM, 49 bytes, A Adds the file initOfferCEF.js"="10/17/2018 7:26 PM, 8802 bytes, A Adds the file logger.js"="10/17/2018 7:26 PM, 541 bytes, A Adds the file offerService.js"="10/17/2018 7:26 PM, 10325 bytes, A Adds the file pageUtils.js"="10/17/2018 7:26 PM, 2805 bytes, A Adds the file PartnerId.js"="10/17/2018 7:26 PM, 16402 bytes, A Adds the file product.js"="10/17/2018 7:26 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="10/17/2018 7:26 PM, 2868 bytes, A Adds the file storage.js"="10/17/2018 7:26 PM, 1640 bytes, A Adds the file TabManager.js"="10/17/2018 7:26 PM, 151 bytes, A Adds the file TemplateParser.js"="10/17/2018 7:26 PM, 3038 bytes, A Adds the file ul.js"="10/17/2018 7:26 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="10/17/2018 7:26 PM, 1825 bytes, A Adds the file urlUtils.js"="10/17/2018 7:26 PM, 5349 bytes, A Adds the file util.js"="10/17/2018 7:26 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="10/17/2018 7:26 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="10/17/2018 7:26 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk Adds the file 000003.log"="12/13/2018 8:28 PM, 1985 bytes, A Adds the file CURRENT"="12/13/2018 8:28 PM, 16 bytes, A Adds the file LOCK"="12/13/2018 8:28 PM, 0 bytes, A Adds the file LOG"="12/13/2018 8:28 PM, 184 bytes, A Adds the file MANIFEST-000001"="12/13/2018 8:28 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_otMembers_@muzikfury.thewhizmarketing.com Adds the file storage.js"="12/13/2018 8:23 PM, 2677 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _otMembers_@muzikfury.thewhizmarketing.com.xpi"="12/13/2018 8:23 PM, 46492 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "njnmnphjljmejmfacphkagccdnajkghk"="REG_SZ", "0270731775B75ECD2BD8155557F1FD31427F4F880F540FA567BEE86DA3A48047" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/13/18 Scan Time: 8:34 PM Log File: 2af0f02e-ff0e-11e8-ae5c-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8303 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237019 Threats Detected: 58 Threats Quarantined: 58 Time Elapsed: 2 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MySearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|njnmnphjljmejmfacphkagccdnajkghk, Quarantined, [1858], [443097],1.0.8303 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_otMembers_@muzikfury.thewhizmarketing.com, Quarantined, [1712], [468075],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NJNMNPHJLJMEJMFACPHKAGCCDNAJKGHK, Quarantined, [1858], [443097],1.0.8303 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_otMembers_@muzikfury.thewhizmarketing.com.xpi, Quarantined, [1712], [457930],1.0.8303 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_otMembers_@muzikfury.thewhizmarketing.com\storage.js, Quarantined, [1712], [468075],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\000003.log, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\CURRENT, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\LOCK, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\LOG, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\MANIFEST-000001, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NJNMNPHJLJMEJMFACPHKAGCCDNAJKGHK\13.817.14.14883_0\MANIFEST.JSON, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config\config.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon128.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon16.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon19disabled.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon19on.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon48.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\initOfferCEF.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\ajax.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\b2b-partner-tracking.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\background.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\browserUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\chrome.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\content_script.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\dlp.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\dlpHelper.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\extension_detect.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\genericLoadRemoteSettings.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\index.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\logger.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\offerService.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\pageUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\PartnerId.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\product.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\splashPageRedirectHandler.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\storage.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\TabManager.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\TemplateParser.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\ul.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\urlFragmentActions.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\urlUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\util.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\webtooltabAPI.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\webTooltabAPIProxy.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en\messages.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata\computed_hashes.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata\verified_contents.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\newtabproduct.html, Quarantined, [1858], [443097],1.0.8303 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is Screen Addict?The Malwarebytes research team has determined that Screen Addict is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Screen Addict is a member of the TheWhizProducts family also known as APN, LLC. applications.How do I know if my computer is affected by Screen Addict?You may see these browser extensions/add-ons:these warnings during install:and this newtab-page in the affected browsers:How did Screen Addict get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension from the webstore:How do I remove Screen Addict?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Screen Addict? No, Malwarebytes' Anti-Malware removes Screen Addict completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Screen Addict hijacker. It would have blocked their domain: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_oiMembers_@screenaddict.thewhizproducts.com.xpi [2018-11-29] CHR Extension: (Screen Addict) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia [2018-11-29] Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0 Adds the file manifest.json"="11/29/2018 9:04 AM, 2394 bytes, A Adds the file newtabproduct.html"="10/17/2018 7:26 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en Adds the file messages.json"="11/29/2018 9:04 AM, 222 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata Adds the file computed_hashes.json"="11/29/2018 9:04 AM, 4560 bytes, A Adds the file verified_contents.json"="10/17/2018 7:26 PM, 5403 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config Adds the file config.json"="10/17/2018 7:26 PM, 1993 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons Adds the file icon128.png"="11/29/2018 9:04 AM, 2296 bytes, A Adds the file icon16.png"="10/17/2018 7:26 PM, 252 bytes, A Adds the file icon19disabled.png"="10/17/2018 7:26 PM, 318 bytes, A Adds the file icon19on.png"="11/29/2018 9:04 AM, 387 bytes, A Adds the file icon48.png"="11/29/2018 9:04 AM, 1033 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js Adds the file ajax.js"="10/17/2018 7:26 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="10/17/2018 7:26 PM, 11186 bytes, A Adds the file background.js"="10/17/2018 7:26 PM, 21476 bytes, A Adds the file browserUtils.js"="10/17/2018 7:26 PM, 912 bytes, A Adds the file chrome.js"="10/17/2018 7:26 PM, 146 bytes, A Adds the file content_script.js"="10/17/2018 7:26 PM, 2151 bytes, A Adds the file dlp.js"="10/17/2018 7:26 PM, 5659 bytes, A Adds the file dlpHelper.js"="10/17/2018 7:26 PM, 1799 bytes, A Adds the file extension_detect.js"="10/17/2018 7:26 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="10/17/2018 7:26 PM, 2855 bytes, A Adds the file index.js"="10/17/2018 7:26 PM, 49 bytes, A Adds the file initOfferCEF.js"="10/17/2018 7:26 PM, 8802 bytes, A Adds the file logger.js"="10/17/2018 7:26 PM, 541 bytes, A Adds the file offerService.js"="10/17/2018 7:26 PM, 10325 bytes, A Adds the file pageUtils.js"="10/17/2018 7:26 PM, 2805 bytes, A Adds the file PartnerId.js"="10/17/2018 7:26 PM, 16402 bytes, A Adds the file product.js"="10/17/2018 7:26 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="10/17/2018 7:26 PM, 2868 bytes, A Adds the file storage.js"="10/17/2018 7:26 PM, 1640 bytes, A Adds the file TabManager.js"="10/17/2018 7:26 PM, 151 bytes, A Adds the file TemplateParser.js"="10/17/2018 7:26 PM, 3038 bytes, A Adds the file ul.js"="10/17/2018 7:26 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="10/17/2018 7:26 PM, 1825 bytes, A Adds the file urlUtils.js"="10/17/2018 7:26 PM, 5349 bytes, A Adds the file util.js"="10/17/2018 7:26 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="10/17/2018 7:26 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="10/17/2018 7:26 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia Adds the file 000003.log"="11/29/2018 9:06 AM, 2010 bytes, A Adds the file CURRENT"="11/29/2018 9:04 AM, 16 bytes, A Adds the file LOCK"="11/29/2018 9:04 AM, 0 bytes, A Adds the file LOG"="11/29/2018 9:06 AM, 412 bytes, A Adds the file LOG.old"="11/29/2018 9:04 AM, 185 bytes, A Adds the file MANIFEST-000001"="11/29/2018 9:04 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oiMembers_@screenaddict.thewhizproducts.com Adds the file storage.js"="11/29/2018 9:00 AM, 2691 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _oiMembers_@screenaddict.thewhizproducts.com.xpi"="11/29/2018 9:00 AM, 45246 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lbclmokcohjnkfgopmmcjeijpfheafia"="REG_SZ", "D2D2EFB0AF5A0714C55F472F4E0F839EB9B619DFCA73C667C0DF09E1952CA5B7" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/29/18 Scan Time: 9:10 AM Log File: 428f58bd-f3ae-11e8-ad63-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8075 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237600 Threats Detected: 59 Threats Quarantined: 59 Time Elapsed: 3 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MySearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lbclmokcohjnkfgopmmcjeijpfheafia, Quarantined, [1860], [443097],1.0.8075 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_oiMembers_@screenaddict.thewhizproducts.com, Quarantined, [1714], [468075],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCLMOKCOHJNKFGOPMMCJEIJPFHEAFIA, Quarantined, [1860], [443097],1.0.8075 File: 48 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_oiMembers_@screenaddict.thewhizproducts.com.xpi, Quarantined, [1714], [457930],1.0.8075 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oiMembers_@screenaddict.thewhizproducts.com\storage.js, Quarantined, [1714], [468075],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\000003.log, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\CURRENT, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOCK, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOG, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOG.old, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\MANIFEST-000001, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCLMOKCOHJNKFGOPMMCJEIJPFHEAFIA\13.817.14.14900_0\MANIFEST.JSON, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config\config.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon128.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon16.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon19disabled.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon19on.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon48.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\initOfferCEF.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\ajax.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\b2b-partner-tracking.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\background.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\browserUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\chrome.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\content_script.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\dlp.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\dlpHelper.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\extension_detect.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\genericLoadRemoteSettings.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\index.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\logger.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\offerService.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\pageUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\PartnerId.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\product.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\splashPageRedirectHandler.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\storage.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\TabManager.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\TemplateParser.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\ul.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\urlFragmentActions.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\urlUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\util.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\webtooltabAPI.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\webTooltabAPIProxy.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en\messages.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata\computed_hashes.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata\verified_contents.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\newtabproduct.html, Quarantined, [1860], [443097],1.0.8075 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is TV Stream Now?The Malwarebytes research team has determined that TV Stream Now is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.TV Stream Now is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by TV Stream Now?You may see these browser extensions/add-ons:these warnings during install:and this newtab-page in the affected browsers:How did TV Stream Now get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove TV Stream Now?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of TV Stream Now? No, Malwarebytes' Anti-Malware removes TV Stream Now completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the TV Stream Now hijacker. It would have blocked the website, giving you a chance to stop it before it became too late. and the (url=https://blog.malware...n/]MalwarebytesBrowser Extension[/url] would have blocked the site as well: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_j0Members_@www.gettvstreamnow.com.xpi [2018-09-14] CHR Extension: (TV Stream Now) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd [2018-09-14] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0 Adds the file dynamicNewTab.html"="3/16/2018 1:08 PM, 1136 bytes, A Adds the file manifest.json"="9/14/2018 9:00 AM, 2566 bytes, A Adds the file productnewtab.html"="3/16/2018 1:08 PM, 1136 bytes, A Adds the file stubby.html"="3/16/2018 1:08 PM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata Adds the file computed_hashes.json"="9/14/2018 9:00 AM, 5046 bytes, A Adds the file verified_contents.json"="3/21/2018 2:02 PM, 5391 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config Adds the file config.json"="3/21/2018 2:02 PM, 1970 bytes, A Adds the file extension-config.json"="3/16/2018 1:08 PM, 1114 bytes, A Adds the file extension-dev-config.json"="3/16/2018 1:08 PM, 1236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js Adds the file ajax.js"="3/16/2018 1:08 PM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="3/21/2018 2:02 PM, 11023 bytes, A Adds the file background.js"="3/21/2018 2:02 PM, 21158 bytes, A Adds the file chrome.js"="3/16/2018 1:08 PM, 180 bytes, A Adds the file content_script.js"="3/16/2018 1:08 PM, 5815 bytes, A Adds the file dlp.js"="3/16/2018 1:08 PM, 5690 bytes, A Adds the file dlpHelper.js"="3/16/2018 1:08 PM, 1836 bytes, A Adds the file extension_detect.js"="3/16/2018 1:08 PM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="3/16/2018 1:08 PM, 2908 bytes, A Adds the file index.js"="3/16/2018 1:08 PM, 82 bytes, A Adds the file initOfferCEF.js"="3/16/2018 1:08 PM, 8991 bytes, A Adds the file logger.js"="3/16/2018 1:08 PM, 575 bytes, A Adds the file offerService.js"="3/16/2018 1:08 PM, 13159 bytes, A Adds the file pageUtils.js"="3/16/2018 1:08 PM, 1811 bytes, A Adds the file PartnerId.js"="3/16/2018 1:08 PM, 16439 bytes, A Adds the file product.js"="3/16/2018 1:08 PM, 4511 bytes, A Adds the file storage.js"="3/16/2018 1:08 PM, 1675 bytes, A Adds the file TabManager.js"="3/16/2018 1:08 PM, 189 bytes, A Adds the file TemplateParser.js"="3/16/2018 1:08 PM, 3080 bytes, A Adds the file ul.js"="3/21/2018 2:02 PM, 3862 bytes, A Adds the file urlFragmentActions.js"="3/16/2018 1:08 PM, 2521 bytes, A Adds the file urlUtils.js"="3/16/2018 1:08 PM, 5385 bytes, A Adds the file util.js"="3/21/2018 2:02 PM, 4027 bytes, A Adds the file webtooltabAPI.js"="3/16/2018 1:08 PM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd Adds the file 000003.log"="9/14/2018 9:00 AM, 5001 bytes, A Adds the file CURRENT"="9/14/2018 9:00 AM, 16 bytes, A Adds the file LOCK"="9/14/2018 9:00 AM, 0 bytes, A Adds the file LOG"="9/14/2018 9:00 AM, 185 bytes, A Adds the file MANIFEST-000001"="9/14/2018 9:00 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_j0Members_@www.gettvstreamnow.com Adds the file storage.js"="9/14/2018 9:03 AM, 770 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _j0Members_@www.gettvstreamnow.com.xpi"="9/14/2018 9:03 AM, 53505 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "podgeadojmfnljiibabaddnebdodfbfd"="REG_SZ", "F12A9D3CCE0AC5DA8A95CB535F086854B781F1BAE1DD3420EFFEDF975C02BD94" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/14/18 Scan Time: 9:11 AM Log File: 78837b8a-b7ed-11e8-b18b-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.6821 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 252756 Threats Detected: 55 Threats Quarantined: 55 Time Elapsed: 3 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_j0Members_@www.gettvstreamnow.com, Quarantined, [1698], [468075],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PODGEADOJMFNLJIIBABADDNEBDODFBFD, Quarantined, [1698], [467555],1.0.6821 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_j0Members_@www.gettvstreamnow.com.xpi, Quarantined, [1698], [457930],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_j0Members_@www.gettvstreamnow.com\storage.js, Quarantined, [1698], [468075],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\000003.log, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\CURRENT, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\LOCK, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\LOG, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\MANIFEST-000001, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PODGEADOJMFNLJIIBABADDNEBDODFBFD\13.421.12.56809_0\MANIFEST.JSON, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config\config.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config\extension-config.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config\extension-dev-config.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon128.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon16.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon19disabled.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon19on.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon48.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\logger.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\ajax.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\b2b-partner-tracking.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\background.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\chrome.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\content_script.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\dlp.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\dlpHelper.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\extension_detect.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\genericLoadRemoteSettings.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\index.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\initOfferCEF.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\offerService.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\pageUtils.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\PartnerId.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\product.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\storage.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\TabManager.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\TemplateParser.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\ul.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\urlFragmentActions.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\urlUtils.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\util.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\webtooltabAPI.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata\computed_hashes.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata\verified_contents.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\dynamicNewTab.html, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\productnewtab.html, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\stubby.html, Quarantined, [1698], [467555],1.0.6821 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is Go Game Go?The Malwarebytes research team has determined that Go Game Go is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Go Game Go is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Go Game Go?You may see these browser extensions/add-ons:these warnings during install:and this new NewTab page:How did Go Game Go get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.And the Chrome extension was available in the webstore:How do I remove Go Game Go?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Go Game Go? If you are using an older version of Malwarebytes, you may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the Go Game Go entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Go Game Go hijacker. It blocks traffic to their domains: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_osMembers_@gogamego.thewhizproducts.com.xpi [2018-05-02] CHR Extension: (Go Game Go) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi [2018-05-02] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0 Adds the file dynamicNewTab.html"="4/20/2018 1:58 PM, 1136 bytes, A Adds the file manifest.json"="5/2/2018 10:33 AM, 2601 bytes, A Adds the file productnewtab.html"="4/20/2018 1:58 PM, 1136 bytes, A Adds the file stubby.html"="4/20/2018 1:58 PM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\_metadata Adds the file computed_hashes.json"="5/2/2018 10:33 AM, 4670 bytes, A Adds the file verified_contents.json"="4/20/2018 1:58 PM, 5389 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config Adds the file config.json"="4/20/2018 1:58 PM, 1946 bytes, A Adds the file extension-config.json"="4/20/2018 1:58 PM, 1114 bytes, A Adds the file extension-dev-config.json"="4/20/2018 1:58 PM, 1236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons Adds the file icon128.png"="5/2/2018 10:33 AM, 3339 bytes, A Adds the file icon16.png"="4/20/2018 1:58 PM, 227 bytes, A Adds the file icon19disabled.png"="4/20/2018 1:58 PM, 263 bytes, A Adds the file icon19on.png"="5/2/2018 10:33 AM, 473 bytes, A Adds the file icon48.png"="5/2/2018 10:33 AM, 1404 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js Adds the file ajax.js"="4/20/2018 1:58 PM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="4/20/2018 1:58 PM, 11023 bytes, A Adds the file background.js"="4/20/2018 1:58 PM, 21158 bytes, A Adds the file chrome.js"="4/20/2018 1:58 PM, 180 bytes, A Adds the file content_script.js"="4/20/2018 1:58 PM, 5815 bytes, A Adds the file dlp.js"="4/20/2018 1:58 PM, 5690 bytes, A Adds the file dlpHelper.js"="4/20/2018 1:58 PM, 1836 bytes, A Adds the file extension_detect.js"="4/20/2018 1:58 PM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="4/20/2018 1:58 PM, 2908 bytes, A Adds the file index.js"="4/20/2018 1:58 PM, 82 bytes, A Adds the file initOfferCEF.js"="4/20/2018 1:58 PM, 8991 bytes, A Adds the file logger.js"="4/20/2018 1:58 PM, 575 bytes, A Adds the file offerService.js"="4/20/2018 1:58 PM, 13159 bytes, A Adds the file pageUtils.js"="4/20/2018 1:58 PM, 1811 bytes, A Adds the file PartnerId.js"="4/20/2018 1:58 PM, 16439 bytes, A Adds the file product.js"="4/20/2018 1:58 PM, 4511 bytes, A Adds the file storage.js"="4/20/2018 1:58 PM, 1675 bytes, A Adds the file TabManager.js"="4/20/2018 1:58 PM, 189 bytes, A Adds the file TemplateParser.js"="4/20/2018 1:58 PM, 3080 bytes, A Adds the file ul.js"="4/20/2018 1:58 PM, 3862 bytes, A Adds the file urlFragmentActions.js"="4/20/2018 1:58 PM, 2521 bytes, A Adds the file urlUtils.js"="4/20/2018 1:58 PM, 5385 bytes, A Adds the file util.js"="4/20/2018 1:58 PM, 4027 bytes, A Adds the file webtooltabAPI.js"="4/20/2018 1:58 PM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi Adds the file 000003.log"="5/2/2018 10:33 AM, 5595 bytes, A Adds the file CURRENT"="5/2/2018 10:33 AM, 16 bytes, A Adds the file LOCK"="5/2/2018 10:33 AM, 0 bytes, A Adds the file LOG"="5/2/2018 10:33 AM, 185 bytes, A Adds the file MANIFEST-000001"="5/2/2018 10:33 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_osMembers_@gogamego.thewhizproducts.com Adds the file storage.js"="5/2/2018 10:29 AM, 2699 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _osMembers_@gogamego.thewhizproducts.com.xpi"="5/2/2018 10:29 AM, 47290 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "enodhhjhliaheicgikdhckdlmjmncemi"="REG_SZ", "6F86893A0132B2967014933B0A6FDFB6CB0A686521110FE18225AA415109E6DE" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/2/18 Scan Time: 10:39 AM Log File: 4f923e65-4de4-11e8-bc08-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4948 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 247203 Threats Detected: 55 Threats Quarantined: 55 Time Elapsed: 2 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_osMembers_@gogamego.thewhizproducts.com, Quarantined, [1712], [468075],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\_metadata, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ENODHHJHLIAHEICGIKDHCKDLMJMNCEMI, Quarantined, [1712], [467555],1.0.4948 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_osMembers_@gogamego.thewhizproducts.com.xpi, Quarantined, [1712], [457930],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_osMembers_@gogamego.thewhizproducts.com\storage.js, Quarantined, [1712], [468075],1.0.4948 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\000003.log, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\CURRENT, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\LOCK, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\LOG, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\MANIFEST-000001, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ENODHHJHLIAHEICGIKDHCKDLMJMNCEMI\13.421.13.8185_0\MANIFEST.JSON, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config\config.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config\extension-config.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config\extension-dev-config.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon128.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon16.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon19disabled.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon19on.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon48.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\logger.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\ajax.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\b2b-partner-tracking.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\background.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\chrome.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\content_script.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\dlp.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\dlpHelper.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\extension_detect.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\genericLoadRemoteSettings.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\index.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\initOfferCEF.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\offerService.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\pageUtils.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\PartnerId.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\product.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\storage.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\TabManager.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\TemplateParser.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\ul.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\urlFragmentActions.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\urlUtils.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\util.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\webtooltabAPI.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\_metadata\computed_hashes.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\_metadata\verified_contents.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\dynamicNewTab.html, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\productnewtab.html, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\stubby.html, Quarantined, [1712], [467555],1.0.4948 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.