Jump to content

Search the Community

Showing results for tags 'pup.optional.mindspark.generic'.


More search options

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

AIM

MSN

Website URL

ICQ

Yahoo

Jabber

Location

Interests

Found 8 results

  1. Metallica
    What is DailyBibleGuide?The Malwarebytes research team has determined that DailyBibleGuide is a browser NewTab. These so-called "NewTab" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.DailyBibleGuide is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by DailyBibleGuide?You may see this Chrome extension:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did DailyBibleGuide get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove DailyBibleGuide?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of DailyBibleGuide? No, Malwarebytes' Anti-Malware removes DailyBibleGuide completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the DailyBibleGuide hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and both Malwarebytes Premium aand Browser Guard block traffic to their domain: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://hp.myway.com/dailybibleguide/ttab02/index.html?n=7867DE96&p2=%5EXM%5Emni000%5ETTAB02&ptb=A0A0F362-4A15-42C1-9CCD-A7968755166B&coid=a14e934f54dd407f8ff84d1102e557ba CHR NewTab: Default -> Active:"chrome-extension://hdhkemhaommecijlogcmoeaogjjpkihm/ntp1.html" CHR Extension: (DailyBibleGuide) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm [2020-07-31] DailyBibleGuide Internet Explorer Homepage and New Tab (HKCU\...\DailyBibleGuideTooltab Uninstall Internet Explorer) (Version: - Ask Applications, Inc.) Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\DailyBibleGuideTooltab Adds the file TooltabExtension.dll"="2/11/2020 10:08 PM, 273008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0 Adds the file manifest.json"="7/31/2020 10:26 AM, 2550 bytes, A Adds the file ntp1.html"="6/2/2020 9:02 PM, 1348 bytes, A Adds the file ntp2.html"="6/2/2020 9:02 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\_locales\en Adds the file messages.json"="7/31/2020 10:26 AM, 260 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\_metadata Adds the file computed_hashes.json"="7/31/2020 10:26 AM, 8008 bytes, A Adds the file verified_contents.json"="6/2/2020 9:02 PM, 7876 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\config Adds the file config.json"="6/2/2020 9:02 PM, 2221 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\icons Adds the file icon128.png"="7/31/2020 10:26 AM, 10931 bytes, A Adds the file icon16.png"="7/31/2020 10:26 AM, 701 bytes, A Adds the file icon19disabled.png"="6/2/2020 9:02 PM, 1599 bytes, A Adds the file icon19on.png"="7/31/2020 10:26 AM, 887 bytes, A Adds the file icon48.png"="7/31/2020 10:26 AM, 3507 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\js Adds the file ajax.js"="6/2/2020 9:02 PM, 3263 bytes, A Adds the file B2BService.js"="6/2/2020 9:02 PM, 11729 bytes, A Adds the file babAPI.js"="6/2/2020 9:02 PM, 5950 bytes, A Adds the file babClickHandler.js"="6/2/2020 9:02 PM, 3485 bytes, A Adds the file babContentScript.js"="6/2/2020 9:02 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="6/2/2020 9:02 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="6/2/2020 9:02 PM, 4311 bytes, A Adds the file babTypeFactory.js"="6/2/2020 9:02 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="6/2/2020 9:02 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="6/2/2020 9:02 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="6/2/2020 9:02 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="6/2/2020 9:02 PM, 4111 bytes, A Adds the file background.js"="6/2/2020 9:02 PM, 26477 bytes, A Adds the file browserUtils.js"="6/2/2020 9:02 PM, 1896 bytes, A Adds the file chrome.js"="6/2/2020 9:02 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/2/2020 9:02 PM, 23601 bytes, A Adds the file dateTimeUtils.js"="6/2/2020 9:02 PM, 1213 bytes, A Adds the file dlp.js"="6/2/2020 9:02 PM, 5852 bytes, A Adds the file dlpHelper.js"="6/2/2020 9:02 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/2/2020 9:02 PM, 4357 bytes, A Adds the file index.js"="6/2/2020 9:02 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/2/2020 9:02 PM, 2237 bytes, A Adds the file logger.js"="6/2/2020 9:02 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="6/2/2020 9:02 PM, 1976 bytes, A Adds the file meta.js"="6/2/2020 9:02 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="6/2/2020 9:02 PM, 2902 bytes, A Adds the file notificationService.js"="6/2/2020 9:02 PM, 15360 bytes, A Adds the file offerService.js"="6/2/2020 9:02 PM, 17241 bytes, A Adds the file pageUtils.js"="6/2/2020 9:02 PM, 2967 bytes, A Adds the file PartnerId.js"="6/2/2020 9:02 PM, 16402 bytes, A Adds the file polyfill.js"="6/2/2020 9:02 PM, 875 bytes, A Adds the file product.js"="6/2/2020 9:02 PM, 8248 bytes, A Adds the file pTagService.js"="6/2/2020 9:02 PM, 7125 bytes, A Adds the file remoteConfigLoader.js"="6/2/2020 9:02 PM, 6179 bytes, A Adds the file scheduler.js"="6/2/2020 9:02 PM, 4130 bytes, A Adds the file splashPageRedirectHandler.js"="6/2/2020 9:02 PM, 2944 bytes, A Adds the file storageUtils.js"="6/2/2020 9:02 PM, 1718 bytes, A Adds the file surveyService.js"="6/2/2020 9:02 PM, 5401 bytes, A Adds the file templateParser.js"="6/2/2020 9:02 PM, 3153 bytes, A Adds the file ul.js"="6/2/2020 9:02 PM, 5856 bytes, A Adds the file urlFragmentActions.js"="6/2/2020 9:02 PM, 2453 bytes, A Adds the file urlUtils.js"="6/2/2020 9:02 PM, 6382 bytes, A Adds the file util.js"="6/2/2020 9:02 PM, 5693 bytes, A Adds the file watchExtensionsHandler.js"="6/2/2020 9:02 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="6/2/2020 9:02 PM, 9786 bytes, A Adds the file webTooltabAPIProxy.js"="6/2/2020 9:02 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm Adds the file 000003.log"="7/31/2020 10:26 AM, 4811 bytes, A Adds the file CURRENT"="7/31/2020 10:26 AM, 16 bytes, A Adds the file LOCK"="7/31/2020 10:26 AM, 0 bytes, A Adds the file LOG"="7/31/2020 10:28 AM, 185 bytes, A Adds the file MANIFEST-000001"="7/31/2020 10:26 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\DailyBibleGuide] "Start Page"="REG_SZ", "https://hp.myway.com/dailybibleguide/ttab02/index.html?n=7867DE96&p2=^XM^mni000^TTAB02&ptb=A0A0F362-4A15-42C1-9CCD-A7968755166B&coid=a14e934f54dd407f8ff84d1102e557ba" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c=A0A0F362-4A15-42C1-9CCD-A7968755166B&ptb=^XM^mni000^TTAB02" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "hdhkemhaommecijlogcmoeaogjjpkihm"="REG_SZ", "026E1A507F9064DEAF91CE164AA7BCBEF3273702BCEC5CADDBDBB987CFD02944" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "https://hp.myway.com/dailybibleguide/ttab02/index.html?n=7867DE96&p2=%5EXM%5Emni000%5ETTAB02&ptb=A0A0F362-4A15-42C1-9CCD-A7968755166B&coid=a14e934f54dd407f8ff84d1102e557ba" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DailyBibleGuideTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "DailyBibleGuide Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Ask Applications, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\DailyBibleGuideTooltab\TooltabExtension.dll" U uninstall:DailyBibleGuide" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/31/20 Scan Time: 10:34 AM Log File: ae242ea0-d308-11ea-a51e-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27725 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231325 Threats Detected: 22 Threats Quarantined: 22 Time Elapsed: 5 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyBibleGuideTooltab\TooltabExtension.dll, Quarantined, 1815, 356944, , , , Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DailyBibleGuideTooltab Uninstall Internet Explorer, Quarantined, 1815, 356944, , , , PUP.Optional.MindSpark, HKCU\SOFTWARE\DailyBibleGuide, Quarantined, 719, 240557, 1.0.27725, , ame, Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\DailyBibleGuide|START PAGE, Quarantined, 1815, 444113, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\DailyBibleGuide|UNINSTALLSURVEYURL, Quarantined, 1815, 769449, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hdhkemhaommecijlogcmoeaogjjpkihm, Quarantined, 1815, 456842, , , , Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 719, 293497, 1.0.27725, , ame, Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyBibleGuideTooltab, Quarantined, 1815, 356944, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm, Quarantined, 1815, 456842, , , , File: 12 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyBibleGuideTooltab\TooltabExtension.dll, Quarantined, 1815, 356944, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\000003.log, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\CURRENT, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\LOCK, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\LOG, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\MANIFEST-000001, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HDHKEMHAOMMECIJLOGCMOEAOGJJPKIHM\13.931.18.9828_0\CONFIG\CONFIG.JSON, Quarantined, 1815, 456842, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HDHKEMHAOMMECIJLOGCMOEAOGJJPKIHM\13.931.18.9828_0\MANIFEST.JSON, Quarantined, 1815, 443121, 1.0.27725, , ame, PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\DAILYBIBLEGUIDE.EXE, Quarantined, 719, 790639, 1.0.27725, , ame, PUP.Optional.MindSpark, C:\USERS\{username}\DOWNLOADS\DAILYBIBLEGUIDE.99E6A229C62C414A9BADBEB875533F9D.EXE, Quarantined, 719, 790639, 1.0.27725, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. Metallica
    What is FileSendSuite?The Malwarebytes research team has determined that FileSendSuite is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by FileSendSuite?You may see this browser extension:these warnings during install:this new startpage:and this new setting:How did FileSendSuite get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove FileSendSuite?Our program Malwarebytes can detect and remove this potentially unwanted program.[Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of FileSendSuite? No, Malwarebytes' Anti-Malware removes FileSendSuite completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the FileSendSuite hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://jdlnhgjcehghpjmemkjbkhgpeblojiaj/ntp1.html" CHR Extension: (FileSendSuite) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj [2020-07-01] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0 Adds the file manifest.json"="7/1/2020 9:34 AM, 2561 bytes, A Adds the file ntp1.html"="6/2/2020 7:21 PM, 1348 bytes, A Adds the file ntp2.html"="6/2/2020 7:21 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\ar Adds the file messages.json"="7/1/2020 9:34 AM, 260 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\de Adds the file messages.json"="7/1/2020 9:34 AM, 182 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\en Adds the file messages.json"="7/1/2020 9:34 AM, 247 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\es Adds the file messages.json"="7/1/2020 9:34 AM, 178 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\es_419 Adds the file messages.json"="7/1/2020 9:34 AM, 178 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\fr Adds the file messages.json"="7/1/2020 9:34 AM, 191 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\it Adds the file messages.json"="7/1/2020 9:34 AM, 173 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\ja Adds the file messages.json"="7/1/2020 9:34 AM, 210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\ko Adds the file messages.json"="7/1/2020 9:34 AM, 211 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\nl Adds the file messages.json"="7/1/2020 9:34 AM, 211 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\pt_BR Adds the file messages.json"="7/1/2020 9:34 AM, 180 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\pt_PT Adds the file messages.json"="7/1/2020 9:34 AM, 180 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_metadata Adds the file computed_hashes.json"="7/1/2020 9:34 AM, 8008 bytes, A Adds the file verified_contents.json"="6/2/2020 7:21 PM, 9283 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\config Adds the file config.json"="6/2/2020 7:21 PM, 2205 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\icons Adds the file icon128.png"="7/1/2020 9:34 AM, 6360 bytes, A Adds the file icon16.png"="7/1/2020 9:34 AM, 700 bytes, A Adds the file icon19disabled.png"="6/2/2020 7:21 PM, 1659 bytes, A Adds the file icon19on.png"="7/1/2020 9:34 AM, 848 bytes, A Adds the file icon48.png"="7/1/2020 9:34 AM, 2399 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\js Adds the file ajax.js"="6/2/2020 7:21 PM, 3263 bytes, A Adds the file B2BService.js"="6/2/2020 7:21 PM, 11729 bytes, A Adds the file babAPI.js"="6/2/2020 7:21 PM, 5950 bytes, A Adds the file babClickHandler.js"="6/2/2020 7:21 PM, 3485 bytes, A Adds the file babContentScript.js"="6/2/2020 7:21 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="6/2/2020 7:21 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="6/2/2020 7:21 PM, 4311 bytes, A Adds the file babTypeFactory.js"="6/2/2020 7:21 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="6/2/2020 7:21 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="6/2/2020 7:21 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="6/2/2020 7:21 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="6/2/2020 7:21 PM, 4111 bytes, A Adds the file background.js"="6/2/2020 7:21 PM, 26477 bytes, A Adds the file browserUtils.js"="6/2/2020 7:21 PM, 1896 bytes, A Adds the file chrome.js"="6/2/2020 7:21 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/2/2020 7:21 PM, 23601 bytes, A Adds the file dateTimeUtils.js"="6/2/2020 7:21 PM, 1213 bytes, A Adds the file dlp.js"="6/2/2020 7:21 PM, 5852 bytes, A Adds the file dlpHelper.js"="6/2/2020 7:21 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/2/2020 7:21 PM, 4357 bytes, A Adds the file index.js"="6/2/2020 7:21 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/2/2020 7:21 PM, 2237 bytes, A Adds the file logger.js"="6/2/2020 7:21 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="6/2/2020 7:21 PM, 1976 bytes, A Adds the file meta.js"="6/2/2020 7:21 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="6/2/2020 7:21 PM, 2902 bytes, A Adds the file notificationService.js"="6/2/2020 7:21 PM, 15360 bytes, A Adds the file offerService.js"="6/2/2020 7:21 PM, 17241 bytes, A Adds the file pageUtils.js"="6/2/2020 7:21 PM, 2967 bytes, A Adds the file PartnerId.js"="6/2/2020 7:21 PM, 16402 bytes, A Adds the file polyfill.js"="6/2/2020 7:21 PM, 875 bytes, A Adds the file product.js"="6/2/2020 7:21 PM, 8248 bytes, A Adds the file pTagService.js"="6/2/2020 7:21 PM, 7125 bytes, A Adds the file remoteConfigLoader.js"="6/2/2020 7:21 PM, 6179 bytes, A Adds the file scheduler.js"="6/2/2020 7:21 PM, 4130 bytes, A Adds the file splashPageRedirectHandler.js"="6/2/2020 7:21 PM, 2944 bytes, A Adds the file storageUtils.js"="6/2/2020 7:21 PM, 1718 bytes, A Adds the file surveyService.js"="6/2/2020 7:21 PM, 5401 bytes, A Adds the file templateParser.js"="6/2/2020 7:21 PM, 3153 bytes, A Adds the file ul.js"="6/2/2020 7:21 PM, 5856 bytes, A Adds the file urlFragmentActions.js"="6/2/2020 7:21 PM, 2453 bytes, A Adds the file urlUtils.js"="6/2/2020 7:21 PM, 6382 bytes, A Adds the file util.js"="6/2/2020 7:21 PM, 5693 bytes, A Adds the file watchExtensionsHandler.js"="6/2/2020 7:21 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="6/2/2020 7:21 PM, 9786 bytes, A Adds the file webTooltabAPIProxy.js"="6/2/2020 7:21 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj Adds the file 000003.log"="7/1/2020 9:34 AM, 4780 bytes, A Adds the file CURRENT"="7/1/2020 9:34 AM, 16 bytes, A Adds the file LOCK"="7/1/2020 9:34 AM, 0 bytes, A Adds the file LOG"="7/1/2020 9:37 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/1/2020 9:34 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jdlnhgjcehghpjmemkjbkhgpeblojiaj"="REG_SZ", "FF287A2B359DC873C300DFBCF0CA067C7CA5AC154F3223BEC69EC167983C05DF" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/1/20 Scan Time: 10:30 AM Log File: 10ceb49a-bb75-11ea-bf8f-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26233 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232374 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 2 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jdlnhgjcehghpjmemkjbkhgpeblojiaj, Quarantined, 1817, 443121, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JDLNHGJCEHGHPJMEMKJBKHGPEBLOJIAJ, Quarantined, 1817, 443121, 1.0.26233, , ame, File: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\000003.log, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\CURRENT, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\LOCK, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\LOG, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\MANIFEST-000001, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JDLNHGJCEHGHPJMEMKJBKHGPEBLOJIAJ\13.931.18.8162_0\MANIFEST.JSON, Quarantined, 1817, 443121, 1.0.26233, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JDLNHGJCEHGHPJMEMKJBKHGPEBLOJIAJ\13.931.18.8162_0\CONFIG\CONFIG.JSON, Quarantined, 1817, 456842, 1.0.26233, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. Metallica
    What is DownloadManagerNow?The Malwarebytes research team has determined that DownloadManagerNow is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by DownloadManagerNow?You may see this browser extension:these warnings during install:You may see this icon in your browsers menu-bar:this new startpage:and this new setting:How did DownloadManagerNow get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove DownloadManagerNow?Our program Malwarebytes can detect and remove this potentially unwanted program.[Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of DownloadManagerNow? No, Malwarebytes' Anti-Malware removes DownloadManagerNow completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes, as well as Malwarebytes Browser Guard, would have protected you against the DownloadManagerNow hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://ijjbaliojphgfiakfehndobhialecmpl/ntp1.html" CHR Extension: (DownloadManagerNow) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl [2020-06-23] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0 Adds the file manifest.json"="6/23/2020 10:42 AM, 2576 bytes, A Adds the file ntp1.html"="6/2/2020 7:06 PM, 1348 bytes, A Adds the file ntp2.html"="6/2/2020 7:06 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\_metadata Adds the file computed_hashes.json"="6/23/2020 10:42 AM, 8008 bytes, A Adds the file verified_contents.json"="6/2/2020 7:06 PM, 9283 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\config Adds the file config.json"="6/2/2020 7:06 PM, 2265 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\icons Adds the file icon128.png"="6/23/2020 10:42 AM, 10183 bytes, A Adds the file icon16.png"="6/23/2020 10:42 AM, 546 bytes, A Adds the file icon19disabled.png"="6/2/2020 7:06 PM, 1460 bytes, A Adds the file icon19on.png"="6/23/2020 10:42 AM, 692 bytes, A Adds the file icon48.png"="6/23/2020 10:42 AM, 2418 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\js Adds the file ajax.js"="6/2/2020 7:06 PM, 3263 bytes, A Adds the file B2BService.js"="6/2/2020 7:06 PM, 11729 bytes, A Adds the file babAPI.js"="6/2/2020 7:06 PM, 5950 bytes, A Adds the file babClickHandler.js"="6/2/2020 7:06 PM, 3485 bytes, A Adds the file babContentScript.js"="6/2/2020 7:06 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="6/2/2020 7:06 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="6/2/2020 7:06 PM, 4311 bytes, A Adds the file babTypeFactory.js"="6/2/2020 7:06 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="6/2/2020 7:06 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="6/2/2020 7:06 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="6/2/2020 7:06 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="6/2/2020 7:06 PM, 4111 bytes, A Adds the file background.js"="6/2/2020 7:06 PM, 26477 bytes, A Adds the file browserUtils.js"="6/2/2020 7:06 PM, 1896 bytes, A Adds the file chrome.js"="6/2/2020 7:06 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/2/2020 7:06 PM, 23601 bytes, A Adds the file dateTimeUtils.js"="6/2/2020 7:06 PM, 1213 bytes, A Adds the file dlp.js"="6/2/2020 7:06 PM, 5852 bytes, A Adds the file dlpHelper.js"="6/2/2020 7:06 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/2/2020 7:06 PM, 4357 bytes, A Adds the file index.js"="6/2/2020 7:06 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/2/2020 7:06 PM, 2237 bytes, A Adds the file logger.js"="6/2/2020 7:06 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="6/2/2020 7:06 PM, 1976 bytes, A Adds the file meta.js"="6/2/2020 7:06 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="6/2/2020 7:06 PM, 2902 bytes, A Adds the file notificationService.js"="6/2/2020 7:06 PM, 15360 bytes, A Adds the file offerService.js"="6/2/2020 7:06 PM, 17241 bytes, A Adds the file pageUtils.js"="6/2/2020 7:06 PM, 2967 bytes, A Adds the file PartnerId.js"="6/2/2020 7:06 PM, 16402 bytes, A Adds the file polyfill.js"="6/2/2020 7:06 PM, 875 bytes, A Adds the file product.js"="6/2/2020 7:06 PM, 8248 bytes, A Adds the file pTagService.js"="6/2/2020 7:06 PM, 7125 bytes, A Adds the file remoteConfigLoader.js"="6/2/2020 7:06 PM, 6179 bytes, A Adds the file scheduler.js"="6/2/2020 7:06 PM, 4130 bytes, A Adds the file splashPageRedirectHandler.js"="6/2/2020 7:06 PM, 2944 bytes, A Adds the file storageUtils.js"="6/2/2020 7:06 PM, 1718 bytes, A Adds the file surveyService.js"="6/2/2020 7:06 PM, 5401 bytes, A Adds the file templateParser.js"="6/2/2020 7:06 PM, 3153 bytes, A Adds the file ul.js"="6/2/2020 7:06 PM, 5856 bytes, A Adds the file urlFragmentActions.js"="6/2/2020 7:06 PM, 2453 bytes, A Adds the file urlUtils.js"="6/2/2020 7:06 PM, 6382 bytes, A Adds the file util.js"="6/2/2020 7:06 PM, 5693 bytes, A Adds the file watchExtensionsHandler.js"="6/2/2020 7:06 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="6/2/2020 7:06 PM, 9786 bytes, A Adds the file webTooltabAPIProxy.js"="6/2/2020 7:06 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl Adds the file 000003.log"="6/23/2020 10:42 AM, 4827 bytes, A Adds the file CURRENT"="6/23/2020 10:42 AM, 16 bytes, A Adds the file LOCK"="6/23/2020 10:42 AM, 0 bytes, A Adds the file LOG"="6/23/2020 10:46 AM, 184 bytes, A Adds the file MANIFEST-000001"="6/23/2020 10:42 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ijjbaliojphgfiakfehndobhialecmpl"="REG_SZ", "E2D436A20B6C0AF690CECB6F4AAAA7700DFDF53C67A910EDD865D0592A0AE4ED" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/23/20 Scan Time: 10:53 AM Log File: 0546f8f4-b52f-11ea-8270-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.25901 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231529 Threats Detected: 13 Threats Quarantined: 13 Time Elapsed: 1 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ijjbaliojphgfiakfehndobhialecmpl, Quarantined, 1817, 456842, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl, Quarantined, 1817, 456842, , , , File: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\000003.log, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\CURRENT, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\LOCK, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\LOG, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\LOG.old, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\MANIFEST-000001, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IJJBALIOJPHGFIAKFEHNDOBHIALECMPL\13.931.18.7871_0\CONFIG\CONFIG.JSON, Quarantined, 1817, 456842, 1.0.25901, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IJJBALIOJPHGFIAKFEHNDOBHIALECMPL\13.931.18.7871_0\MANIFEST.JSON, Quarantined, 1817, 443121, 1.0.25901, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. Metallica
    What is EasyPDFCombine for Chrome? The Malwarebytes research team has determined that EasyPDFCombine for Chrome is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by EasyPDFCombine for Chrome? You may see this browser extension: these warnings during install: You may see this icon in your browsers menu-bar: this new startpage: and this new setting: How did EasyPDFCombine for Chrome get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove EasyPDFCombine for Chrome? Our program Malwarebytes can detect and remove this potentially unwanted program. [Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of EasyPDFCombine for Chrome? No, Malwarebytes' Anti-Malware removes EasyPDFCombine for Chrome completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes, as well as Browser Guard, would have protected you against the EasyPDFCombine for Chrome hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://dmpghkabedbjaabdjfchnafeciefnjnk/ntp1.html" CHR Extension: (EasyPDFCombine for Chrome) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk [2020-01-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0 Adds the file manifest.json"="1/17/2020 11:39 AM, 2556 bytes, A Adds the file ntp1.html"="11/13/2019 8:35 PM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_metadata Adds the file computed_hashes.json"="1/17/2020 11:39 AM, 5504 bytes, A Adds the file verified_contents.json"="11/13/2019 8:35 PM, 7407 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\config Adds the file config.json"="11/13/2019 8:35 PM, 1532 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons Adds the file icon128.png"="1/17/2020 11:39 AM, 7553 bytes, A Adds the file icon16.png"="11/13/2019 8:35 PM, 1998 bytes, A Adds the file icon19disabled.png"="11/13/2019 8:35 PM, 1703 bytes, A Adds the file icon19on.png"="1/17/2020 11:39 AM, 872 bytes, A Adds the file icon48.png"="1/17/2020 11:39 AM, 2648 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js Adds the file ajax.js"="11/13/2019 8:35 PM, 3263 bytes, A Adds the file babAPI.js"="11/13/2019 8:35 PM, 5703 bytes, A Adds the file babClickHandler.js"="11/13/2019 8:35 PM, 11430 bytes, A Adds the file babContentScript.js"="11/13/2019 8:35 PM, 3749 bytes, A Adds the file babContentScriptAPI.js"="11/13/2019 8:35 PM, 9842 bytes, A Adds the file background.js"="11/13/2019 8:35 PM, 18106 bytes, A Adds the file browserUtils.js"="11/13/2019 8:35 PM, 1536 bytes, A Adds the file chrome.js"="11/13/2019 8:35 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="11/13/2019 8:35 PM, 22964 bytes, A Adds the file dateTimeUtils.js"="11/13/2019 8:35 PM, 1213 bytes, A Adds the file dlp.js"="11/13/2019 8:35 PM, 5783 bytes, A Adds the file dlpHelper.js"="11/13/2019 8:35 PM, 1835 bytes, A Adds the file extensionDetect.js"="11/13/2019 8:35 PM, 4354 bytes, A Adds the file index.js"="11/13/2019 8:35 PM, 49 bytes, A Adds the file localStorageContentScript.js"="11/13/2019 8:35 PM, 2236 bytes, A Adds the file logger.js"="11/13/2019 8:35 PM, 531 bytes, A Adds the file meta.js"="11/13/2019 8:35 PM, 1610 bytes, A Adds the file offerService.js"="11/13/2019 8:35 PM, 16953 bytes, A Adds the file pageUtils.js"="11/13/2019 8:35 PM, 2905 bytes, A Adds the file PartnerId.js"="11/13/2019 8:35 PM, 16402 bytes, A Adds the file polyfill.js"="11/13/2019 8:35 PM, 875 bytes, A Adds the file product.js"="11/13/2019 8:35 PM, 7830 bytes, A Adds the file remoteConfigLoader.js"="11/13/2019 8:35 PM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="11/13/2019 8:35 PM, 2821 bytes, A Adds the file storageUtils.js"="11/13/2019 8:35 PM, 1718 bytes, A Adds the file TemplateParser.js"="11/13/2019 8:35 PM, 3153 bytes, A Adds the file ul.js"="11/13/2019 8:35 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="11/13/2019 8:35 PM, 2453 bytes, A Adds the file urlUtils.js"="11/13/2019 8:35 PM, 5906 bytes, A Adds the file util.js"="11/13/2019 8:35 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="11/13/2019 8:35 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="11/13/2019 8:35 PM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk Adds the file 000003.log"="1/17/2020 11:39 AM, 4381 bytes, A Adds the file CURRENT"="1/17/2020 11:39 AM, 16 bytes, A Adds the file LOCK"="1/17/2020 11:39 AM, 0 bytes, A Adds the file LOG"="1/17/2020 11:39 AM, 184 bytes, A Adds the file MANIFEST-000001"="1/17/2020 11:39 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "dmpghkabedbjaabdjfchnafeciefnjnk"="REG_SZ", "7A295AFD57BFABE99246D4ED36C88CBE4277FFD1C68EFD86DAED1BCDFAF76095" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/17/20 Scan Time: 11:53 AM Log File: 8afe072e-3917-11ea-b298-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.785 Update Package Version: 1.0.17836 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236115 Threats Detected: 82 Threats Quarantined: 82 Time Elapsed: 38 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|dmpghkabedbjaabdjfchnafeciefnjnk, Quarantined, 1792, 443121, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 20 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\es_419, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\pt_BR, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\pt_PT, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ar, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\de, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\en, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\es, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\fr, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\it, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ja, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ko, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\nl, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_metadata, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\config, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DMPGHKABEDBJAABDJFCHNAFECIEFNJNK, Quarantined, 1792, 443121, 1.0.17836, , ame, File: 61 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\000003.log, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\CURRENT, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\LOCK, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\LOG, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\MANIFEST-000001, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DMPGHKABEDBJAABDJFCHNAFECIEFNJNK\13.917.16.52171_0\MANIFEST.JSON, Quarantined, 1792, 443121, 1.0.17836, , ame, PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\config\config.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon128.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon16.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon19disabled.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon19on.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon48.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\dlpHelper.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\ajax.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\babAPI.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\babClickHandler.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\babContentScript.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\babContentScriptAPI.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\background.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\browserUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\chrome.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\contentScriptConnectionManager.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\dateTimeUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\dlp.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\extensionDetect.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\index.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\localStorageContentScript.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\logger.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\meta.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\offerService.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\pageUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\PartnerId.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\polyfill.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\product.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\remoteConfigLoader.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\splashPageRedirectHandler.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\storageUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\TemplateParser.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\ul.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\urlFragmentActions.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\urlUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\util.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\webtooltabAPI.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\webTooltabAPIProxy.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ar\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\de\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\en\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\es\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\es_419\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\fr\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\it\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ja\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ko\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\nl\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\pt_BR\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\pt_PT\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_metadata\computed_hashes.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_metadata\verified_contents.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\ntp1.html, Quarantined, 1792, 443121, , , , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. Metallica
    What is MyScrapNook?The Malwarebytes research team has determined that MyScrapNook is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.MyScrapNook is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by MyScrapNook?You may see this Chrome extension:these warnings during install:You may see this new setting:this icon in the Chrome menu-bar:and this new startpage in the affected browser(s):How did MyScrapNook get on my computer?Browser hijackers use different methods for distributing themselves. This particular Chrome extension was downloaded from the webstore:and promoted by their website:How do I remove MyScrapNook?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MyScrapNook? No, Malwarebytes' Anti-Malware removes MyScrapNook completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the MyScrapNook hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in a FRST log: CHR NewTab: Default -> Active:"chrome-extension://lbapdklahcjljfincdglncfpdgfhckcf/newtabproduct.html" CHR Extension: (MyScrapNook) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf [2019-04-12] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0 Adds the file manifest.json"="4/12/2019 8:50 AM, 2561 bytes, A Adds the file newtabproduct.html"="4/7/2018 1:28 AM, 1136 bytes, A Adds the file stubby.html"="4/7/2018 1:28 AM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\_metadata Adds the file computed_hashes.json"="4/12/2019 8:50 AM, 4096 bytes, A Adds the file verified_contents.json"="4/7/2018 1:28 AM, 4877 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\config Adds the file config.json"="4/7/2018 1:28 AM, 1726 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons Adds the file icon128.png"="4/12/2019 8:50 AM, 6200 bytes, A Adds the file icon16.png"="4/7/2018 1:28 AM, 1454 bytes, A Adds the file icon19disabled.png"="4/7/2018 1:28 AM, 1421 bytes, A Adds the file icon19on.png"="4/12/2019 8:50 AM, 590 bytes, A Adds the file icon48.png"="4/12/2019 8:50 AM, 2314 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js Adds the file ajax.js"="4/7/2018 1:28 AM, 2250 bytes, A Adds the file background.js"="4/7/2018 1:28 AM, 21002 bytes, A Adds the file chrome.js"="4/7/2018 1:28 AM, 180 bytes, A Adds the file content_script.js"="4/7/2018 1:28 AM, 5815 bytes, A Adds the file dlp.js"="4/7/2018 1:28 AM, 5690 bytes, A Adds the file dlpHelper.js"="4/7/2018 1:28 AM, 1836 bytes, A Adds the file extension_detect.js"="4/7/2018 1:28 AM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="4/7/2018 1:28 AM, 2908 bytes, A Adds the file index.js"="4/7/2018 1:28 AM, 82 bytes, A Adds the file initOfferCEF.js"="4/7/2018 1:28 AM, 8842 bytes, A Adds the file logger.js"="4/7/2018 1:28 AM, 575 bytes, A Adds the file offerService.js"="4/7/2018 1:28 AM, 13159 bytes, A Adds the file pageUtils.js"="4/7/2018 1:28 AM, 1811 bytes, A Adds the file PartnerId.js"="4/7/2018 1:28 AM, 16439 bytes, A Adds the file product.js"="4/7/2018 1:28 AM, 4511 bytes, A Adds the file storage.js"="4/7/2018 1:28 AM, 1675 bytes, A Adds the file TabManager.js"="4/7/2018 1:28 AM, 189 bytes, A Adds the file TemplateParser.js"="4/7/2018 1:28 AM, 3080 bytes, A Adds the file ul.js"="4/7/2018 1:28 AM, 3862 bytes, A Adds the file urlFragmentActions.js"="4/7/2018 1:28 AM, 2521 bytes, A Adds the file urlUtils.js"="4/7/2018 1:28 AM, 5385 bytes, A Adds the file util.js"="4/7/2018 1:28 AM, 3235 bytes, A Adds the file webtooltabAPI.js"="4/7/2018 1:28 AM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf Adds the file 000003.log"="4/12/2019 8:50 AM, 1890 bytes, A Adds the file CURRENT"="4/12/2019 8:50 AM, 16 bytes, A Adds the file LOCK"="4/12/2019 8:50 AM, 0 bytes, A Adds the file LOG"="4/12/2019 8:50 AM, 185 bytes, A Adds the file MANIFEST-000001"="4/12/2019 8:50 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lbapdklahcjljfincdglncfpdgfhckcf"="REG_SZ", "53DC83B630939F2085C966B420DFAD81ED442879EAABB4B2C4B884DDEA78722B" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/12/19 Scan Time: 9:06 AM Log File: 8d27f544-5cf1-11e9-a71a-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10122 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236621 Threats Detected: 49 Threats Quarantined: 49 Time Elapsed: 6 min, 47 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lbapdklahcjljfincdglncfpdgfhckcf, Quarantined, [1742], [456843],1.0.10122 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\_metadata, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\config, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBAPDKLAHCJLJFINCDGLNCFPDGFHCKCF, Quarantined, [1742], [456843],1.0.10122 File: 41 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\000003.log, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\CURRENT, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\LOCK, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\LOG, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\MANIFEST-000001, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBAPDKLAHCJLJFINCDGLNCFPDGFHCKCF\13.611.13.2785_0\MANIFEST.JSON, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\config\config.json, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon128.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon16.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon19disabled.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon19on.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon48.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\ajax.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\background.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\chrome.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\content_script.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\dlp.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\dlpHelper.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\extension_detect.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\genericLoadRemoteSettings.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\index.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\initOfferCEF.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\logger.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\offerService.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\pageUtils.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\PartnerId.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\product.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\storage.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\TabManager.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\TemplateParser.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\ul.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\urlFragmentActions.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\urlUtils.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\util.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\webtooltabAPI.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\_metadata\computed_hashes.json, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\_metadata\verified_contents.json, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\newtabproduct.html, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\stubby.html, Quarantined, [1742], [456843],1.0.10122 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. Metallica
    What is Muzik Fury?The Malwarebytes research team has determined that Muzik Fury is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Muzik Fury is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Muzik Fury?You may see these browser extensions/add-ons:these warnings during install:You may see this type of new settings:and this newtab-page in the affected browsers:How did Muzik Fury get on my computer?Browser hijackers use different methods for distributing themselves. This particular Firefox add-on was downloaded from their website.and the Chrome extension was available in the webstore:How do I remove Muzik Fury?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Muzik Fury? No, Malwarebytes' Anti-Malware removes Muzik Fury completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Muzik Fury hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in a FRST log: FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _otMembers_@muzikfury.thewhizmarketing.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _otMembers_@muzikfury.thewhizmarketing.com FF Extension: (Muzik Fury) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_otMembers_@muzikfury.thewhizmarketing.com.xpi [2018-12-13] CHR NewTab: Default -> Active:"chrome-extension://njnmnphjljmejmfacphkagccdnajkghk/newtabproduct.html" CHR Extension: (Muzik Fury) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk [2018-12-13] Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0 Adds the file manifest.json"="12/13/2018 8:28 PM, 2389 bytes, A Adds the file newtabproduct.html"="10/17/2018 7:26 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en Adds the file messages.json"="12/13/2018 8:28 PM, 252 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata Adds the file computed_hashes.json"="12/13/2018 8:28 PM, 4560 bytes, A Adds the file verified_contents.json"="10/17/2018 7:26 PM, 5403 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config Adds the file config.json"="10/17/2018 7:26 PM, 1975 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons Adds the file icon128.png"="12/13/2018 8:28 PM, 2874 bytes, A Adds the file icon16.png"="10/17/2018 7:26 PM, 227 bytes, A Adds the file icon19disabled.png"="10/17/2018 7:26 PM, 265 bytes, A Adds the file icon19on.png"="12/13/2018 8:28 PM, 412 bytes, A Adds the file icon48.png"="12/13/2018 8:28 PM, 1353 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js Adds the file ajax.js"="10/17/2018 7:26 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="10/17/2018 7:26 PM, 11186 bytes, A Adds the file background.js"="10/17/2018 7:26 PM, 21476 bytes, A Adds the file browserUtils.js"="10/17/2018 7:26 PM, 912 bytes, A Adds the file chrome.js"="10/17/2018 7:26 PM, 146 bytes, A Adds the file content_script.js"="10/17/2018 7:26 PM, 2151 bytes, A Adds the file dlp.js"="10/17/2018 7:26 PM, 5659 bytes, A Adds the file dlpHelper.js"="10/17/2018 7:26 PM, 1799 bytes, A Adds the file extension_detect.js"="10/17/2018 7:26 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="10/17/2018 7:26 PM, 2855 bytes, A Adds the file index.js"="10/17/2018 7:26 PM, 49 bytes, A Adds the file initOfferCEF.js"="10/17/2018 7:26 PM, 8802 bytes, A Adds the file logger.js"="10/17/2018 7:26 PM, 541 bytes, A Adds the file offerService.js"="10/17/2018 7:26 PM, 10325 bytes, A Adds the file pageUtils.js"="10/17/2018 7:26 PM, 2805 bytes, A Adds the file PartnerId.js"="10/17/2018 7:26 PM, 16402 bytes, A Adds the file product.js"="10/17/2018 7:26 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="10/17/2018 7:26 PM, 2868 bytes, A Adds the file storage.js"="10/17/2018 7:26 PM, 1640 bytes, A Adds the file TabManager.js"="10/17/2018 7:26 PM, 151 bytes, A Adds the file TemplateParser.js"="10/17/2018 7:26 PM, 3038 bytes, A Adds the file ul.js"="10/17/2018 7:26 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="10/17/2018 7:26 PM, 1825 bytes, A Adds the file urlUtils.js"="10/17/2018 7:26 PM, 5349 bytes, A Adds the file util.js"="10/17/2018 7:26 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="10/17/2018 7:26 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="10/17/2018 7:26 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk Adds the file 000003.log"="12/13/2018 8:28 PM, 1985 bytes, A Adds the file CURRENT"="12/13/2018 8:28 PM, 16 bytes, A Adds the file LOCK"="12/13/2018 8:28 PM, 0 bytes, A Adds the file LOG"="12/13/2018 8:28 PM, 184 bytes, A Adds the file MANIFEST-000001"="12/13/2018 8:28 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_otMembers_@muzikfury.thewhizmarketing.com Adds the file storage.js"="12/13/2018 8:23 PM, 2677 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _otMembers_@muzikfury.thewhizmarketing.com.xpi"="12/13/2018 8:23 PM, 46492 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "njnmnphjljmejmfacphkagccdnajkghk"="REG_SZ", "0270731775B75ECD2BD8155557F1FD31427F4F880F540FA567BEE86DA3A48047" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/13/18 Scan Time: 8:34 PM Log File: 2af0f02e-ff0e-11e8-ae5c-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8303 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237019 Threats Detected: 58 Threats Quarantined: 58 Time Elapsed: 2 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MySearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|njnmnphjljmejmfacphkagccdnajkghk, Quarantined, [1858], [443097],1.0.8303 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_otMembers_@muzikfury.thewhizmarketing.com, Quarantined, [1712], [468075],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NJNMNPHJLJMEJMFACPHKAGCCDNAJKGHK, Quarantined, [1858], [443097],1.0.8303 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_otMembers_@muzikfury.thewhizmarketing.com.xpi, Quarantined, [1712], [457930],1.0.8303 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_otMembers_@muzikfury.thewhizmarketing.com\storage.js, Quarantined, [1712], [468075],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\000003.log, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\CURRENT, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\LOCK, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\LOG, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\MANIFEST-000001, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NJNMNPHJLJMEJMFACPHKAGCCDNAJKGHK\13.817.14.14883_0\MANIFEST.JSON, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config\config.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon128.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon16.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon19disabled.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon19on.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon48.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\initOfferCEF.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\ajax.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\b2b-partner-tracking.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\background.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\browserUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\chrome.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\content_script.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\dlp.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\dlpHelper.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\extension_detect.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\genericLoadRemoteSettings.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\index.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\logger.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\offerService.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\pageUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\PartnerId.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\product.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\splashPageRedirectHandler.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\storage.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\TabManager.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\TemplateParser.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\ul.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\urlFragmentActions.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\urlUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\util.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\webtooltabAPI.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\webTooltabAPIProxy.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en\messages.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata\computed_hashes.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata\verified_contents.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\newtabproduct.html, Quarantined, [1858], [443097],1.0.8303 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  7. Metallica
    What is Screen Addict?The Malwarebytes research team has determined that Screen Addict is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Screen Addict is a member of the TheWhizProducts family also known as APN, LLC. applications.How do I know if my computer is affected by Screen Addict?You may see these browser extensions/add-ons:these warnings during install:and this newtab-page in the affected browsers:How did Screen Addict get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension from the webstore:How do I remove Screen Addict?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Screen Addict? No, Malwarebytes' Anti-Malware removes Screen Addict completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Screen Addict hijacker. It would have blocked their domain: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_oiMembers_@screenaddict.thewhizproducts.com.xpi [2018-11-29] CHR Extension: (Screen Addict) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia [2018-11-29] Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0 Adds the file manifest.json"="11/29/2018 9:04 AM, 2394 bytes, A Adds the file newtabproduct.html"="10/17/2018 7:26 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en Adds the file messages.json"="11/29/2018 9:04 AM, 222 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata Adds the file computed_hashes.json"="11/29/2018 9:04 AM, 4560 bytes, A Adds the file verified_contents.json"="10/17/2018 7:26 PM, 5403 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config Adds the file config.json"="10/17/2018 7:26 PM, 1993 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons Adds the file icon128.png"="11/29/2018 9:04 AM, 2296 bytes, A Adds the file icon16.png"="10/17/2018 7:26 PM, 252 bytes, A Adds the file icon19disabled.png"="10/17/2018 7:26 PM, 318 bytes, A Adds the file icon19on.png"="11/29/2018 9:04 AM, 387 bytes, A Adds the file icon48.png"="11/29/2018 9:04 AM, 1033 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js Adds the file ajax.js"="10/17/2018 7:26 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="10/17/2018 7:26 PM, 11186 bytes, A Adds the file background.js"="10/17/2018 7:26 PM, 21476 bytes, A Adds the file browserUtils.js"="10/17/2018 7:26 PM, 912 bytes, A Adds the file chrome.js"="10/17/2018 7:26 PM, 146 bytes, A Adds the file content_script.js"="10/17/2018 7:26 PM, 2151 bytes, A Adds the file dlp.js"="10/17/2018 7:26 PM, 5659 bytes, A Adds the file dlpHelper.js"="10/17/2018 7:26 PM, 1799 bytes, A Adds the file extension_detect.js"="10/17/2018 7:26 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="10/17/2018 7:26 PM, 2855 bytes, A Adds the file index.js"="10/17/2018 7:26 PM, 49 bytes, A Adds the file initOfferCEF.js"="10/17/2018 7:26 PM, 8802 bytes, A Adds the file logger.js"="10/17/2018 7:26 PM, 541 bytes, A Adds the file offerService.js"="10/17/2018 7:26 PM, 10325 bytes, A Adds the file pageUtils.js"="10/17/2018 7:26 PM, 2805 bytes, A Adds the file PartnerId.js"="10/17/2018 7:26 PM, 16402 bytes, A Adds the file product.js"="10/17/2018 7:26 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="10/17/2018 7:26 PM, 2868 bytes, A Adds the file storage.js"="10/17/2018 7:26 PM, 1640 bytes, A Adds the file TabManager.js"="10/17/2018 7:26 PM, 151 bytes, A Adds the file TemplateParser.js"="10/17/2018 7:26 PM, 3038 bytes, A Adds the file ul.js"="10/17/2018 7:26 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="10/17/2018 7:26 PM, 1825 bytes, A Adds the file urlUtils.js"="10/17/2018 7:26 PM, 5349 bytes, A Adds the file util.js"="10/17/2018 7:26 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="10/17/2018 7:26 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="10/17/2018 7:26 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia Adds the file 000003.log"="11/29/2018 9:06 AM, 2010 bytes, A Adds the file CURRENT"="11/29/2018 9:04 AM, 16 bytes, A Adds the file LOCK"="11/29/2018 9:04 AM, 0 bytes, A Adds the file LOG"="11/29/2018 9:06 AM, 412 bytes, A Adds the file LOG.old"="11/29/2018 9:04 AM, 185 bytes, A Adds the file MANIFEST-000001"="11/29/2018 9:04 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oiMembers_@screenaddict.thewhizproducts.com Adds the file storage.js"="11/29/2018 9:00 AM, 2691 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _oiMembers_@screenaddict.thewhizproducts.com.xpi"="11/29/2018 9:00 AM, 45246 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lbclmokcohjnkfgopmmcjeijpfheafia"="REG_SZ", "D2D2EFB0AF5A0714C55F472F4E0F839EB9B619DFCA73C667C0DF09E1952CA5B7" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/29/18 Scan Time: 9:10 AM Log File: 428f58bd-f3ae-11e8-ad63-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8075 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237600 Threats Detected: 59 Threats Quarantined: 59 Time Elapsed: 3 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MySearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lbclmokcohjnkfgopmmcjeijpfheafia, Quarantined, [1860], [443097],1.0.8075 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_oiMembers_@screenaddict.thewhizproducts.com, Quarantined, [1714], [468075],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCLMOKCOHJNKFGOPMMCJEIJPFHEAFIA, Quarantined, [1860], [443097],1.0.8075 File: 48 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_oiMembers_@screenaddict.thewhizproducts.com.xpi, Quarantined, [1714], [457930],1.0.8075 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oiMembers_@screenaddict.thewhizproducts.com\storage.js, Quarantined, [1714], [468075],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\000003.log, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\CURRENT, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOCK, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOG, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOG.old, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\MANIFEST-000001, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCLMOKCOHJNKFGOPMMCJEIJPFHEAFIA\13.817.14.14900_0\MANIFEST.JSON, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config\config.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon128.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon16.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon19disabled.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon19on.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon48.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\initOfferCEF.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\ajax.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\b2b-partner-tracking.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\background.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\browserUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\chrome.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\content_script.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\dlp.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\dlpHelper.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\extension_detect.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\genericLoadRemoteSettings.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\index.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\logger.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\offerService.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\pageUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\PartnerId.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\product.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\splashPageRedirectHandler.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\storage.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\TabManager.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\TemplateParser.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\ul.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\urlFragmentActions.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\urlUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\util.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\webtooltabAPI.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\webTooltabAPIProxy.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en\messages.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata\computed_hashes.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata\verified_contents.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\newtabproduct.html, Quarantined, [1860], [443097],1.0.8075 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  8. Metallica
    What is TV Stream Now?The Malwarebytes research team has determined that TV Stream Now is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.TV Stream Now is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by TV Stream Now?You may see these browser extensions/add-ons:these warnings during install:and this newtab-page in the affected browsers:How did TV Stream Now get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove TV Stream Now?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of TV Stream Now? No, Malwarebytes' Anti-Malware removes TV Stream Now completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the TV Stream Now hijacker. It would have blocked the website, giving you a chance to stop it before it became too late. and the (url=https://blog.malware...n/]MalwarebytesBrowser Extension[/url] would have blocked the site as well: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_j0Members_@www.gettvstreamnow.com.xpi [2018-09-14] CHR Extension: (TV Stream Now) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd [2018-09-14] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0 Adds the file dynamicNewTab.html"="3/16/2018 1:08 PM, 1136 bytes, A Adds the file manifest.json"="9/14/2018 9:00 AM, 2566 bytes, A Adds the file productnewtab.html"="3/16/2018 1:08 PM, 1136 bytes, A Adds the file stubby.html"="3/16/2018 1:08 PM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata Adds the file computed_hashes.json"="9/14/2018 9:00 AM, 5046 bytes, A Adds the file verified_contents.json"="3/21/2018 2:02 PM, 5391 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config Adds the file config.json"="3/21/2018 2:02 PM, 1970 bytes, A Adds the file extension-config.json"="3/16/2018 1:08 PM, 1114 bytes, A Adds the file extension-dev-config.json"="3/16/2018 1:08 PM, 1236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js Adds the file ajax.js"="3/16/2018 1:08 PM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="3/21/2018 2:02 PM, 11023 bytes, A Adds the file background.js"="3/21/2018 2:02 PM, 21158 bytes, A Adds the file chrome.js"="3/16/2018 1:08 PM, 180 bytes, A Adds the file content_script.js"="3/16/2018 1:08 PM, 5815 bytes, A Adds the file dlp.js"="3/16/2018 1:08 PM, 5690 bytes, A Adds the file dlpHelper.js"="3/16/2018 1:08 PM, 1836 bytes, A Adds the file extension_detect.js"="3/16/2018 1:08 PM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="3/16/2018 1:08 PM, 2908 bytes, A Adds the file index.js"="3/16/2018 1:08 PM, 82 bytes, A Adds the file initOfferCEF.js"="3/16/2018 1:08 PM, 8991 bytes, A Adds the file logger.js"="3/16/2018 1:08 PM, 575 bytes, A Adds the file offerService.js"="3/16/2018 1:08 PM, 13159 bytes, A Adds the file pageUtils.js"="3/16/2018 1:08 PM, 1811 bytes, A Adds the file PartnerId.js"="3/16/2018 1:08 PM, 16439 bytes, A Adds the file product.js"="3/16/2018 1:08 PM, 4511 bytes, A Adds the file storage.js"="3/16/2018 1:08 PM, 1675 bytes, A Adds the file TabManager.js"="3/16/2018 1:08 PM, 189 bytes, A Adds the file TemplateParser.js"="3/16/2018 1:08 PM, 3080 bytes, A Adds the file ul.js"="3/21/2018 2:02 PM, 3862 bytes, A Adds the file urlFragmentActions.js"="3/16/2018 1:08 PM, 2521 bytes, A Adds the file urlUtils.js"="3/16/2018 1:08 PM, 5385 bytes, A Adds the file util.js"="3/21/2018 2:02 PM, 4027 bytes, A Adds the file webtooltabAPI.js"="3/16/2018 1:08 PM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd Adds the file 000003.log"="9/14/2018 9:00 AM, 5001 bytes, A Adds the file CURRENT"="9/14/2018 9:00 AM, 16 bytes, A Adds the file LOCK"="9/14/2018 9:00 AM, 0 bytes, A Adds the file LOG"="9/14/2018 9:00 AM, 185 bytes, A Adds the file MANIFEST-000001"="9/14/2018 9:00 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_j0Members_@www.gettvstreamnow.com Adds the file storage.js"="9/14/2018 9:03 AM, 770 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _j0Members_@www.gettvstreamnow.com.xpi"="9/14/2018 9:03 AM, 53505 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "podgeadojmfnljiibabaddnebdodfbfd"="REG_SZ", "F12A9D3CCE0AC5DA8A95CB535F086854B781F1BAE1DD3420EFFEDF975C02BD94" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/14/18 Scan Time: 9:11 AM Log File: 78837b8a-b7ed-11e8-b18b-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.6821 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 252756 Threats Detected: 55 Threats Quarantined: 55 Time Elapsed: 3 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_j0Members_@www.gettvstreamnow.com, Quarantined, [1698], [468075],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PODGEADOJMFNLJIIBABADDNEBDODFBFD, Quarantined, [1698], [467555],1.0.6821 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_j0Members_@www.gettvstreamnow.com.xpi, Quarantined, [1698], [457930],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_j0Members_@www.gettvstreamnow.com\storage.js, Quarantined, [1698], [468075],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\000003.log, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\CURRENT, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\LOCK, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\LOG, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\MANIFEST-000001, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PODGEADOJMFNLJIIBABADDNEBDODFBFD\13.421.12.56809_0\MANIFEST.JSON, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config\config.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config\extension-config.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config\extension-dev-config.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon128.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon16.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon19disabled.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon19on.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon48.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\logger.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\ajax.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\b2b-partner-tracking.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\background.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\chrome.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\content_script.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\dlp.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\dlpHelper.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\extension_detect.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\genericLoadRemoteSettings.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\index.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\initOfferCEF.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\offerService.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\pageUtils.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\PartnerId.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\product.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\storage.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\TabManager.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\TemplateParser.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\ul.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\urlFragmentActions.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\urlUtils.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\util.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\webtooltabAPI.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata\computed_hashes.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata\verified_contents.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\dynamicNewTab.html, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\productnewtab.html, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\stubby.html, Quarantined, [1698], [467555],1.0.6821 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept