Jump to content

Search the Community

Showing results for tags 'pup.optional.mindspark.generic'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 15 results

  1. What is GifsGalore?The Malwarebytes research team has determined that GifsGalore is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by GifsGalore?You may see this browser extension:these warnings during install:this new startpage:and this new setting:How did GifsGalore get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove GifsGalore?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of GifsGalore? No, Malwarebytes' Anti-Malware removes GifsGalore completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes, as well as Browser Guard, would have protected you against the GifsGalore hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://igdakanpfjlfgekpjeoipnejchlfdelk/ntp1.html" CHR Extension: (GifsGalore) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdakanpfjlfgekpjeoipnejchlfdelk [2021-03-30] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdakanpfjlfgekpjeoipnejchlfdelk\13.962.19.39170_0 Adds the file manifest.json"="3/30/2021 9:08 AM, 2658 bytes, A Adds the file ntp1.html"="12/23/2020 3:25 PM, 1348 bytes, A Adds the file ntp2.html"="12/23/2020 3:25 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdakanpfjlfgekpjeoipnejchlfdelk\13.962.19.39170_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdakanpfjlfgekpjeoipnejchlfdelk\13.962.19.39170_0\_metadata Adds the file computed_hashes.json"="3/30/2021 9:08 AM, 8698 bytes, A Adds the file verified_contents.json"="12/23/2020 3:25 PM, 9289 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdakanpfjlfgekpjeoipnejchlfdelk\13.962.19.39170_0\config Adds the file config.json"="12/23/2020 3:25 PM, 3001 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdakanpfjlfgekpjeoipnejchlfdelk\13.962.19.39170_0\icons Adds the file icon128.png"="3/30/2021 9:08 AM, 5711 bytes, A Adds the file icon16.png"="3/30/2021 9:08 AM, 586 bytes, A Adds the file icon19disabled.png"="12/23/2020 3:25 PM, 1528 bytes, A Adds the file icon19on.png"="3/30/2021 9:08 AM, 681 bytes, A Adds the file icon48.png"="3/30/2021 9:08 AM, 2191 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdakanpfjlfgekpjeoipnejchlfdelk\13.962.19.39170_0\js Adds the file ajax.js"="12/23/2020 3:25 PM, 3263 bytes, A Adds the file B2BService.js"="12/23/2020 3:25 PM, 11775 bytes, A Adds the file babAPI.js"="12/23/2020 3:25 PM, 5950 bytes, A Adds the file babClickHandler.js"="12/23/2020 3:25 PM, 3485 bytes, A Adds the file babContentScript.js"="12/23/2020 3:25 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="12/23/2020 3:25 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="12/23/2020 3:25 PM, 4311 bytes, A Adds the file babTypeFactory.js"="12/23/2020 3:25 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="12/23/2020 3:25 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="12/23/2020 3:25 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="12/23/2020 3:25 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="12/23/2020 3:25 PM, 4111 bytes, A Adds the file background.js"="12/23/2020 3:25 PM, 31627 bytes, A Adds the file browserUtils.js"="12/23/2020 3:25 PM, 1896 bytes, A Adds the file chrome.js"="12/23/2020 3:25 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="12/23/2020 3:25 PM, 23601 bytes, A Adds the file dailyContentService.js"="12/23/2020 3:25 PM, 11632 bytes, A Adds the file dateTimeUtils.js"="12/23/2020 3:25 PM, 1213 bytes, A Adds the file dlp.js"="12/23/2020 3:25 PM, 15732 bytes, A Adds the file dlpHelper.js"="12/23/2020 3:25 PM, 1717 bytes, A Adds the file extensionDetect.js"="12/23/2020 3:25 PM, 4357 bytes, A Adds the file extensionDetectWithHash.js"="12/23/2020 3:25 PM, 3986 bytes, A Adds the file globalConfigService.js"="12/23/2020 3:25 PM, 1319 bytes, A Adds the file index.js"="12/23/2020 3:25 PM, 49 bytes, A Adds the file localStorageContentScript.js"="12/23/2020 3:25 PM, 2237 bytes, A Adds the file logger.js"="12/23/2020 3:25 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="12/23/2020 3:25 PM, 1976 bytes, A Adds the file meta.js"="12/23/2020 3:25 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="12/23/2020 3:25 PM, 2902 bytes, A Adds the file notificationService.js"="12/23/2020 3:25 PM, 15360 bytes, A Adds the file offerService.js"="12/23/2020 3:25 PM, 17241 bytes, A Adds the file pageUtils.js"="12/23/2020 3:25 PM, 4197 bytes, A Adds the file PartnerId.js"="12/23/2020 3:25 PM, 16402 bytes, A Adds the file polyfill.js"="12/23/2020 3:25 PM, 875 bytes, A Adds the file product.js"="12/23/2020 3:25 PM, 8337 bytes, A Adds the file pTagService.js"="12/23/2020 3:25 PM, 7300 bytes, A Adds the file remoteConfigLoader.js"="12/23/2020 3:25 PM, 6653 bytes, A Adds the file scheduler.js"="12/23/2020 3:25 PM, 4419 bytes, A Adds the file splashPageRedirectHandler.js"="12/23/2020 3:25 PM, 3762 bytes, A Adds the file storageUtils.js"="12/23/2020 3:25 PM, 1718 bytes, A Adds the file surveyService.js"="12/23/2020 3:25 PM, 5401 bytes, A Adds the file templateParser.js"="12/23/2020 3:25 PM, 3153 bytes, A Adds the file ul.js"="12/23/2020 3:25 PM, 7044 bytes, A Adds the file urlFragmentActions.js"="12/23/2020 3:25 PM, 2453 bytes, A Adds the file urlUtils.js"="12/23/2020 3:25 PM, 6382 bytes, A Adds the file util.js"="12/23/2020 3:25 PM, 6714 bytes, A Adds the file watchExtensionsHandler.js"="12/23/2020 3:25 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="12/23/2020 3:25 PM, 12619 bytes, A Adds the file webTooltabAPIProxy.js"="12/23/2020 3:25 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk Adds the file 000003.log"="3/30/2021 9:08 AM, 10009 bytes, A Adds the file CURRENT"="3/30/2021 9:08 AM, 16 bytes, A Adds the file LOCK"="3/30/2021 9:08 AM, 0 bytes, A Adds the file LOG"="3/30/2021 9:08 AM, 184 bytes, A Adds the file MANIFEST-000001"="3/30/2021 9:08 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk Adds the file 000003.log"="3/30/2021 9:08 AM, 1396 bytes, A Adds the file CURRENT"="3/30/2021 9:08 AM, 16 bytes, A Adds the file LOCK"="3/30/2021 9:08 AM, 0 bytes, A Adds the file LOG"="3/30/2021 9:08 AM, 183 bytes, A Adds the file MANIFEST-000001"="3/30/2021 9:08 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "igdakanpfjlfgekpjeoipnejchlfdelk"="REG_SZ", "D341832317990F8AF11DE36AE114A9354A33B44D79F0B67A89774A56ACB5FB68" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/30/21 Scan Time: 9:23 AM Log File: d869adc8-9128-11eb-b44c-080027235d76.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1236 Update Package Version: 1.0.38884 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233667 Threats Detected: 17 Threats Quarantined: 17 Time Elapsed: 2 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|igdakanpfjlfgekpjeoipnejchlfdelk, Quarantined, 1868, 867816, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk, Quarantined, 1868, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk, Quarantined, 1868, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IGDAKANPFJLFGEKPJEOIPNEJCHLFDELK, Quarantined, 1868, 867816, 1.0.38884, , ame, , , File: 13 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1868, 867816, , , , , 1FF46D65AC56731F4CC9FDE88572E02E, 9074AD673F201AC293499FCB06F4D90A35039FEB47BC7D07B96A0BA37FAE5C3C PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1868, 867816, , , , , 967A8C1E733EFB9D11EAB36C3F9BB114, 3CDE287D99DCCF2449350C27A1062E6A398EB87717F54AF8F65A465F0FA2431A PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\000003.log, Quarantined, 1868, 867816, , , , , C4BF13DFDC2A2147123924821167FD26, 342E7B2FA356D0A5A98ACC53BFAEC64C1C4665743DD186483D4396611E821694 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\CURRENT, Quarantined, 1868, 867816, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\LOCK, Quarantined, 1868, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\LOG, Quarantined, 1868, 867816, , , , , 5473979E2704F65773F90C956027D6C9, AA2C8ABA407D37DE3528E6FEC7053AE97A72240CB89792D0C124F1248F9EC3C1 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\MANIFEST-000001, Quarantined, 1868, 867816, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\000003.log, Quarantined, 1868, 867816, , , , , F79799266BDBF54CDD8F97DB392E62FB, 5D134056F72446369472046280345CB83755CBA5C7BCD848FE3E7A748A1197DD PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\CURRENT, Quarantined, 1868, 867816, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\LOCK, Quarantined, 1868, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\LOG, Quarantined, 1868, 867816, , , , , B559EE124E1F73DE5D2C927B1C6E7C72, B1A869E0DED56B13F1F45F8A83DAB616540CED254C733788ED02173AC46D5225 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igdakanpfjlfgekpjeoipnejchlfdelk\MANIFEST-000001, Quarantined, 1868, 867816, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IGDAKANPFJLFGEKPJEOIPNEJCHLFDELK\13.962.19.39170_0\MANIFEST.JSON, Quarantined, 1868, 867816, 1.0.38884, , ame, , F1D2ABD724AD30845C70F886E1B1C48A, 6ED53582147D11FA22585C994216338D6C301C710546F758BC6757350A0F638A Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is RecipeSearch?The Malwarebytes research team has determined that RecipeSearch is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by RecipeSearch?You may see these browser extensions/add-ons:these warnings during install:this new startpage:and this new setting:How did RecipeSearch get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website:the Chrome extension after a redirect to the webstore:How do I remove RecipeSearch?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of RecipeSearch? No, Malwarebytes' Anti-Malware removes RecipeSearch completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes, as well as Browser Guard, would have protected you against the RecipeSearch hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: FF Homepage: Mozilla\Firefox\Profiles\{profile}.default -> moz-extension://75100653-7634-4c5c-a964-ed43277b525a/dynamicHomePage.html FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _ejMembersttab03_@free.downloadrecipesearch.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _ejMembersttab03_@free.downloadrecipesearch.com FF Extension: (MyWay Search By RecipeSearch) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_ejMembersttab03_@free.downloadrecipesearch.com.xpi [2020-12-15] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=224261888&version=9.107.19.17835&track=TTAB03&trackRevision=1&fromId=_ejMembersttab03_%40free.downloadrecipesearch.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://naihdmmifimaedmndphdlkhpfimmchdh/ntp1.html" CHR Extension: (RecipeSearch) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\naihdmmifimaedmndphdlkhpfimmchdh [2020-12-15] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\naihdmmifimaedmndphdlkhpfimmchdh\13.958.19.9346_0 Adds the file manifest.json"="12/15/2020 9:06 AM, 2679 bytes, A Adds the file ntp1.html"="9/30/2020 5:57 PM, 1348 bytes, A Adds the file ntp2.html"="9/30/2020 5:57 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\naihdmmifimaedmndphdlkhpfimmchdh\13.958.19.9346_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\naihdmmifimaedmndphdlkhpfimmchdh\13.958.19.9346_0\_metadata Adds the file computed_hashes.json"="12/15/2020 9:06 AM, 8698 bytes, A Adds the file verified_contents.json"="9/30/2020 5:57 PM, 9288 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\naihdmmifimaedmndphdlkhpfimmchdh\13.958.19.9346_0\config Adds the file config.json"="9/30/2020 5:57 PM, 3112 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\naihdmmifimaedmndphdlkhpfimmchdh\13.958.19.9346_0\icons Adds the file icon128.png"="12/15/2020 9:06 AM, 5722 bytes, A Adds the file icon16.png"="12/15/2020 9:06 AM, 475 bytes, A Adds the file icon19disabled.png"="9/30/2020 5:57 PM, 1503 bytes, A Adds the file icon19on.png"="12/15/2020 9:06 AM, 681 bytes, A Adds the file icon48.png"="12/15/2020 9:06 AM, 1816 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\naihdmmifimaedmndphdlkhpfimmchdh\13.958.19.9346_0\js Adds the file ajax.js"="9/30/2020 5:57 PM, 3263 bytes, A Adds the file B2BService.js"="9/30/2020 5:57 PM, 11775 bytes, A Adds the file babAPI.js"="9/30/2020 5:57 PM, 5950 bytes, A Adds the file babClickHandler.js"="9/30/2020 5:57 PM, 3485 bytes, A Adds the file babContentScript.js"="9/30/2020 5:57 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="9/30/2020 5:57 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="9/30/2020 5:57 PM, 4311 bytes, A Adds the file babTypeFactory.js"="9/30/2020 5:57 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="9/30/2020 5:57 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="9/30/2020 5:57 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="9/30/2020 5:57 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="9/30/2020 5:57 PM, 4111 bytes, A Adds the file background.js"="9/30/2020 5:57 PM, 30047 bytes, A Adds the file browserUtils.js"="9/30/2020 5:57 PM, 1896 bytes, A Adds the file chrome.js"="9/30/2020 5:57 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="9/30/2020 5:57 PM, 23601 bytes, A Adds the file dailyContentService.js"="9/30/2020 5:57 PM, 11632 bytes, A Adds the file dateTimeUtils.js"="9/30/2020 5:57 PM, 1213 bytes, A Adds the file dlp.js"="9/30/2020 5:57 PM, 13393 bytes, A Adds the file dlpHelper.js"="9/30/2020 5:57 PM, 1717 bytes, A Adds the file extensionDetect.js"="9/30/2020 5:57 PM, 4357 bytes, A Adds the file extensionDetectWithHash.js"="9/30/2020 5:57 PM, 3986 bytes, A Adds the file globalConfigService.js"="9/30/2020 5:57 PM, 1319 bytes, A Adds the file index.js"="9/30/2020 5:57 PM, 49 bytes, A Adds the file localStorageContentScript.js"="9/30/2020 5:57 PM, 2237 bytes, A Adds the file logger.js"="9/30/2020 5:57 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="9/30/2020 5:57 PM, 1976 bytes, A Adds the file meta.js"="9/30/2020 5:57 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="9/30/2020 5:57 PM, 2902 bytes, A Adds the file notificationService.js"="9/30/2020 5:57 PM, 15360 bytes, A Adds the file offerService.js"="9/30/2020 5:57 PM, 17241 bytes, A Adds the file pageUtils.js"="9/30/2020 5:57 PM, 4197 bytes, A Adds the file PartnerId.js"="9/30/2020 5:57 PM, 16402 bytes, A Adds the file polyfill.js"="9/30/2020 5:57 PM, 875 bytes, A Adds the file product.js"="9/30/2020 5:57 PM, 8337 bytes, A Adds the file pTagService.js"="9/30/2020 5:57 PM, 7300 bytes, A Adds the file remoteConfigLoader.js"="9/30/2020 5:57 PM, 6653 bytes, A Adds the file scheduler.js"="9/30/2020 5:57 PM, 4419 bytes, A Adds the file splashPageRedirectHandler.js"="9/30/2020 5:57 PM, 3762 bytes, A Adds the file storageUtils.js"="9/30/2020 5:57 PM, 1718 bytes, A Adds the file surveyService.js"="9/30/2020 5:57 PM, 5401 bytes, A Adds the file templateParser.js"="9/30/2020 5:57 PM, 3153 bytes, A Adds the file ul.js"="9/30/2020 5:57 PM, 7044 bytes, A Adds the file urlFragmentActions.js"="9/30/2020 5:57 PM, 2453 bytes, A Adds the file urlUtils.js"="9/30/2020 5:57 PM, 6382 bytes, A Adds the file util.js"="9/30/2020 5:57 PM, 6714 bytes, A Adds the file watchExtensionsHandler.js"="9/30/2020 5:57 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="9/30/2020 5:57 PM, 12619 bytes, A Adds the file webTooltabAPIProxy.js"="9/30/2020 5:57 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naihdmmifimaedmndphdlkhpfimmchdh Adds the file 000003.log"="12/15/2020 9:08 AM, 10474 bytes, A Adds the file CURRENT"="12/15/2020 9:06 AM, 16 bytes, A Adds the file LOCK"="12/15/2020 9:06 AM, 0 bytes, A Adds the file LOG"="12/15/2020 9:06 AM, 185 bytes, A Adds the file MANIFEST-000001"="12/15/2020 9:06 AM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _ejMembersttab03_@free.downloadrecipesearch.com.xpi"="12/15/2020 9:04 AM, 377016 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "naihdmmifimaedmndphdlkhpfimmchdh"="REG_SZ", "2A0B8235093FA383B3E116E9A800E34795D5782E3C1829D72D90E94A180B3066" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/15/20 Scan Time: 9:14 AM Log File: 8a697270-3ead-11eb-9229-080027235d76.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1130 Update Package Version: 1.0.34373 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232225 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 3 min, 10 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|naihdmmifimaedmndphdlkhpfimmchdh, Quarantined, 1839, 867816, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\naihdmmifimaedmndphdlkhpfimmchdh, Quarantined, 1839, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NAIHDMMIFIMAEDMNDPHDLKHPFIMMCHDH, Quarantined, 1839, 867816, 1.0.34373, , ame, , , File: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_ejMembersttab03_@free.downloadrecipesearch.com.xpi, Quarantined, 1839, 782571, 1.0.34373, , ame, , 66D67A69AEEA41D5CAD8DCBCBCC9C6C5, 5A76233A275E3664A3463764911D11C0005CE31774234C26F7B5BC07433B0F97 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1839, 867816, , , , , 08AE88AC5CAC2A4BC47DB21CC4DC8012, 7EB36EF7BAFB249E994DE11996541F05322794B784AED6E37C155CC68F2642A5 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1839, 867816, , , , , FD8FAC821F5634F3ED7F3F4731F20B68, 675C1A9980EEF595D0711B8A1B2E0F5FA0154A65BBD0C04AFB026C8A3FB41ADF PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naihdmmifimaedmndphdlkhpfimmchdh\000003.log, Quarantined, 1839, 867816, , , , , 9CEF45A4AA24CF1CBB9FE948893B0A61, A8F608BA19D067EFD0D3458DAEA1608F4379D1C37363290E207EE046E3F36C97 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naihdmmifimaedmndphdlkhpfimmchdh\CURRENT, Quarantined, 1839, 867816, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naihdmmifimaedmndphdlkhpfimmchdh\LOCK, Quarantined, 1839, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naihdmmifimaedmndphdlkhpfimmchdh\LOG, Quarantined, 1839, 867816, , , , , E76C76079C00C4C6F527A7FA9653D26E, 8B94127476B9AFD4C31E5B214E736511663F64800A88384CF28BB83FCA380951 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naihdmmifimaedmndphdlkhpfimmchdh\MANIFEST-000001, Quarantined, 1839, 867816, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NAIHDMMIFIMAEDMNDPHDLKHPFIMMCHDH\13.958.19.9346_0\MANIFEST.JSON, Quarantined, 1839, 867816, 1.0.34373, , ame, , 80F81DECF5952E389A682B6CC1205F18, D63D1D4BE860517300FDB1A23111E5494DD4E1380EB505E469F3D0BA85ACAA4D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is DailyLocalGuide? The Malwarebytes research team has determined that DailyLocalGuide is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. DailyLocalGuide is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by DailyLocalGuide? You may see these browser extensions/add-ons: these warnings during install: this changed setting: and this new homepage in the affected browsers: How did DailyLocalGuide get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website. and the Chrome extension was also available in the webstore: How do I remove DailyLocalGuide? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of DailyLocalGuide? No, Malwarebytes' Anti-Malware removes DailyLocalGuide completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the DailyLocalGuide hijacker. It would have blocked traffic to their domain: Technical details for experts Possible signs in a FRST log: FF Homepage: Mozilla\Firefox\Profiles\{profile}.default -> moz-extension://2a5ec1ee-dc70-491f-bb68-f96cf5640176/dynamicHomePage.html FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _beMembersttab03_@free.dailylocalguide.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _beMembersttab03_@free.dailylocalguide.com FF Extension: (MyWay Search By DailyLocalGuide) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_beMembersttab03_@free.dailylocalguide.com.xpi [2020-12-04] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=222090290&version=9.107.19.15681&track=TTAB03&trackRevision=1&fromId=_beMembersttab03_%40free.dailylocalguide.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://fljkngdhepgmonjhockcjcehhnlgcdee/ntp1.html" CHR Extension: (DailyLocalGuide) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee [2020-12-04] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0 Adds the file manifest.json"="12/4/2020 9:09 AM, 2672 bytes, A Adds the file ntp1.html"="9/30/2020 5:33 PM, 1348 bytes, A Adds the file ntp2.html"="9/30/2020 5:33 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_locales\de Adds the file messages.json"="12/4/2020 9:09 AM, 257 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_locales\en Adds the file messages.json"="12/4/2020 9:09 AM, 235 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_locales\es Adds the file messages.json"="12/4/2020 9:09 AM, 242 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_locales\es_419 Adds the file messages.json"="12/4/2020 9:09 AM, 246 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_locales\fr Adds the file messages.json"="12/4/2020 9:09 AM, 270 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_locales\it Adds the file messages.json"="12/4/2020 9:09 AM, 247 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_locales\ja Adds the file messages.json"="12/4/2020 9:09 AM, 280 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_locales\pt_BR Adds the file messages.json"="12/4/2020 9:09 AM, 256 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_locales\pt_PT Adds the file messages.json"="12/4/2020 9:09 AM, 256 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\_metadata Adds the file computed_hashes.json"="12/4/2020 9:09 AM, 8698 bytes, A Adds the file verified_contents.json"="9/30/2020 5:33 PM, 9288 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\config Adds the file config.json"="9/30/2020 5:33 PM, 3069 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\icons Adds the file icon128.png"="12/4/2020 9:09 AM, 5509 bytes, A Adds the file icon16.png"="12/4/2020 9:09 AM, 717 bytes, A Adds the file icon19disabled.png"="9/30/2020 5:33 PM, 1582 bytes, A Adds the file icon19on.png"="12/4/2020 9:09 AM, 772 bytes, A Adds the file icon48.png"="12/4/2020 9:09 AM, 2368 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljkngdhepgmonjhockcjcehhnlgcdee\13.958.19.8939_0\js Adds the file ajax.js"="9/30/2020 5:33 PM, 3263 bytes, A Adds the file B2BService.js"="9/30/2020 5:33 PM, 11775 bytes, A Adds the file babAPI.js"="9/30/2020 5:33 PM, 5950 bytes, A Adds the file babClickHandler.js"="9/30/2020 5:33 PM, 3485 bytes, A Adds the file babContentScript.js"="9/30/2020 5:33 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="9/30/2020 5:33 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="9/30/2020 5:33 PM, 4311 bytes, A Adds the file babTypeFactory.js"="9/30/2020 5:33 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="9/30/2020 5:33 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="9/30/2020 5:33 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="9/30/2020 5:33 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="9/30/2020 5:33 PM, 4111 bytes, A Adds the file background.js"="9/30/2020 5:33 PM, 30047 bytes, A Adds the file browserUtils.js"="9/30/2020 5:33 PM, 1896 bytes, A Adds the file chrome.js"="9/30/2020 5:33 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="9/30/2020 5:33 PM, 23601 bytes, A Adds the file dailyContentService.js"="9/30/2020 5:33 PM, 11632 bytes, A Adds the file dateTimeUtils.js"="9/30/2020 5:33 PM, 1213 bytes, A Adds the file dlp.js"="9/30/2020 5:33 PM, 13393 bytes, A Adds the file dlpHelper.js"="9/30/2020 5:33 PM, 1717 bytes, A Adds the file extensionDetect.js"="9/30/2020 5:33 PM, 4357 bytes, A Adds the file extensionDetectWithHash.js"="9/30/2020 5:33 PM, 3986 bytes, A Adds the file globalConfigService.js"="9/30/2020 5:33 PM, 1319 bytes, A Adds the file index.js"="9/30/2020 5:33 PM, 49 bytes, A Adds the file localStorageContentScript.js"="9/30/2020 5:33 PM, 2237 bytes, A Adds the file logger.js"="9/30/2020 5:33 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="9/30/2020 5:33 PM, 1976 bytes, A Adds the file meta.js"="9/30/2020 5:33 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="9/30/2020 5:33 PM, 2902 bytes, A Adds the file notificationService.js"="9/30/2020 5:33 PM, 15360 bytes, A Adds the file offerService.js"="9/30/2020 5:33 PM, 17241 bytes, A Adds the file pageUtils.js"="9/30/2020 5:33 PM, 4197 bytes, A Adds the file PartnerId.js"="9/30/2020 5:33 PM, 16402 bytes, A Adds the file polyfill.js"="9/30/2020 5:33 PM, 875 bytes, A Adds the file product.js"="9/30/2020 5:33 PM, 8337 bytes, A Adds the file pTagService.js"="9/30/2020 5:33 PM, 7300 bytes, A Adds the file remoteConfigLoader.js"="9/30/2020 5:33 PM, 6653 bytes, A Adds the file scheduler.js"="9/30/2020 5:33 PM, 4419 bytes, A Adds the file splashPageRedirectHandler.js"="9/30/2020 5:33 PM, 3762 bytes, A Adds the file storageUtils.js"="9/30/2020 5:33 PM, 1718 bytes, A Adds the file surveyService.js"="9/30/2020 5:33 PM, 5401 bytes, A Adds the file templateParser.js"="9/30/2020 5:33 PM, 3153 bytes, A Adds the file ul.js"="9/30/2020 5:33 PM, 7044 bytes, A Adds the file urlFragmentActions.js"="9/30/2020 5:33 PM, 2453 bytes, A Adds the file urlUtils.js"="9/30/2020 5:33 PM, 6382 bytes, A Adds the file util.js"="9/30/2020 5:33 PM, 6714 bytes, A Adds the file watchExtensionsHandler.js"="9/30/2020 5:33 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="9/30/2020 5:33 PM, 12619 bytes, A Adds the file webTooltabAPIProxy.js"="9/30/2020 5:33 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fljkngdhepgmonjhockcjcehhnlgcdee Adds the file 000003.log"="12/4/2020 9:09 AM, 7909 bytes, A Adds the file CURRENT"="12/4/2020 9:09 AM, 16 bytes, A Adds the file LOCK"="12/4/2020 9:09 AM, 0 bytes, A Adds the file LOG"="12/4/2020 9:09 AM, 185 bytes, A Adds the file MANIFEST-000001"="12/4/2020 9:09 AM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _beMembersttab03_@free.dailylocalguide.com.xpi"="12/4/2020 9:05 AM, 364493 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fljkngdhepgmonjhockcjcehhnlgcdee"="REG_SZ", "3A4F15D582B767ADA38AF6E58C328CF2BFB25C47A94011BAE59EE64950184280" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/4/20 Scan Time: 9:33 AM Log File: 73edd7de-360b-11eb-bfc9-080027235d76.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.33850 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232127 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 3 min, 15 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fljkngdhepgmonjhockcjcehhnlgcdee, Quarantined, 1836, 867816, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\fljkngdhepgmonjhockcjcehhnlgcdee, Quarantined, 1836, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FLJKNGDHEPGMONJHOCKCJCEHHNLGCDEE, Quarantined, 1836, 867816, 1.0.33850, , ame, , , File: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_beMembersttab03_@free.dailylocalguide.com.xpi, Quarantined, 1836, 782571, 1.0.33850, , ame, , B106CDA06B74078B4952919BAD94624A, 790777893E733DB4C3B1692D98CE07C2AEE55F1A8B074B777A51308F020527D1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1836, 867816, , , , , 4776545511B7E48A6A853F9E3687FF27, 516C041B73DB4DC6E6BE21C2DA62FD67D5572EE9DA0B4694450CF07CB4C9DFE4 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1836, 867816, , , , , 5560374C9A2B9C3C3CE8DBA0D5B19807, 6486D4A5BEE0923F6BA84AC5F0E9240E23285E54FB8DBDE190FB6551B0B74488 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fljkngdhepgmonjhockcjcehhnlgcdee\000003.log, Quarantined, 1836, 867816, , , , , 461CD0C98C971576DCD47875EDD1DD88, FED2C5133132F47B43BC801D92EED89CA9DC8798A3CFC1EF5E7987E0925A52CA PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fljkngdhepgmonjhockcjcehhnlgcdee\CURRENT, Quarantined, 1836, 867816, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fljkngdhepgmonjhockcjcehhnlgcdee\LOCK, Quarantined, 1836, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fljkngdhepgmonjhockcjcehhnlgcdee\LOG, Quarantined, 1836, 867816, , , , , 724620BD278266735BDDABFA73CCA657, A8A6FD40E84053A642A41B1664AE5CC214B3F51C18164B9DB2696337257823AB PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fljkngdhepgmonjhockcjcehhnlgcdee\MANIFEST-000001, Quarantined, 1836, 867816, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FLJKNGDHEPGMONJHOCKCJCEHHNLGCDEE\13.958.19.8939_0\MANIFEST.JSON, Quarantined, 1836, 867816, 1.0.33850, , ame, , A5964A56DD0F416F5D14570DF8E6A858, 9AC8FDB662EECFDDA025535172A124131E622661951A9792AF793F416DC5601D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is InternetSpeedUtility?The Malwarebytes research team has determined that InternetSpeedUtility is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by InternetSpeedUtility?You may see this browser extension:these warnings during install:this new startpage:and this new setting:How did get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove InternetSpeedUtility?Our program Malwarebytes can detect and remove this potentially unwanted program.[Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of InternetSpeedUtility? No, Malwarebytes' Anti-Malware removes InternetSpeedUtility completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://bdmpgbmbdllbpdidgdcliliimmkeocin/ntp1.html" CHR Extension: (InternetSpeedUtility) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin [2020-12-01] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0 Adds the file manifest.json"="12/1/2020 9:33 AM, 2688 bytes, A Adds the file ntp1.html"="10/30/2020 6:12 PM, 1348 bytes, A Adds the file ntp2.html"="10/30/2020 6:12 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\de Adds the file messages.json"="12/1/2020 9:33 AM, 223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\en Adds the file messages.json"="12/1/2020 9:33 AM, 311 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\es Adds the file messages.json"="12/1/2020 9:33 AM, 232 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\es_419 Adds the file messages.json"="12/1/2020 9:33 AM, 236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\fr Adds the file messages.json"="12/1/2020 9:33 AM, 244 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\it Adds the file messages.json"="12/1/2020 9:33 AM, 230 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\ja Adds the file messages.json"="12/1/2020 9:33 AM, 371 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\pt_BR Adds the file messages.json"="12/1/2020 9:33 AM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_locales\pt_PT Adds the file messages.json"="12/1/2020 9:33 AM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\_metadata Adds the file computed_hashes.json"="12/1/2020 9:33 AM, 8698 bytes, A Adds the file verified_contents.json"="10/30/2020 6:12 PM, 9289 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\config Adds the file config.json"="10/30/2020 6:12 PM, 3151 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\icons Adds the file icon128.png"="12/1/2020 9:33 AM, 5055 bytes, A Adds the file icon16.png"="12/1/2020 9:33 AM, 406 bytes, A Adds the file icon19disabled.png"="10/30/2020 6:12 PM, 1499 bytes, A Adds the file icon19on.png"="12/1/2020 9:33 AM, 706 bytes, A Adds the file icon48.png"="12/1/2020 9:33 AM, 1891 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmpgbmbdllbpdidgdcliliimmkeocin\13.958.19.24177_0\js Adds the file ajax.js"="10/30/2020 6:12 PM, 3263 bytes, A Adds the file B2BService.js"="10/30/2020 6:12 PM, 11775 bytes, A Adds the file babAPI.js"="10/30/2020 6:12 PM, 5950 bytes, A Adds the file babClickHandler.js"="10/30/2020 6:12 PM, 3485 bytes, A Adds the file babContentScript.js"="10/30/2020 6:12 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="10/30/2020 6:12 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="10/30/2020 6:12 PM, 4311 bytes, A Adds the file babTypeFactory.js"="10/30/2020 6:12 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="10/30/2020 6:12 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="10/30/2020 6:12 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="10/30/2020 6:12 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="10/30/2020 6:12 PM, 4111 bytes, A Adds the file background.js"="10/30/2020 6:12 PM, 30047 bytes, A Adds the file browserUtils.js"="10/30/2020 6:12 PM, 1896 bytes, A Adds the file chrome.js"="10/30/2020 6:12 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="10/30/2020 6:12 PM, 23601 bytes, A Adds the file dailyContentService.js"="10/30/2020 6:12 PM, 11632 bytes, A Adds the file dateTimeUtils.js"="10/30/2020 6:12 PM, 1213 bytes, A Adds the file dlp.js"="10/30/2020 6:12 PM, 13393 bytes, A Adds the file dlpHelper.js"="10/30/2020 6:12 PM, 1717 bytes, A Adds the file extensionDetect.js"="10/30/2020 6:12 PM, 4357 bytes, A Adds the file extensionDetectWithHash.js"="10/30/2020 6:12 PM, 3986 bytes, A Adds the file globalConfigService.js"="10/30/2020 6:12 PM, 1319 bytes, A Adds the file index.js"="10/30/2020 6:12 PM, 49 bytes, A Adds the file localStorageContentScript.js"="10/30/2020 6:12 PM, 2237 bytes, A Adds the file logger.js"="10/30/2020 6:12 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="10/30/2020 6:12 PM, 1976 bytes, A Adds the file meta.js"="10/30/2020 6:12 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="10/30/2020 6:12 PM, 2902 bytes, A Adds the file notificationService.js"="10/30/2020 6:12 PM, 15360 bytes, A Adds the file offerService.js"="10/30/2020 6:12 PM, 17241 bytes, A Adds the file pageUtils.js"="10/30/2020 6:12 PM, 4197 bytes, A Adds the file PartnerId.js"="10/30/2020 6:12 PM, 16402 bytes, A Adds the file polyfill.js"="10/30/2020 6:12 PM, 875 bytes, A Adds the file product.js"="10/30/2020 6:12 PM, 8337 bytes, A Adds the file pTagService.js"="10/30/2020 6:12 PM, 7300 bytes, A Adds the file remoteConfigLoader.js"="10/30/2020 6:12 PM, 6653 bytes, A Adds the file scheduler.js"="10/30/2020 6:12 PM, 4419 bytes, A Adds the file splashPageRedirectHandler.js"="10/30/2020 6:12 PM, 3762 bytes, A Adds the file storageUtils.js"="10/30/2020 6:12 PM, 1718 bytes, A Adds the file surveyService.js"="10/30/2020 6:12 PM, 5401 bytes, A Adds the file templateParser.js"="10/30/2020 6:12 PM, 3153 bytes, A Adds the file ul.js"="10/30/2020 6:12 PM, 7044 bytes, A Adds the file urlFragmentActions.js"="10/30/2020 6:12 PM, 2453 bytes, A Adds the file urlUtils.js"="10/30/2020 6:12 PM, 6382 bytes, A Adds the file util.js"="10/30/2020 6:12 PM, 6714 bytes, A Adds the file watchExtensionsHandler.js"="10/30/2020 6:12 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="10/30/2020 6:12 PM, 12619 bytes, A Adds the file webTooltabAPIProxy.js"="10/30/2020 6:12 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin Adds the file 000003.log"="12/1/2020 9:33 AM, 0 bytes, A Adds the file CURRENT"="12/1/2020 9:33 AM, 16 bytes, A Adds the file LOCK"="12/1/2020 9:33 AM, 0 bytes, A Adds the file LOG"="12/1/2020 9:33 AM, 0 bytes, A Adds the file MANIFEST-000001"="12/1/2020 9:33 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "bdmpgbmbdllbpdidgdcliliimmkeocin"="REG_SZ", "73FDE5921469BF56B41A236CD22620D11A1C811840C5B2F7D41EC1DCA2766168" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/1/20 Scan Time: 9:42 AM Log File: 16193736-33b1-11eb-92b8-080027235d76.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.33690 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232121 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 3 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.ForcedExtension, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bdmpgbmbdllbpdidgdcliliimmkeocin, Quarantined, 298, 848753, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin, Quarantined, 298, 848753, , , , , , PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\bdmpgbmbdllbpdidgdcliliimmkeocin, Quarantined, 298, 848753, 1.0.33690, , ame, , , File: 8 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 298, 848753, , , , , 368606E0FD1369BD2421E087865EA150, 879F9FB25041D948DAAF9F8ABEAAC6EE719816239685C98D37F9FCA7BAD07F87 PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 298, 848753, , , , , 6986B542ACE6C54F13DF9307442093AF, 5BC659E626EE2ADF0477BC344F6853D7EAD9283EA710354431D77C37F3DE3869 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\000003.log, Quarantined, 298, 848753, , , , , 630B4389437976B19C1228BDA31AEFD6, 062CCD2B3AF5A69C658A186B2867BA2D0002C4C12478EFAD0B18985AF477809B PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\CURRENT, Quarantined, 298, 848753, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\LOCK, Quarantined, 298, 848753, , , , , , PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\LOG, Quarantined, 298, 848753, , , , , 5CF3822DCF7EC7B1C9B799092DE2BBEC, 4C935B57C0B6E4527CA0412A2CBF0C3319D64AE2F88263A6C9BA909332A1DC6A PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bdmpgbmbdllbpdidgdcliliimmkeocin\MANIFEST-000001, Quarantined, 298, 848753, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BDMPGBMBDLLBPDIDGDCLILIIMMKEOCIN\13.958.19.24177_0\MANIFEST.JSON, Quarantined, 1836, 867816, 1.0.33690, , ame, , 01C16F0FB59E2E94116D674FF0E81B63, B436518B30A2EDE814182A925D1B7633E599ADD8DE6C098F0734931B82C88968 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is MyChristianPortal? The Malwarebytes research team has determined that MyChristianPortal is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. MyChristianPortal is a member of the Mindspark/Ask family now known as IAC Applications. How do I know if my computer is affected by MyChristianPortal? You may see these browser extensions/add-ons: these warnings during install: these changed settings: and this new homepage in the affected browsers: How did MyChristianPortal get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website. How do I remove MyChristianPortal? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of MyChristianPortal? No, Malwarebytes' Anti-Malware removes MyChristianPortal completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes, as well as Browser Guard would have protected you against the MyChristianPortal hijacker. They would have blocked their domain. Technical details for experts Possible signs in a FRST log: FF Homepage: Mozilla\Firefox\Profiles\{profile}.default -> moz-extension://69f75656-12a5-451b-b857-9a57967b8f4a/dynamicHomePage.html FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _rjMembersttab03_@www.mychristianportal.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _rjMembersttab03_@www.mychristianportal.com FF Extension: (MyWay Search By MyChristianPortal) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_rjMembersttab03_@www.mychristianportal.com.xpi [2020-11-04] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=239826476&version=9.107.19.16773&track=TTAB03&trackRevision=1&fromId=_rjMembersttab03_%40www.mychristianportal.com&isBridgeExtension=false] CHR NewTab: Default -> Active:"chrome-extension://ddlgplemmmbibdngmopialjfhdffpkan/ntp1.html" CHR Extension: (MyChristianPortal) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddlgplemmmbibdngmopialjfhdffpkan [2020-11-04] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddlgplemmmbibdngmopialjfhdffpkan\13.958.19.16773_0 Adds the file manifest.json"="11/4/2020 8:54 AM, 2678 bytes, A Adds the file ntp1.html"="10/14/2020 4:02 PM, 1348 bytes, A Adds the file ntp2.html"="10/14/2020 4:02 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddlgplemmmbibdngmopialjfhdffpkan\13.958.19.16773_0\_locales\en Adds the file messages.json"="11/4/2020 8:54 AM, 277 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddlgplemmmbibdngmopialjfhdffpkan\13.958.19.16773_0\_metadata Adds the file computed_hashes.json"="11/4/2020 8:54 AM, 8698 bytes, A Adds the file verified_contents.json"="10/14/2020 4:02 PM, 8263 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddlgplemmmbibdngmopialjfhdffpkan\13.958.19.16773_0\config Adds the file config.json"="10/14/2020 4:02 PM, 3104 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddlgplemmmbibdngmopialjfhdffpkan\13.958.19.16773_0\icons Adds the file icon128.png"="11/4/2020 8:54 AM, 9090 bytes, A Adds the file icon16.png"="11/4/2020 8:54 AM, 720 bytes, A Adds the file icon19disabled.png"="10/14/2020 4:02 PM, 2080 bytes, A Adds the file icon19on.png"="11/4/2020 8:54 AM, 852 bytes, A Adds the file icon48.png"="11/4/2020 8:54 AM, 3024 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddlgplemmmbibdngmopialjfhdffpkan\13.958.19.16773_0\js Adds the file ajax.js"="10/14/2020 4:02 PM, 3263 bytes, A Adds the file B2BService.js"="10/14/2020 4:02 PM, 11775 bytes, A Adds the file babAPI.js"="10/14/2020 4:02 PM, 5950 bytes, A Adds the file babClickHandler.js"="10/14/2020 4:02 PM, 3485 bytes, A Adds the file babContentScript.js"="10/14/2020 4:02 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="10/14/2020 4:02 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="10/14/2020 4:02 PM, 4311 bytes, A Adds the file babTypeFactory.js"="10/14/2020 4:02 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="10/14/2020 4:02 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="10/14/2020 4:02 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="10/14/2020 4:02 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="10/14/2020 4:02 PM, 4111 bytes, A Adds the file background.js"="10/14/2020 4:02 PM, 30047 bytes, A Adds the file browserUtils.js"="10/14/2020 4:02 PM, 1896 bytes, A Adds the file chrome.js"="10/14/2020 4:02 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="10/14/2020 4:02 PM, 23601 bytes, A Adds the file dailyContentService.js"="10/14/2020 4:02 PM, 11632 bytes, A Adds the file dateTimeUtils.js"="10/14/2020 4:02 PM, 1213 bytes, A Adds the file dlp.js"="10/14/2020 4:02 PM, 13393 bytes, A Adds the file dlpHelper.js"="10/14/2020 4:02 PM, 1717 bytes, A Adds the file extensionDetect.js"="10/14/2020 4:02 PM, 4357 bytes, A Adds the file extensionDetectWithHash.js"="10/14/2020 4:02 PM, 3986 bytes, A Adds the file globalConfigService.js"="10/14/2020 4:02 PM, 1319 bytes, A Adds the file index.js"="10/14/2020 4:02 PM, 49 bytes, A Adds the file localStorageContentScript.js"="10/14/2020 4:02 PM, 2237 bytes, A Adds the file logger.js"="10/14/2020 4:02 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="10/14/2020 4:02 PM, 1976 bytes, A Adds the file meta.js"="10/14/2020 4:02 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="10/14/2020 4:02 PM, 2902 bytes, A Adds the file notificationService.js"="10/14/2020 4:02 PM, 15360 bytes, A Adds the file offerService.js"="10/14/2020 4:02 PM, 17241 bytes, A Adds the file pageUtils.js"="10/14/2020 4:02 PM, 4197 bytes, A Adds the file PartnerId.js"="10/14/2020 4:02 PM, 16402 bytes, A Adds the file polyfill.js"="10/14/2020 4:02 PM, 875 bytes, A Adds the file product.js"="10/14/2020 4:02 PM, 8337 bytes, A Adds the file pTagService.js"="10/14/2020 4:02 PM, 7300 bytes, A Adds the file remoteConfigLoader.js"="10/14/2020 4:02 PM, 6653 bytes, A Adds the file scheduler.js"="10/14/2020 4:02 PM, 4419 bytes, A Adds the file splashPageRedirectHandler.js"="10/14/2020 4:02 PM, 3762 bytes, A Adds the file storageUtils.js"="10/14/2020 4:02 PM, 1718 bytes, A Adds the file surveyService.js"="10/14/2020 4:02 PM, 5401 bytes, A Adds the file templateParser.js"="10/14/2020 4:02 PM, 3153 bytes, A Adds the file ul.js"="10/14/2020 4:02 PM, 7044 bytes, A Adds the file urlFragmentActions.js"="10/14/2020 4:02 PM, 2453 bytes, A Adds the file urlUtils.js"="10/14/2020 4:02 PM, 6382 bytes, A Adds the file util.js"="10/14/2020 4:02 PM, 6714 bytes, A Adds the file watchExtensionsHandler.js"="10/14/2020 4:02 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="10/14/2020 4:02 PM, 12619 bytes, A Adds the file webTooltabAPIProxy.js"="10/14/2020 4:02 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ddlgplemmmbibdngmopialjfhdffpkan Adds the file 000003.log"="11/4/2020 8:54 AM, 6036 bytes, A Adds the file CURRENT"="11/4/2020 8:54 AM, 16 bytes, A Adds the file LOCK"="11/4/2020 8:54 AM, 0 bytes, A Adds the file LOG"="11/4/2020 8:54 AM, 184 bytes, A Adds the file MANIFEST-000001"="11/4/2020 8:54 AM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _rjMembersttab03_@www.mychristianportal.com.xpi"="11/4/2020 8:56 AM, 274255 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ddlgplemmmbibdngmopialjfhdffpkan"="REG_SZ", "D3513DE6541FCA4625C2803C648F85A2B28FE485CCED4D2C4CDA81011B6CC191" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/4/20 Scan Time: 9:59 AM Log File: 18f01320-1e7c-11eb-ac9a-080027235d76.json -Software Information- Version: 4.2.2.95 Components Version: 1.0.1096 Update Package Version: 1.0.32468 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231957 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 2 min, 23 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ddlgplemmmbibdngmopialjfhdffpkan, Quarantined, 1826, 867816, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ddlgplemmmbibdngmopialjfhdffpkan, Quarantined, 1826, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DDLGPLEMMMBIBDNGMOPIALJFHDFFPKAN, Quarantined, 1826, 867816, 1.0.32468, , ame, , , File: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_rjMembersttab03_@www.mychristianportal.com.xpi, Quarantined, 1826, 782571, 1.0.32468, , ame, , 3B67702F3CCA26DCBB33FAEA964470FC, FB73E37650F820B8F117528A0B706BF064BC628738865EE6880C83932B8A104B PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1826, 867816, , , , , 7AC6BC7BD0B6F4C7371BD7D982BEE70B, A6B0599B8B309296C2A33708F37D88814F183EA4F3F421C19BF9CE8F39ABE6DE PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1826, 867816, , , , , 8D916E5EB68BB502974E613BBBF9C7F7, ADA5F87BD95600DD53290D4D3356AFBC13C87A0FB63773EFFC294C8C77BDB9F4 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ddlgplemmmbibdngmopialjfhdffpkan\000003.log, Quarantined, 1826, 867816, , , , , 958AC34881D7DFE83F62ED06C847A4CD, 0DBF02194AA92B62325AB19D435FCD2EE463405DCF616BEED39E68C9C313C58E PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ddlgplemmmbibdngmopialjfhdffpkan\CURRENT, Quarantined, 1826, 867816, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ddlgplemmmbibdngmopialjfhdffpkan\LOCK, Quarantined, 1826, 867816, , , , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ddlgplemmmbibdngmopialjfhdffpkan\LOG, Quarantined, 1826, 867816, , , , , C9EC2BB8643F5C4A6669E4EA4BE7B82F, 76B066F9C14F5431BB7B9CB3E2E1D4AE13E1BB47DF0458F9332B39F3006B0F19 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ddlgplemmmbibdngmopialjfhdffpkan\MANIFEST-000001, Quarantined, 1826, 867816, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DDLGPLEMMMBIBDNGMOPIALJFHDFFPKAN\13.958.19.16773_0\MANIFEST.JSON, Quarantined, 1826, 867816, 1.0.32468, , ame, , D348426EB63E90E81772D87D7E0D6478, 08D5CCE51EB00556A4A3D00A7DCD39F2AA5921B2B8ED217A09AC959753656CE0 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. What is MyWay Search By MyVedicTab?The Malwarebytes research team has determined that MyWay Search By MyVedicTab is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by MyWay Search By MyVedicTab?You may see this Firefox extension:these warnings during install:this new startpage:and this new setting:How did MyWay Search By MyVedicTab get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website:How do I remove MyWay Search By MyVedicTab?Our program Malwarebytes can detect and remove this potentially unwanted program.[Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of MyWay Search By MyVedicTab? No, Malwarebytes' Anti-Malware removes MyWay Search By MyVedicTab completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes, as well as Browser Guard would have protected you against the MyWay Search By MyVedicTab hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: FF Homepage: Mozilla\Firefox\Profiles\{profile}.default -> moz-extension://4f4f90cd-cb93-4518-96aa-77b7680d43a6/dynamicHomePage.html FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _rlMembersttab03_@www.myvedictab.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _rlMembersttab03_@www.myvedictab.com FF Extension: (MyWay Search By MyVedicTab) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_rlMembersttab03_@www.myvedictab.com.xpi [2020-10-16] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=239825533&version=9.100.18.27148&track=TTAB03&trackRevision=1&fromId=_rlMembersttab03_%40www.myvedictab.com&isBridgeExtension=false] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _rlMembersttab03_@www.myvedictab.com.xpi"="10/16/2020 9:22 AM, 246090 bytes, A Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/16/20 Scan Time: 12:50 PM Log File: 7026cfaa-0f9d-11eb-ab9e-080027235d76.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1070 Update Package Version: 1.0.31444 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231848 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 1 min, 51 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_rlMembersttab03_@www.myvedictab.com.xpi, Quarantined, 7860, 782571, 1.0.31444, , ame, , A1C5E791949C0C9BE2D1EE39566718DD, 8662B307B245248EB6AAE70BA60CA5ACE163A86B3EAB6E47A44C3DB7E53339DE Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  7. What is DailyBibleGuide?The Malwarebytes research team has determined that DailyBibleGuide is a browser NewTab. These so-called "NewTab" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.DailyBibleGuide is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by DailyBibleGuide?You may see this Chrome extension:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did DailyBibleGuide get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove DailyBibleGuide?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of DailyBibleGuide? No, Malwarebytes' Anti-Malware removes DailyBibleGuide completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the DailyBibleGuide hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and both Malwarebytes Premium aand Browser Guard block traffic to their domain: Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://hp.myway.com/dailybibleguide/ttab02/index.html?n=7867DE96&p2=%5EXM%5Emni000%5ETTAB02&ptb=A0A0F362-4A15-42C1-9CCD-A7968755166B&coid=a14e934f54dd407f8ff84d1102e557ba CHR NewTab: Default -> Active:"chrome-extension://hdhkemhaommecijlogcmoeaogjjpkihm/ntp1.html" CHR Extension: (DailyBibleGuide) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm [2020-07-31] DailyBibleGuide Internet Explorer Homepage and New Tab (HKCU\...\DailyBibleGuideTooltab Uninstall Internet Explorer) (Version: - Ask Applications, Inc.) Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\DailyBibleGuideTooltab Adds the file TooltabExtension.dll"="2/11/2020 10:08 PM, 273008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0 Adds the file manifest.json"="7/31/2020 10:26 AM, 2550 bytes, A Adds the file ntp1.html"="6/2/2020 9:02 PM, 1348 bytes, A Adds the file ntp2.html"="6/2/2020 9:02 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\_locales\en Adds the file messages.json"="7/31/2020 10:26 AM, 260 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\_metadata Adds the file computed_hashes.json"="7/31/2020 10:26 AM, 8008 bytes, A Adds the file verified_contents.json"="6/2/2020 9:02 PM, 7876 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\config Adds the file config.json"="6/2/2020 9:02 PM, 2221 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\icons Adds the file icon128.png"="7/31/2020 10:26 AM, 10931 bytes, A Adds the file icon16.png"="7/31/2020 10:26 AM, 701 bytes, A Adds the file icon19disabled.png"="6/2/2020 9:02 PM, 1599 bytes, A Adds the file icon19on.png"="7/31/2020 10:26 AM, 887 bytes, A Adds the file icon48.png"="7/31/2020 10:26 AM, 3507 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm\13.931.18.9828_0\js Adds the file ajax.js"="6/2/2020 9:02 PM, 3263 bytes, A Adds the file B2BService.js"="6/2/2020 9:02 PM, 11729 bytes, A Adds the file babAPI.js"="6/2/2020 9:02 PM, 5950 bytes, A Adds the file babClickHandler.js"="6/2/2020 9:02 PM, 3485 bytes, A Adds the file babContentScript.js"="6/2/2020 9:02 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="6/2/2020 9:02 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="6/2/2020 9:02 PM, 4311 bytes, A Adds the file babTypeFactory.js"="6/2/2020 9:02 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="6/2/2020 9:02 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="6/2/2020 9:02 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="6/2/2020 9:02 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="6/2/2020 9:02 PM, 4111 bytes, A Adds the file background.js"="6/2/2020 9:02 PM, 26477 bytes, A Adds the file browserUtils.js"="6/2/2020 9:02 PM, 1896 bytes, A Adds the file chrome.js"="6/2/2020 9:02 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/2/2020 9:02 PM, 23601 bytes, A Adds the file dateTimeUtils.js"="6/2/2020 9:02 PM, 1213 bytes, A Adds the file dlp.js"="6/2/2020 9:02 PM, 5852 bytes, A Adds the file dlpHelper.js"="6/2/2020 9:02 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/2/2020 9:02 PM, 4357 bytes, A Adds the file index.js"="6/2/2020 9:02 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/2/2020 9:02 PM, 2237 bytes, A Adds the file logger.js"="6/2/2020 9:02 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="6/2/2020 9:02 PM, 1976 bytes, A Adds the file meta.js"="6/2/2020 9:02 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="6/2/2020 9:02 PM, 2902 bytes, A Adds the file notificationService.js"="6/2/2020 9:02 PM, 15360 bytes, A Adds the file offerService.js"="6/2/2020 9:02 PM, 17241 bytes, A Adds the file pageUtils.js"="6/2/2020 9:02 PM, 2967 bytes, A Adds the file PartnerId.js"="6/2/2020 9:02 PM, 16402 bytes, A Adds the file polyfill.js"="6/2/2020 9:02 PM, 875 bytes, A Adds the file product.js"="6/2/2020 9:02 PM, 8248 bytes, A Adds the file pTagService.js"="6/2/2020 9:02 PM, 7125 bytes, A Adds the file remoteConfigLoader.js"="6/2/2020 9:02 PM, 6179 bytes, A Adds the file scheduler.js"="6/2/2020 9:02 PM, 4130 bytes, A Adds the file splashPageRedirectHandler.js"="6/2/2020 9:02 PM, 2944 bytes, A Adds the file storageUtils.js"="6/2/2020 9:02 PM, 1718 bytes, A Adds the file surveyService.js"="6/2/2020 9:02 PM, 5401 bytes, A Adds the file templateParser.js"="6/2/2020 9:02 PM, 3153 bytes, A Adds the file ul.js"="6/2/2020 9:02 PM, 5856 bytes, A Adds the file urlFragmentActions.js"="6/2/2020 9:02 PM, 2453 bytes, A Adds the file urlUtils.js"="6/2/2020 9:02 PM, 6382 bytes, A Adds the file util.js"="6/2/2020 9:02 PM, 5693 bytes, A Adds the file watchExtensionsHandler.js"="6/2/2020 9:02 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="6/2/2020 9:02 PM, 9786 bytes, A Adds the file webTooltabAPIProxy.js"="6/2/2020 9:02 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm Adds the file 000003.log"="7/31/2020 10:26 AM, 4811 bytes, A Adds the file CURRENT"="7/31/2020 10:26 AM, 16 bytes, A Adds the file LOCK"="7/31/2020 10:26 AM, 0 bytes, A Adds the file LOG"="7/31/2020 10:28 AM, 185 bytes, A Adds the file MANIFEST-000001"="7/31/2020 10:26 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\DailyBibleGuide] "Start Page"="REG_SZ", "https://hp.myway.com/dailybibleguide/ttab02/index.html?n=7867DE96&p2=^XM^mni000^TTAB02&ptb=A0A0F362-4A15-42C1-9CCD-A7968755166B&coid=a14e934f54dd407f8ff84d1102e557ba" "UnInstallSurveyUrl"="REG_SZ", "https://@{downloadDomain}.dl.myway.com/uninstall.jhtml?c=A0A0F362-4A15-42C1-9CCD-A7968755166B&ptb=^XM^mni000^TTAB02" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "hdhkemhaommecijlogcmoeaogjjpkihm"="REG_SZ", "026E1A507F9064DEAF91CE164AA7BCBEF3273702BCEC5CADDBDBB987CFD02944" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "https://hp.myway.com/dailybibleguide/ttab02/index.html?n=7867DE96&p2=%5EXM%5Emni000%5ETTAB02&ptb=A0A0F362-4A15-42C1-9CCD-A7968755166B&coid=a14e934f54dd407f8ff84d1102e557ba" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DailyBibleGuideTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "DailyBibleGuide Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Ask Applications, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\DailyBibleGuideTooltab\TooltabExtension.dll" U uninstall:DailyBibleGuide" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/31/20 Scan Time: 10:34 AM Log File: ae242ea0-d308-11ea-a51e-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27725 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231325 Threats Detected: 22 Threats Quarantined: 22 Time Elapsed: 5 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyBibleGuideTooltab\TooltabExtension.dll, Quarantined, 1815, 356944, , , , Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DailyBibleGuideTooltab Uninstall Internet Explorer, Quarantined, 1815, 356944, , , , PUP.Optional.MindSpark, HKCU\SOFTWARE\DailyBibleGuide, Quarantined, 719, 240557, 1.0.27725, , ame, Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\DailyBibleGuide|START PAGE, Quarantined, 1815, 444113, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\DailyBibleGuide|UNINSTALLSURVEYURL, Quarantined, 1815, 769449, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hdhkemhaommecijlogcmoeaogjjpkihm, Quarantined, 1815, 456842, , , , Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, 719, 293497, 1.0.27725, , ame, Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyBibleGuideTooltab, Quarantined, 1815, 356944, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\hdhkemhaommecijlogcmoeaogjjpkihm, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm, Quarantined, 1815, 456842, , , , File: 12 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\DailyBibleGuideTooltab\TooltabExtension.dll, Quarantined, 1815, 356944, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\000003.log, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\CURRENT, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\LOCK, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\LOG, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdhkemhaommecijlogcmoeaogjjpkihm\MANIFEST-000001, Quarantined, 1815, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HDHKEMHAOMMECIJLOGCMOEAOGJJPKIHM\13.931.18.9828_0\CONFIG\CONFIG.JSON, Quarantined, 1815, 456842, 1.0.27725, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HDHKEMHAOMMECIJLOGCMOEAOGJJPKIHM\13.931.18.9828_0\MANIFEST.JSON, Quarantined, 1815, 443121, 1.0.27725, , ame, PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\DAILYBIBLEGUIDE.EXE, Quarantined, 719, 790639, 1.0.27725, , ame, PUP.Optional.MindSpark, C:\USERS\{username}\DOWNLOADS\DAILYBIBLEGUIDE.99E6A229C62C414A9BADBEB875533F9D.EXE, Quarantined, 719, 790639, 1.0.27725, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  8. What is FileSendSuite?The Malwarebytes research team has determined that FileSendSuite is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by FileSendSuite?You may see this browser extension:these warnings during install:this new startpage:and this new setting:How did FileSendSuite get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove FileSendSuite?Our program Malwarebytes can detect and remove this potentially unwanted program.[Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of FileSendSuite? No, Malwarebytes' Anti-Malware removes FileSendSuite completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the FileSendSuite hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://jdlnhgjcehghpjmemkjbkhgpeblojiaj/ntp1.html" CHR Extension: (FileSendSuite) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj [2020-07-01] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0 Adds the file manifest.json"="7/1/2020 9:34 AM, 2561 bytes, A Adds the file ntp1.html"="6/2/2020 7:21 PM, 1348 bytes, A Adds the file ntp2.html"="6/2/2020 7:21 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\ar Adds the file messages.json"="7/1/2020 9:34 AM, 260 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\de Adds the file messages.json"="7/1/2020 9:34 AM, 182 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\en Adds the file messages.json"="7/1/2020 9:34 AM, 247 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\es Adds the file messages.json"="7/1/2020 9:34 AM, 178 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\es_419 Adds the file messages.json"="7/1/2020 9:34 AM, 178 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\fr Adds the file messages.json"="7/1/2020 9:34 AM, 191 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\it Adds the file messages.json"="7/1/2020 9:34 AM, 173 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\ja Adds the file messages.json"="7/1/2020 9:34 AM, 210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\ko Adds the file messages.json"="7/1/2020 9:34 AM, 211 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\nl Adds the file messages.json"="7/1/2020 9:34 AM, 211 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\pt_BR Adds the file messages.json"="7/1/2020 9:34 AM, 180 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_locales\pt_PT Adds the file messages.json"="7/1/2020 9:34 AM, 180 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\_metadata Adds the file computed_hashes.json"="7/1/2020 9:34 AM, 8008 bytes, A Adds the file verified_contents.json"="6/2/2020 7:21 PM, 9283 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\config Adds the file config.json"="6/2/2020 7:21 PM, 2205 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\icons Adds the file icon128.png"="7/1/2020 9:34 AM, 6360 bytes, A Adds the file icon16.png"="7/1/2020 9:34 AM, 700 bytes, A Adds the file icon19disabled.png"="6/2/2020 7:21 PM, 1659 bytes, A Adds the file icon19on.png"="7/1/2020 9:34 AM, 848 bytes, A Adds the file icon48.png"="7/1/2020 9:34 AM, 2399 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlnhgjcehghpjmemkjbkhgpeblojiaj\13.931.18.8162_0\js Adds the file ajax.js"="6/2/2020 7:21 PM, 3263 bytes, A Adds the file B2BService.js"="6/2/2020 7:21 PM, 11729 bytes, A Adds the file babAPI.js"="6/2/2020 7:21 PM, 5950 bytes, A Adds the file babClickHandler.js"="6/2/2020 7:21 PM, 3485 bytes, A Adds the file babContentScript.js"="6/2/2020 7:21 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="6/2/2020 7:21 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="6/2/2020 7:21 PM, 4311 bytes, A Adds the file babTypeFactory.js"="6/2/2020 7:21 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="6/2/2020 7:21 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="6/2/2020 7:21 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="6/2/2020 7:21 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="6/2/2020 7:21 PM, 4111 bytes, A Adds the file background.js"="6/2/2020 7:21 PM, 26477 bytes, A Adds the file browserUtils.js"="6/2/2020 7:21 PM, 1896 bytes, A Adds the file chrome.js"="6/2/2020 7:21 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/2/2020 7:21 PM, 23601 bytes, A Adds the file dateTimeUtils.js"="6/2/2020 7:21 PM, 1213 bytes, A Adds the file dlp.js"="6/2/2020 7:21 PM, 5852 bytes, A Adds the file dlpHelper.js"="6/2/2020 7:21 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/2/2020 7:21 PM, 4357 bytes, A Adds the file index.js"="6/2/2020 7:21 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/2/2020 7:21 PM, 2237 bytes, A Adds the file logger.js"="6/2/2020 7:21 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="6/2/2020 7:21 PM, 1976 bytes, A Adds the file meta.js"="6/2/2020 7:21 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="6/2/2020 7:21 PM, 2902 bytes, A Adds the file notificationService.js"="6/2/2020 7:21 PM, 15360 bytes, A Adds the file offerService.js"="6/2/2020 7:21 PM, 17241 bytes, A Adds the file pageUtils.js"="6/2/2020 7:21 PM, 2967 bytes, A Adds the file PartnerId.js"="6/2/2020 7:21 PM, 16402 bytes, A Adds the file polyfill.js"="6/2/2020 7:21 PM, 875 bytes, A Adds the file product.js"="6/2/2020 7:21 PM, 8248 bytes, A Adds the file pTagService.js"="6/2/2020 7:21 PM, 7125 bytes, A Adds the file remoteConfigLoader.js"="6/2/2020 7:21 PM, 6179 bytes, A Adds the file scheduler.js"="6/2/2020 7:21 PM, 4130 bytes, A Adds the file splashPageRedirectHandler.js"="6/2/2020 7:21 PM, 2944 bytes, A Adds the file storageUtils.js"="6/2/2020 7:21 PM, 1718 bytes, A Adds the file surveyService.js"="6/2/2020 7:21 PM, 5401 bytes, A Adds the file templateParser.js"="6/2/2020 7:21 PM, 3153 bytes, A Adds the file ul.js"="6/2/2020 7:21 PM, 5856 bytes, A Adds the file urlFragmentActions.js"="6/2/2020 7:21 PM, 2453 bytes, A Adds the file urlUtils.js"="6/2/2020 7:21 PM, 6382 bytes, A Adds the file util.js"="6/2/2020 7:21 PM, 5693 bytes, A Adds the file watchExtensionsHandler.js"="6/2/2020 7:21 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="6/2/2020 7:21 PM, 9786 bytes, A Adds the file webTooltabAPIProxy.js"="6/2/2020 7:21 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj Adds the file 000003.log"="7/1/2020 9:34 AM, 4780 bytes, A Adds the file CURRENT"="7/1/2020 9:34 AM, 16 bytes, A Adds the file LOCK"="7/1/2020 9:34 AM, 0 bytes, A Adds the file LOG"="7/1/2020 9:37 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/1/2020 9:34 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jdlnhgjcehghpjmemkjbkhgpeblojiaj"="REG_SZ", "FF287A2B359DC873C300DFBCF0CA067C7CA5AC154F3223BEC69EC167983C05DF" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/1/20 Scan Time: 10:30 AM Log File: 10ceb49a-bb75-11ea-bf8f-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26233 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232374 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 2 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jdlnhgjcehghpjmemkjbkhgpeblojiaj, Quarantined, 1817, 443121, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JDLNHGJCEHGHPJMEMKJBKHGPEBLOJIAJ, Quarantined, 1817, 443121, 1.0.26233, , ame, File: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\000003.log, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\CURRENT, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\LOCK, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\LOG, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jdlnhgjcehghpjmemkjbkhgpeblojiaj\MANIFEST-000001, Quarantined, 1817, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JDLNHGJCEHGHPJMEMKJBKHGPEBLOJIAJ\13.931.18.8162_0\MANIFEST.JSON, Quarantined, 1817, 443121, 1.0.26233, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JDLNHGJCEHGHPJMEMKJBKHGPEBLOJIAJ\13.931.18.8162_0\CONFIG\CONFIG.JSON, Quarantined, 1817, 456842, 1.0.26233, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  9. What is DownloadManagerNow?The Malwarebytes research team has determined that DownloadManagerNow is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by DownloadManagerNow?You may see this browser extension:these warnings during install:You may see this icon in your browsers menu-bar:this new startpage:and this new setting:How did DownloadManagerNow get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove DownloadManagerNow?Our program Malwarebytes can detect and remove this potentially unwanted program.[Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of DownloadManagerNow? No, Malwarebytes' Anti-Malware removes DownloadManagerNow completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes, as well as Malwarebytes Browser Guard, would have protected you against the DownloadManagerNow hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://ijjbaliojphgfiakfehndobhialecmpl/ntp1.html" CHR Extension: (DownloadManagerNow) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl [2020-06-23] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0 Adds the file manifest.json"="6/23/2020 10:42 AM, 2576 bytes, A Adds the file ntp1.html"="6/2/2020 7:06 PM, 1348 bytes, A Adds the file ntp2.html"="6/2/2020 7:06 PM, 1282 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\_metadata Adds the file computed_hashes.json"="6/23/2020 10:42 AM, 8008 bytes, A Adds the file verified_contents.json"="6/2/2020 7:06 PM, 9283 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\config Adds the file config.json"="6/2/2020 7:06 PM, 2265 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\icons Adds the file icon128.png"="6/23/2020 10:42 AM, 10183 bytes, A Adds the file icon16.png"="6/23/2020 10:42 AM, 546 bytes, A Adds the file icon19disabled.png"="6/2/2020 7:06 PM, 1460 bytes, A Adds the file icon19on.png"="6/23/2020 10:42 AM, 692 bytes, A Adds the file icon48.png"="6/23/2020 10:42 AM, 2418 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl\13.931.18.7871_0\js Adds the file ajax.js"="6/2/2020 7:06 PM, 3263 bytes, A Adds the file B2BService.js"="6/2/2020 7:06 PM, 11729 bytes, A Adds the file babAPI.js"="6/2/2020 7:06 PM, 5950 bytes, A Adds the file babClickHandler.js"="6/2/2020 7:06 PM, 3485 bytes, A Adds the file babContentScript.js"="6/2/2020 7:06 PM, 10509 bytes, A Adds the file babContentScriptAPI.js"="6/2/2020 7:06 PM, 13191 bytes, A Adds the file babRemoteConfigProcessor.js"="6/2/2020 7:06 PM, 4311 bytes, A Adds the file babTypeFactory.js"="6/2/2020 7:06 PM, 1999 bytes, A Adds the file babTypeInjectionEmbededPage.js"="6/2/2020 7:06 PM, 3383 bytes, A Adds the file babTypeInjectionIframe.js"="6/2/2020 7:06 PM, 2114 bytes, A Adds the file babTypeInjectionIframeAPIProxy.js"="6/2/2020 7:06 PM, 3160 bytes, A Adds the file babTypeInjectionScript.js"="6/2/2020 7:06 PM, 4111 bytes, A Adds the file background.js"="6/2/2020 7:06 PM, 26477 bytes, A Adds the file browserUtils.js"="6/2/2020 7:06 PM, 1896 bytes, A Adds the file chrome.js"="6/2/2020 7:06 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="6/2/2020 7:06 PM, 23601 bytes, A Adds the file dateTimeUtils.js"="6/2/2020 7:06 PM, 1213 bytes, A Adds the file dlp.js"="6/2/2020 7:06 PM, 5852 bytes, A Adds the file dlpHelper.js"="6/2/2020 7:06 PM, 1835 bytes, A Adds the file extensionDetect.js"="6/2/2020 7:06 PM, 4357 bytes, A Adds the file index.js"="6/2/2020 7:06 PM, 49 bytes, A Adds the file localStorageContentScript.js"="6/2/2020 7:06 PM, 2237 bytes, A Adds the file logger.js"="6/2/2020 7:06 PM, 531 bytes, A Adds the file loggingLevelUtils.js"="6/2/2020 7:06 PM, 1976 bytes, A Adds the file meta.js"="6/2/2020 7:06 PM, 3300 bytes, A Adds the file newTabPageRedirectHandler.js"="6/2/2020 7:06 PM, 2902 bytes, A Adds the file notificationService.js"="6/2/2020 7:06 PM, 15360 bytes, A Adds the file offerService.js"="6/2/2020 7:06 PM, 17241 bytes, A Adds the file pageUtils.js"="6/2/2020 7:06 PM, 2967 bytes, A Adds the file PartnerId.js"="6/2/2020 7:06 PM, 16402 bytes, A Adds the file polyfill.js"="6/2/2020 7:06 PM, 875 bytes, A Adds the file product.js"="6/2/2020 7:06 PM, 8248 bytes, A Adds the file pTagService.js"="6/2/2020 7:06 PM, 7125 bytes, A Adds the file remoteConfigLoader.js"="6/2/2020 7:06 PM, 6179 bytes, A Adds the file scheduler.js"="6/2/2020 7:06 PM, 4130 bytes, A Adds the file splashPageRedirectHandler.js"="6/2/2020 7:06 PM, 2944 bytes, A Adds the file storageUtils.js"="6/2/2020 7:06 PM, 1718 bytes, A Adds the file surveyService.js"="6/2/2020 7:06 PM, 5401 bytes, A Adds the file templateParser.js"="6/2/2020 7:06 PM, 3153 bytes, A Adds the file ul.js"="6/2/2020 7:06 PM, 5856 bytes, A Adds the file urlFragmentActions.js"="6/2/2020 7:06 PM, 2453 bytes, A Adds the file urlUtils.js"="6/2/2020 7:06 PM, 6382 bytes, A Adds the file util.js"="6/2/2020 7:06 PM, 5693 bytes, A Adds the file watchExtensionsHandler.js"="6/2/2020 7:06 PM, 10297 bytes, A Adds the file webtooltabAPI.js"="6/2/2020 7:06 PM, 9786 bytes, A Adds the file webTooltabAPIProxy.js"="6/2/2020 7:06 PM, 8782 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl Adds the file 000003.log"="6/23/2020 10:42 AM, 4827 bytes, A Adds the file CURRENT"="6/23/2020 10:42 AM, 16 bytes, A Adds the file LOCK"="6/23/2020 10:42 AM, 0 bytes, A Adds the file LOG"="6/23/2020 10:46 AM, 184 bytes, A Adds the file MANIFEST-000001"="6/23/2020 10:42 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ijjbaliojphgfiakfehndobhialecmpl"="REG_SZ", "E2D436A20B6C0AF690CECB6F4AAAA7700DFDF53C67A910EDD865D0592A0AE4ED" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/23/20 Scan Time: 10:53 AM Log File: 0546f8f4-b52f-11ea-8270-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.25901 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231529 Threats Detected: 13 Threats Quarantined: 13 Time Elapsed: 1 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ijjbaliojphgfiakfehndobhialecmpl, Quarantined, 1817, 456842, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\ijjbaliojphgfiakfehndobhialecmpl, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl, Quarantined, 1817, 456842, , , , File: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\000003.log, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\CURRENT, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\LOCK, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\LOG, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\LOG.old, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijjbaliojphgfiakfehndobhialecmpl\MANIFEST-000001, Quarantined, 1817, 456842, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IJJBALIOJPHGFIAKFEHNDOBHIALECMPL\13.931.18.7871_0\CONFIG\CONFIG.JSON, Quarantined, 1817, 456842, 1.0.25901, , ame, PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IJJBALIOJPHGFIAKFEHNDOBHIALECMPL\13.931.18.7871_0\MANIFEST.JSON, Quarantined, 1817, 443121, 1.0.25901, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  10. What is EasyPDFCombine for Chrome? The Malwarebytes research team has determined that EasyPDFCombine for Chrome is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by EasyPDFCombine for Chrome? You may see this browser extension: these warnings during install: You may see this icon in your browsers menu-bar: this new startpage: and this new setting: How did EasyPDFCombine for Chrome get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove EasyPDFCombine for Chrome? Our program Malwarebytes can detect and remove this potentially unwanted program. [Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of EasyPDFCombine for Chrome? No, Malwarebytes' Anti-Malware removes EasyPDFCombine for Chrome completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes, as well as Browser Guard, would have protected you against the EasyPDFCombine for Chrome hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://dmpghkabedbjaabdjfchnafeciefnjnk/ntp1.html" CHR Extension: (EasyPDFCombine for Chrome) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk [2020-01-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0 Adds the file manifest.json"="1/17/2020 11:39 AM, 2556 bytes, A Adds the file ntp1.html"="11/13/2019 8:35 PM, 1349 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_metadata Adds the file computed_hashes.json"="1/17/2020 11:39 AM, 5504 bytes, A Adds the file verified_contents.json"="11/13/2019 8:35 PM, 7407 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\config Adds the file config.json"="11/13/2019 8:35 PM, 1532 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons Adds the file icon128.png"="1/17/2020 11:39 AM, 7553 bytes, A Adds the file icon16.png"="11/13/2019 8:35 PM, 1998 bytes, A Adds the file icon19disabled.png"="11/13/2019 8:35 PM, 1703 bytes, A Adds the file icon19on.png"="1/17/2020 11:39 AM, 872 bytes, A Adds the file icon48.png"="1/17/2020 11:39 AM, 2648 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js Adds the file ajax.js"="11/13/2019 8:35 PM, 3263 bytes, A Adds the file babAPI.js"="11/13/2019 8:35 PM, 5703 bytes, A Adds the file babClickHandler.js"="11/13/2019 8:35 PM, 11430 bytes, A Adds the file babContentScript.js"="11/13/2019 8:35 PM, 3749 bytes, A Adds the file babContentScriptAPI.js"="11/13/2019 8:35 PM, 9842 bytes, A Adds the file background.js"="11/13/2019 8:35 PM, 18106 bytes, A Adds the file browserUtils.js"="11/13/2019 8:35 PM, 1536 bytes, A Adds the file chrome.js"="11/13/2019 8:35 PM, 146 bytes, A Adds the file contentScriptConnectionManager.js"="11/13/2019 8:35 PM, 22964 bytes, A Adds the file dateTimeUtils.js"="11/13/2019 8:35 PM, 1213 bytes, A Adds the file dlp.js"="11/13/2019 8:35 PM, 5783 bytes, A Adds the file dlpHelper.js"="11/13/2019 8:35 PM, 1835 bytes, A Adds the file extensionDetect.js"="11/13/2019 8:35 PM, 4354 bytes, A Adds the file index.js"="11/13/2019 8:35 PM, 49 bytes, A Adds the file localStorageContentScript.js"="11/13/2019 8:35 PM, 2236 bytes, A Adds the file logger.js"="11/13/2019 8:35 PM, 531 bytes, A Adds the file meta.js"="11/13/2019 8:35 PM, 1610 bytes, A Adds the file offerService.js"="11/13/2019 8:35 PM, 16953 bytes, A Adds the file pageUtils.js"="11/13/2019 8:35 PM, 2905 bytes, A Adds the file PartnerId.js"="11/13/2019 8:35 PM, 16402 bytes, A Adds the file polyfill.js"="11/13/2019 8:35 PM, 875 bytes, A Adds the file product.js"="11/13/2019 8:35 PM, 7830 bytes, A Adds the file remoteConfigLoader.js"="11/13/2019 8:35 PM, 5053 bytes, A Adds the file splashPageRedirectHandler.js"="11/13/2019 8:35 PM, 2821 bytes, A Adds the file storageUtils.js"="11/13/2019 8:35 PM, 1718 bytes, A Adds the file TemplateParser.js"="11/13/2019 8:35 PM, 3153 bytes, A Adds the file ul.js"="11/13/2019 8:35 PM, 3969 bytes, A Adds the file urlFragmentActions.js"="11/13/2019 8:35 PM, 2453 bytes, A Adds the file urlUtils.js"="11/13/2019 8:35 PM, 5906 bytes, A Adds the file util.js"="11/13/2019 8:35 PM, 2779 bytes, A Adds the file webtooltabAPI.js"="11/13/2019 8:35 PM, 9768 bytes, A Adds the file webTooltabAPIProxy.js"="11/13/2019 8:35 PM, 8765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk Adds the file 000003.log"="1/17/2020 11:39 AM, 4381 bytes, A Adds the file CURRENT"="1/17/2020 11:39 AM, 16 bytes, A Adds the file LOCK"="1/17/2020 11:39 AM, 0 bytes, A Adds the file LOG"="1/17/2020 11:39 AM, 184 bytes, A Adds the file MANIFEST-000001"="1/17/2020 11:39 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "dmpghkabedbjaabdjfchnafeciefnjnk"="REG_SZ", "7A295AFD57BFABE99246D4ED36C88CBE4277FFD1C68EFD86DAED1BCDFAF76095" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/17/20 Scan Time: 11:53 AM Log File: 8afe072e-3917-11ea-b298-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.785 Update Package Version: 1.0.17836 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236115 Threats Detected: 82 Threats Quarantined: 82 Time Elapsed: 38 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|dmpghkabedbjaabdjfchnafeciefnjnk, Quarantined, 1792, 443121, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 20 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\es_419, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\pt_BR, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\pt_PT, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ar, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\de, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\en, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\es, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\fr, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\it, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ja, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ko, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\nl, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_metadata, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\config, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DMPGHKABEDBJAABDJFCHNAFECIEFNJNK, Quarantined, 1792, 443121, 1.0.17836, , ame, File: 61 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\000003.log, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\CURRENT, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\LOCK, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\LOG, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmpghkabedbjaabdjfchnafeciefnjnk\MANIFEST-000001, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DMPGHKABEDBJAABDJFCHNAFECIEFNJNK\13.917.16.52171_0\MANIFEST.JSON, Quarantined, 1792, 443121, 1.0.17836, , ame, PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\config\config.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon128.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon16.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon19disabled.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon19on.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\icons\icon48.png, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\dlpHelper.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\ajax.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\babAPI.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\babClickHandler.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\babContentScript.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\babContentScriptAPI.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\background.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\browserUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\chrome.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\contentScriptConnectionManager.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\dateTimeUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\dlp.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\extensionDetect.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\index.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\localStorageContentScript.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\logger.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\meta.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\offerService.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\pageUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\PartnerId.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\polyfill.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\product.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\remoteConfigLoader.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\splashPageRedirectHandler.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\storageUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\TemplateParser.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\ul.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\urlFragmentActions.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\urlUtils.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\util.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\webtooltabAPI.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\js\webTooltabAPIProxy.js, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ar\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\de\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\en\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\es\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\es_419\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\fr\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\it\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ja\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\ko\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\nl\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\pt_BR\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_locales\pt_PT\messages.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_metadata\computed_hashes.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\_metadata\verified_contents.json, Quarantined, 1792, 443121, , , , PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk\13.917.16.52171_0\ntp1.html, Quarantined, 1792, 443121, , , , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  11. What is MyScrapNook?The Malwarebytes research team has determined that MyScrapNook is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.MyScrapNook is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by MyScrapNook?You may see this Chrome extension:these warnings during install:You may see this new setting:this icon in the Chrome menu-bar:and this new startpage in the affected browser(s):How did MyScrapNook get on my computer?Browser hijackers use different methods for distributing themselves. This particular Chrome extension was downloaded from the webstore:and promoted by their website:How do I remove MyScrapNook?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of MyScrapNook? No, Malwarebytes' Anti-Malware removes MyScrapNook completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the MyScrapNook hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in a FRST log: CHR NewTab: Default -> Active:"chrome-extension://lbapdklahcjljfincdglncfpdgfhckcf/newtabproduct.html" CHR Extension: (MyScrapNook) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf [2019-04-12] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0 Adds the file manifest.json"="4/12/2019 8:50 AM, 2561 bytes, A Adds the file newtabproduct.html"="4/7/2018 1:28 AM, 1136 bytes, A Adds the file stubby.html"="4/7/2018 1:28 AM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\_metadata Adds the file computed_hashes.json"="4/12/2019 8:50 AM, 4096 bytes, A Adds the file verified_contents.json"="4/7/2018 1:28 AM, 4877 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\config Adds the file config.json"="4/7/2018 1:28 AM, 1726 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons Adds the file icon128.png"="4/12/2019 8:50 AM, 6200 bytes, A Adds the file icon16.png"="4/7/2018 1:28 AM, 1454 bytes, A Adds the file icon19disabled.png"="4/7/2018 1:28 AM, 1421 bytes, A Adds the file icon19on.png"="4/12/2019 8:50 AM, 590 bytes, A Adds the file icon48.png"="4/12/2019 8:50 AM, 2314 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js Adds the file ajax.js"="4/7/2018 1:28 AM, 2250 bytes, A Adds the file background.js"="4/7/2018 1:28 AM, 21002 bytes, A Adds the file chrome.js"="4/7/2018 1:28 AM, 180 bytes, A Adds the file content_script.js"="4/7/2018 1:28 AM, 5815 bytes, A Adds the file dlp.js"="4/7/2018 1:28 AM, 5690 bytes, A Adds the file dlpHelper.js"="4/7/2018 1:28 AM, 1836 bytes, A Adds the file extension_detect.js"="4/7/2018 1:28 AM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="4/7/2018 1:28 AM, 2908 bytes, A Adds the file index.js"="4/7/2018 1:28 AM, 82 bytes, A Adds the file initOfferCEF.js"="4/7/2018 1:28 AM, 8842 bytes, A Adds the file logger.js"="4/7/2018 1:28 AM, 575 bytes, A Adds the file offerService.js"="4/7/2018 1:28 AM, 13159 bytes, A Adds the file pageUtils.js"="4/7/2018 1:28 AM, 1811 bytes, A Adds the file PartnerId.js"="4/7/2018 1:28 AM, 16439 bytes, A Adds the file product.js"="4/7/2018 1:28 AM, 4511 bytes, A Adds the file storage.js"="4/7/2018 1:28 AM, 1675 bytes, A Adds the file TabManager.js"="4/7/2018 1:28 AM, 189 bytes, A Adds the file TemplateParser.js"="4/7/2018 1:28 AM, 3080 bytes, A Adds the file ul.js"="4/7/2018 1:28 AM, 3862 bytes, A Adds the file urlFragmentActions.js"="4/7/2018 1:28 AM, 2521 bytes, A Adds the file urlUtils.js"="4/7/2018 1:28 AM, 5385 bytes, A Adds the file util.js"="4/7/2018 1:28 AM, 3235 bytes, A Adds the file webtooltabAPI.js"="4/7/2018 1:28 AM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf Adds the file 000003.log"="4/12/2019 8:50 AM, 1890 bytes, A Adds the file CURRENT"="4/12/2019 8:50 AM, 16 bytes, A Adds the file LOCK"="4/12/2019 8:50 AM, 0 bytes, A Adds the file LOG"="4/12/2019 8:50 AM, 185 bytes, A Adds the file MANIFEST-000001"="4/12/2019 8:50 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lbapdklahcjljfincdglncfpdgfhckcf"="REG_SZ", "53DC83B630939F2085C966B420DFAD81ED442879EAABB4B2C4B884DDEA78722B" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/12/19 Scan Time: 9:06 AM Log File: 8d27f544-5cf1-11e9-a71a-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10122 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236621 Threats Detected: 49 Threats Quarantined: 49 Time Elapsed: 6 min, 47 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lbapdklahcjljfincdglncfpdgfhckcf, Quarantined, [1742], [456843],1.0.10122 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\_metadata, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\config, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBAPDKLAHCJLJFINCDGLNCFPDGFHCKCF, Quarantined, [1742], [456843],1.0.10122 File: 41 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\000003.log, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\CURRENT, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\LOCK, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\LOG, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbapdklahcjljfincdglncfpdgfhckcf\MANIFEST-000001, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBAPDKLAHCJLJFINCDGLNCFPDGFHCKCF\13.611.13.2785_0\MANIFEST.JSON, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\config\config.json, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon128.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon16.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon19disabled.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon19on.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\icons\icon48.png, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\ajax.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\background.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\chrome.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\content_script.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\dlp.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\dlpHelper.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\extension_detect.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\genericLoadRemoteSettings.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\index.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\initOfferCEF.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\logger.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\offerService.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\pageUtils.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\PartnerId.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\product.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\storage.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\TabManager.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\TemplateParser.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\ul.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\urlFragmentActions.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\urlUtils.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\util.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\js\webtooltabAPI.js, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\_metadata\computed_hashes.json, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\_metadata\verified_contents.json, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\newtabproduct.html, Quarantined, [1742], [456843],1.0.10122 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbapdklahcjljfincdglncfpdgfhckcf\13.611.13.2785_0\stubby.html, Quarantined, [1742], [456843],1.0.10122 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  12. What is Muzik Fury?The Malwarebytes research team has determined that Muzik Fury is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Muzik Fury is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Muzik Fury?You may see these browser extensions/add-ons:these warnings during install:You may see this type of new settings:and this newtab-page in the affected browsers:How did Muzik Fury get on my computer?Browser hijackers use different methods for distributing themselves. This particular Firefox add-on was downloaded from their website.and the Chrome extension was available in the webstore:How do I remove Muzik Fury?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Muzik Fury? No, Malwarebytes' Anti-Malware removes Muzik Fury completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Muzik Fury hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in a FRST log: FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _otMembers_@muzikfury.thewhizmarketing.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _otMembers_@muzikfury.thewhizmarketing.com FF Extension: (Muzik Fury) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_otMembers_@muzikfury.thewhizmarketing.com.xpi [2018-12-13] CHR NewTab: Default -> Active:"chrome-extension://njnmnphjljmejmfacphkagccdnajkghk/newtabproduct.html" CHR Extension: (Muzik Fury) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk [2018-12-13] Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0 Adds the file manifest.json"="12/13/2018 8:28 PM, 2389 bytes, A Adds the file newtabproduct.html"="10/17/2018 7:26 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en Adds the file messages.json"="12/13/2018 8:28 PM, 252 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata Adds the file computed_hashes.json"="12/13/2018 8:28 PM, 4560 bytes, A Adds the file verified_contents.json"="10/17/2018 7:26 PM, 5403 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config Adds the file config.json"="10/17/2018 7:26 PM, 1975 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons Adds the file icon128.png"="12/13/2018 8:28 PM, 2874 bytes, A Adds the file icon16.png"="10/17/2018 7:26 PM, 227 bytes, A Adds the file icon19disabled.png"="10/17/2018 7:26 PM, 265 bytes, A Adds the file icon19on.png"="12/13/2018 8:28 PM, 412 bytes, A Adds the file icon48.png"="12/13/2018 8:28 PM, 1353 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js Adds the file ajax.js"="10/17/2018 7:26 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="10/17/2018 7:26 PM, 11186 bytes, A Adds the file background.js"="10/17/2018 7:26 PM, 21476 bytes, A Adds the file browserUtils.js"="10/17/2018 7:26 PM, 912 bytes, A Adds the file chrome.js"="10/17/2018 7:26 PM, 146 bytes, A Adds the file content_script.js"="10/17/2018 7:26 PM, 2151 bytes, A Adds the file dlp.js"="10/17/2018 7:26 PM, 5659 bytes, A Adds the file dlpHelper.js"="10/17/2018 7:26 PM, 1799 bytes, A Adds the file extension_detect.js"="10/17/2018 7:26 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="10/17/2018 7:26 PM, 2855 bytes, A Adds the file index.js"="10/17/2018 7:26 PM, 49 bytes, A Adds the file initOfferCEF.js"="10/17/2018 7:26 PM, 8802 bytes, A Adds the file logger.js"="10/17/2018 7:26 PM, 541 bytes, A Adds the file offerService.js"="10/17/2018 7:26 PM, 10325 bytes, A Adds the file pageUtils.js"="10/17/2018 7:26 PM, 2805 bytes, A Adds the file PartnerId.js"="10/17/2018 7:26 PM, 16402 bytes, A Adds the file product.js"="10/17/2018 7:26 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="10/17/2018 7:26 PM, 2868 bytes, A Adds the file storage.js"="10/17/2018 7:26 PM, 1640 bytes, A Adds the file TabManager.js"="10/17/2018 7:26 PM, 151 bytes, A Adds the file TemplateParser.js"="10/17/2018 7:26 PM, 3038 bytes, A Adds the file ul.js"="10/17/2018 7:26 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="10/17/2018 7:26 PM, 1825 bytes, A Adds the file urlUtils.js"="10/17/2018 7:26 PM, 5349 bytes, A Adds the file util.js"="10/17/2018 7:26 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="10/17/2018 7:26 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="10/17/2018 7:26 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk Adds the file 000003.log"="12/13/2018 8:28 PM, 1985 bytes, A Adds the file CURRENT"="12/13/2018 8:28 PM, 16 bytes, A Adds the file LOCK"="12/13/2018 8:28 PM, 0 bytes, A Adds the file LOG"="12/13/2018 8:28 PM, 184 bytes, A Adds the file MANIFEST-000001"="12/13/2018 8:28 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_otMembers_@muzikfury.thewhizmarketing.com Adds the file storage.js"="12/13/2018 8:23 PM, 2677 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _otMembers_@muzikfury.thewhizmarketing.com.xpi"="12/13/2018 8:23 PM, 46492 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "njnmnphjljmejmfacphkagccdnajkghk"="REG_SZ", "0270731775B75ECD2BD8155557F1FD31427F4F880F540FA567BEE86DA3A48047" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/13/18 Scan Time: 8:34 PM Log File: 2af0f02e-ff0e-11e8-ae5c-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8303 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237019 Threats Detected: 58 Threats Quarantined: 58 Time Elapsed: 2 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MySearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|njnmnphjljmejmfacphkagccdnajkghk, Quarantined, [1858], [443097],1.0.8303 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_otMembers_@muzikfury.thewhizmarketing.com, Quarantined, [1712], [468075],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NJNMNPHJLJMEJMFACPHKAGCCDNAJKGHK, Quarantined, [1858], [443097],1.0.8303 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_otMembers_@muzikfury.thewhizmarketing.com.xpi, Quarantined, [1712], [457930],1.0.8303 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_otMembers_@muzikfury.thewhizmarketing.com\storage.js, Quarantined, [1712], [468075],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\000003.log, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\CURRENT, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\LOCK, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\LOG, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\MANIFEST-000001, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NJNMNPHJLJMEJMFACPHKAGCCDNAJKGHK\13.817.14.14883_0\MANIFEST.JSON, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config\config.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon128.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon16.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon19disabled.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon19on.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon48.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\initOfferCEF.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\ajax.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\b2b-partner-tracking.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\background.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\browserUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\chrome.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\content_script.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\dlp.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\dlpHelper.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\extension_detect.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\genericLoadRemoteSettings.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\index.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\logger.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\offerService.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\pageUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\PartnerId.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\product.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\splashPageRedirectHandler.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\storage.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\TabManager.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\TemplateParser.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\ul.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\urlFragmentActions.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\urlUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\util.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\webtooltabAPI.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\webTooltabAPIProxy.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en\messages.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata\computed_hashes.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata\verified_contents.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\newtabproduct.html, Quarantined, [1858], [443097],1.0.8303 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  13. What is Screen Addict?The Malwarebytes research team has determined that Screen Addict is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Screen Addict is a member of the TheWhizProducts family also known as APN, LLC. applications.How do I know if my computer is affected by Screen Addict?You may see these browser extensions/add-ons:these warnings during install:and this newtab-page in the affected browsers:How did Screen Addict get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension from the webstore:How do I remove Screen Addict?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Screen Addict? No, Malwarebytes' Anti-Malware removes Screen Addict completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Screen Addict hijacker. It would have blocked their domain: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_oiMembers_@screenaddict.thewhizproducts.com.xpi [2018-11-29] CHR Extension: (Screen Addict) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia [2018-11-29] Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0 Adds the file manifest.json"="11/29/2018 9:04 AM, 2394 bytes, A Adds the file newtabproduct.html"="10/17/2018 7:26 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en Adds the file messages.json"="11/29/2018 9:04 AM, 222 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata Adds the file computed_hashes.json"="11/29/2018 9:04 AM, 4560 bytes, A Adds the file verified_contents.json"="10/17/2018 7:26 PM, 5403 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config Adds the file config.json"="10/17/2018 7:26 PM, 1993 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons Adds the file icon128.png"="11/29/2018 9:04 AM, 2296 bytes, A Adds the file icon16.png"="10/17/2018 7:26 PM, 252 bytes, A Adds the file icon19disabled.png"="10/17/2018 7:26 PM, 318 bytes, A Adds the file icon19on.png"="11/29/2018 9:04 AM, 387 bytes, A Adds the file icon48.png"="11/29/2018 9:04 AM, 1033 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js Adds the file ajax.js"="10/17/2018 7:26 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="10/17/2018 7:26 PM, 11186 bytes, A Adds the file background.js"="10/17/2018 7:26 PM, 21476 bytes, A Adds the file browserUtils.js"="10/17/2018 7:26 PM, 912 bytes, A Adds the file chrome.js"="10/17/2018 7:26 PM, 146 bytes, A Adds the file content_script.js"="10/17/2018 7:26 PM, 2151 bytes, A Adds the file dlp.js"="10/17/2018 7:26 PM, 5659 bytes, A Adds the file dlpHelper.js"="10/17/2018 7:26 PM, 1799 bytes, A Adds the file extension_detect.js"="10/17/2018 7:26 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="10/17/2018 7:26 PM, 2855 bytes, A Adds the file index.js"="10/17/2018 7:26 PM, 49 bytes, A Adds the file initOfferCEF.js"="10/17/2018 7:26 PM, 8802 bytes, A Adds the file logger.js"="10/17/2018 7:26 PM, 541 bytes, A Adds the file offerService.js"="10/17/2018 7:26 PM, 10325 bytes, A Adds the file pageUtils.js"="10/17/2018 7:26 PM, 2805 bytes, A Adds the file PartnerId.js"="10/17/2018 7:26 PM, 16402 bytes, A Adds the file product.js"="10/17/2018 7:26 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="10/17/2018 7:26 PM, 2868 bytes, A Adds the file storage.js"="10/17/2018 7:26 PM, 1640 bytes, A Adds the file TabManager.js"="10/17/2018 7:26 PM, 151 bytes, A Adds the file TemplateParser.js"="10/17/2018 7:26 PM, 3038 bytes, A Adds the file ul.js"="10/17/2018 7:26 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="10/17/2018 7:26 PM, 1825 bytes, A Adds the file urlUtils.js"="10/17/2018 7:26 PM, 5349 bytes, A Adds the file util.js"="10/17/2018 7:26 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="10/17/2018 7:26 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="10/17/2018 7:26 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia Adds the file 000003.log"="11/29/2018 9:06 AM, 2010 bytes, A Adds the file CURRENT"="11/29/2018 9:04 AM, 16 bytes, A Adds the file LOCK"="11/29/2018 9:04 AM, 0 bytes, A Adds the file LOG"="11/29/2018 9:06 AM, 412 bytes, A Adds the file LOG.old"="11/29/2018 9:04 AM, 185 bytes, A Adds the file MANIFEST-000001"="11/29/2018 9:04 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oiMembers_@screenaddict.thewhizproducts.com Adds the file storage.js"="11/29/2018 9:00 AM, 2691 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _oiMembers_@screenaddict.thewhizproducts.com.xpi"="11/29/2018 9:00 AM, 45246 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lbclmokcohjnkfgopmmcjeijpfheafia"="REG_SZ", "D2D2EFB0AF5A0714C55F472F4E0F839EB9B619DFCA73C667C0DF09E1952CA5B7" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/29/18 Scan Time: 9:10 AM Log File: 428f58bd-f3ae-11e8-ad63-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8075 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237600 Threats Detected: 59 Threats Quarantined: 59 Time Elapsed: 3 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MySearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lbclmokcohjnkfgopmmcjeijpfheafia, Quarantined, [1860], [443097],1.0.8075 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_oiMembers_@screenaddict.thewhizproducts.com, Quarantined, [1714], [468075],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCLMOKCOHJNKFGOPMMCJEIJPFHEAFIA, Quarantined, [1860], [443097],1.0.8075 File: 48 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_oiMembers_@screenaddict.thewhizproducts.com.xpi, Quarantined, [1714], [457930],1.0.8075 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oiMembers_@screenaddict.thewhizproducts.com\storage.js, Quarantined, [1714], [468075],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\000003.log, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\CURRENT, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOCK, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOG, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOG.old, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\MANIFEST-000001, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCLMOKCOHJNKFGOPMMCJEIJPFHEAFIA\13.817.14.14900_0\MANIFEST.JSON, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config\config.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon128.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon16.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon19disabled.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon19on.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon48.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\initOfferCEF.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\ajax.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\b2b-partner-tracking.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\background.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\browserUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\chrome.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\content_script.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\dlp.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\dlpHelper.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\extension_detect.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\genericLoadRemoteSettings.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\index.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\logger.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\offerService.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\pageUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\PartnerId.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\product.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\splashPageRedirectHandler.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\storage.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\TabManager.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\TemplateParser.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\ul.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\urlFragmentActions.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\urlUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\util.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\webtooltabAPI.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\webTooltabAPIProxy.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en\messages.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata\computed_hashes.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata\verified_contents.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\newtabproduct.html, Quarantined, [1860], [443097],1.0.8075 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  14. What is TV Stream Now?The Malwarebytes research team has determined that TV Stream Now is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.TV Stream Now is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by TV Stream Now?You may see these browser extensions/add-ons:these warnings during install:and this newtab-page in the affected browsers:How did TV Stream Now get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove TV Stream Now?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of TV Stream Now? No, Malwarebytes' Anti-Malware removes TV Stream Now completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the TV Stream Now hijacker. It would have blocked the website, giving you a chance to stop it before it became too late. and the (url=https://blog.malware...n/]MalwarebytesBrowser Extension[/url] would have blocked the site as well: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_j0Members_@www.gettvstreamnow.com.xpi [2018-09-14] CHR Extension: (TV Stream Now) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd [2018-09-14] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0 Adds the file dynamicNewTab.html"="3/16/2018 1:08 PM, 1136 bytes, A Adds the file manifest.json"="9/14/2018 9:00 AM, 2566 bytes, A Adds the file productnewtab.html"="3/16/2018 1:08 PM, 1136 bytes, A Adds the file stubby.html"="3/16/2018 1:08 PM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata Adds the file computed_hashes.json"="9/14/2018 9:00 AM, 5046 bytes, A Adds the file verified_contents.json"="3/21/2018 2:02 PM, 5391 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config Adds the file config.json"="3/21/2018 2:02 PM, 1970 bytes, A Adds the file extension-config.json"="3/16/2018 1:08 PM, 1114 bytes, A Adds the file extension-dev-config.json"="3/16/2018 1:08 PM, 1236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js Adds the file ajax.js"="3/16/2018 1:08 PM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="3/21/2018 2:02 PM, 11023 bytes, A Adds the file background.js"="3/21/2018 2:02 PM, 21158 bytes, A Adds the file chrome.js"="3/16/2018 1:08 PM, 180 bytes, A Adds the file content_script.js"="3/16/2018 1:08 PM, 5815 bytes, A Adds the file dlp.js"="3/16/2018 1:08 PM, 5690 bytes, A Adds the file dlpHelper.js"="3/16/2018 1:08 PM, 1836 bytes, A Adds the file extension_detect.js"="3/16/2018 1:08 PM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="3/16/2018 1:08 PM, 2908 bytes, A Adds the file index.js"="3/16/2018 1:08 PM, 82 bytes, A Adds the file initOfferCEF.js"="3/16/2018 1:08 PM, 8991 bytes, A Adds the file logger.js"="3/16/2018 1:08 PM, 575 bytes, A Adds the file offerService.js"="3/16/2018 1:08 PM, 13159 bytes, A Adds the file pageUtils.js"="3/16/2018 1:08 PM, 1811 bytes, A Adds the file PartnerId.js"="3/16/2018 1:08 PM, 16439 bytes, A Adds the file product.js"="3/16/2018 1:08 PM, 4511 bytes, A Adds the file storage.js"="3/16/2018 1:08 PM, 1675 bytes, A Adds the file TabManager.js"="3/16/2018 1:08 PM, 189 bytes, A Adds the file TemplateParser.js"="3/16/2018 1:08 PM, 3080 bytes, A Adds the file ul.js"="3/21/2018 2:02 PM, 3862 bytes, A Adds the file urlFragmentActions.js"="3/16/2018 1:08 PM, 2521 bytes, A Adds the file urlUtils.js"="3/16/2018 1:08 PM, 5385 bytes, A Adds the file util.js"="3/21/2018 2:02 PM, 4027 bytes, A Adds the file webtooltabAPI.js"="3/16/2018 1:08 PM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd Adds the file 000003.log"="9/14/2018 9:00 AM, 5001 bytes, A Adds the file CURRENT"="9/14/2018 9:00 AM, 16 bytes, A Adds the file LOCK"="9/14/2018 9:00 AM, 0 bytes, A Adds the file LOG"="9/14/2018 9:00 AM, 185 bytes, A Adds the file MANIFEST-000001"="9/14/2018 9:00 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_j0Members_@www.gettvstreamnow.com Adds the file storage.js"="9/14/2018 9:03 AM, 770 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _j0Members_@www.gettvstreamnow.com.xpi"="9/14/2018 9:03 AM, 53505 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "podgeadojmfnljiibabaddnebdodfbfd"="REG_SZ", "F12A9D3CCE0AC5DA8A95CB535F086854B781F1BAE1DD3420EFFEDF975C02BD94" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/14/18 Scan Time: 9:11 AM Log File: 78837b8a-b7ed-11e8-b18b-00ffdcc6fdfc.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.441 Update Package Version: 1.0.6821 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 252756 Threats Detected: 55 Threats Quarantined: 55 Time Elapsed: 3 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_j0Members_@www.gettvstreamnow.com, Quarantined, [1698], [468075],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PODGEADOJMFNLJIIBABADDNEBDODFBFD, Quarantined, [1698], [467555],1.0.6821 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_j0Members_@www.gettvstreamnow.com.xpi, Quarantined, [1698], [457930],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_j0Members_@www.gettvstreamnow.com\storage.js, Quarantined, [1698], [468075],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\000003.log, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\CURRENT, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\LOCK, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\LOG, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\podgeadojmfnljiibabaddnebdodfbfd\MANIFEST-000001, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PODGEADOJMFNLJIIBABADDNEBDODFBFD\13.421.12.56809_0\MANIFEST.JSON, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config\config.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config\extension-config.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\config\extension-dev-config.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon128.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon16.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon19disabled.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon19on.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\icons\icon48.png, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\logger.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\ajax.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\b2b-partner-tracking.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\background.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\chrome.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\content_script.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\dlp.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\dlpHelper.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\extension_detect.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\genericLoadRemoteSettings.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\index.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\initOfferCEF.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\offerService.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\pageUtils.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\PartnerId.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\product.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\storage.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\TabManager.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\TemplateParser.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\ul.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\urlFragmentActions.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\urlUtils.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\util.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\js\webtooltabAPI.js, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata\computed_hashes.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\_metadata\verified_contents.json, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\dynamicNewTab.html, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\productnewtab.html, Quarantined, [1698], [467555],1.0.6821 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgeadojmfnljiibabaddnebdodfbfd\13.421.12.56809_0\stubby.html, Quarantined, [1698], [467555],1.0.6821 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  15. What is Go Game Go?The Malwarebytes research team has determined that Go Game Go is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Go Game Go is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Go Game Go?You may see these browser extensions/add-ons:these warnings during install:and this new NewTab page:How did Go Game Go get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.And the Chrome extension was available in the webstore:How do I remove Go Game Go?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Go Game Go? If you are using an older version of Malwarebytes, you may have to remove the Chrome extension manually under Tools > More Tools > Extensions. Click on the bin behind the Go Game Go entry and confirm Remove in the prompt. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Go Game Go hijacker. It blocks traffic to their domains: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_osMembers_@gogamego.thewhizproducts.com.xpi [2018-05-02] CHR Extension: (Go Game Go) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi [2018-05-02] Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0 Adds the file dynamicNewTab.html"="4/20/2018 1:58 PM, 1136 bytes, A Adds the file manifest.json"="5/2/2018 10:33 AM, 2601 bytes, A Adds the file productnewtab.html"="4/20/2018 1:58 PM, 1136 bytes, A Adds the file stubby.html"="4/20/2018 1:58 PM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\_metadata Adds the file computed_hashes.json"="5/2/2018 10:33 AM, 4670 bytes, A Adds the file verified_contents.json"="4/20/2018 1:58 PM, 5389 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config Adds the file config.json"="4/20/2018 1:58 PM, 1946 bytes, A Adds the file extension-config.json"="4/20/2018 1:58 PM, 1114 bytes, A Adds the file extension-dev-config.json"="4/20/2018 1:58 PM, 1236 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons Adds the file icon128.png"="5/2/2018 10:33 AM, 3339 bytes, A Adds the file icon16.png"="4/20/2018 1:58 PM, 227 bytes, A Adds the file icon19disabled.png"="4/20/2018 1:58 PM, 263 bytes, A Adds the file icon19on.png"="5/2/2018 10:33 AM, 473 bytes, A Adds the file icon48.png"="5/2/2018 10:33 AM, 1404 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js Adds the file ajax.js"="4/20/2018 1:58 PM, 2250 bytes, A Adds the file b2b-partner-tracking.js"="4/20/2018 1:58 PM, 11023 bytes, A Adds the file background.js"="4/20/2018 1:58 PM, 21158 bytes, A Adds the file chrome.js"="4/20/2018 1:58 PM, 180 bytes, A Adds the file content_script.js"="4/20/2018 1:58 PM, 5815 bytes, A Adds the file dlp.js"="4/20/2018 1:58 PM, 5690 bytes, A Adds the file dlpHelper.js"="4/20/2018 1:58 PM, 1836 bytes, A Adds the file extension_detect.js"="4/20/2018 1:58 PM, 4343 bytes, A Adds the file genericLoadRemoteSettings.js"="4/20/2018 1:58 PM, 2908 bytes, A Adds the file index.js"="4/20/2018 1:58 PM, 82 bytes, A Adds the file initOfferCEF.js"="4/20/2018 1:58 PM, 8991 bytes, A Adds the file logger.js"="4/20/2018 1:58 PM, 575 bytes, A Adds the file offerService.js"="4/20/2018 1:58 PM, 13159 bytes, A Adds the file pageUtils.js"="4/20/2018 1:58 PM, 1811 bytes, A Adds the file PartnerId.js"="4/20/2018 1:58 PM, 16439 bytes, A Adds the file product.js"="4/20/2018 1:58 PM, 4511 bytes, A Adds the file storage.js"="4/20/2018 1:58 PM, 1675 bytes, A Adds the file TabManager.js"="4/20/2018 1:58 PM, 189 bytes, A Adds the file TemplateParser.js"="4/20/2018 1:58 PM, 3080 bytes, A Adds the file ul.js"="4/20/2018 1:58 PM, 3862 bytes, A Adds the file urlFragmentActions.js"="4/20/2018 1:58 PM, 2521 bytes, A Adds the file urlUtils.js"="4/20/2018 1:58 PM, 5385 bytes, A Adds the file util.js"="4/20/2018 1:58 PM, 4027 bytes, A Adds the file webtooltabAPI.js"="4/20/2018 1:58 PM, 8762 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi Adds the file 000003.log"="5/2/2018 10:33 AM, 5595 bytes, A Adds the file CURRENT"="5/2/2018 10:33 AM, 16 bytes, A Adds the file LOCK"="5/2/2018 10:33 AM, 0 bytes, A Adds the file LOG"="5/2/2018 10:33 AM, 185 bytes, A Adds the file MANIFEST-000001"="5/2/2018 10:33 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_osMembers_@gogamego.thewhizproducts.com Adds the file storage.js"="5/2/2018 10:29 AM, 2699 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _osMembers_@gogamego.thewhizproducts.com.xpi"="5/2/2018 10:29 AM, 47290 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "enodhhjhliaheicgikdhckdlmjmncemi"="REG_SZ", "6F86893A0132B2967014933B0A6FDFB6CB0A686521110FE18225AA415109E6DE" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/2/18 Scan Time: 10:39 AM Log File: 4f923e65-4de4-11e8-bc08-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4948 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 247203 Threats Detected: 55 Threats Quarantined: 55 Time Elapsed: 2 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_osMembers_@gogamego.thewhizproducts.com, Quarantined, [1712], [468075],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\_metadata, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ENODHHJHLIAHEICGIKDHCKDLMJMNCEMI, Quarantined, [1712], [467555],1.0.4948 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_osMembers_@gogamego.thewhizproducts.com.xpi, Quarantined, [1712], [457930],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_osMembers_@gogamego.thewhizproducts.com\storage.js, Quarantined, [1712], [468075],1.0.4948 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\000003.log, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\CURRENT, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\LOCK, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\LOG, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\enodhhjhliaheicgikdhckdlmjmncemi\MANIFEST-000001, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ENODHHJHLIAHEICGIKDHCKDLMJMNCEMI\13.421.13.8185_0\MANIFEST.JSON, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config\config.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config\extension-config.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\config\extension-dev-config.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon128.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon16.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon19disabled.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon19on.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\icons\icon48.png, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\logger.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\ajax.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\b2b-partner-tracking.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\background.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\chrome.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\content_script.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\dlp.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\dlpHelper.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\extension_detect.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\genericLoadRemoteSettings.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\index.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\initOfferCEF.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\offerService.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\pageUtils.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\PartnerId.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\product.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\storage.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\TabManager.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\TemplateParser.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\ul.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\urlFragmentActions.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\urlUtils.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\util.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\js\webtooltabAPI.js, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\_metadata\computed_hashes.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\_metadata\verified_contents.json, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\dynamicNewTab.html, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\productnewtab.html, Quarantined, [1712], [467555],1.0.4948 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\enodhhjhliaheicgikdhckdlmjmncemi\13.421.13.8185_0\stubby.html, Quarantined, [1712], [467555],1.0.4948 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.