Jump to content

Search the Community

Showing results for tags 'pup.optional.searchenginehijack.generic'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 19 results

  1. What is MyShopSearch? The Malwarebytes research team has determined that MyShopSearch is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particualr one changes your default search engine. How do I know if my computer is affected by MyShopSearch? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did MyShopSearch get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from a website: How do I remove MyShopSearch? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of MyShopSearch? No, Malwarebytes removes MyShopSearch completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the MyShopSearch hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://myshopsearch.com/results.php?pub=3200&v=401&q={searchTerms} CHR DefaultSearchKeyword: Default -> MyShopSearch CHR DefaultSuggestURL: Default -> hxxps://myshopsearch.com/gjson.php?q={searchTerms} CHR Extension: (MyShop) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oplkomofpnnclabnbficnljkbnnjbngg [2021-08-04] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oplkomofpnnclabnbficnljkbnnjbngg\1.0_0 Adds the file background.js"="6/5/2021 6:10 PM, 1326 bytes, A Adds the file icon128.png"="8/4/2021 10:26 AM, 5625 bytes, A Adds the file manifest.json"="8/4/2021 10:26 AM, 1569 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oplkomofpnnclabnbficnljkbnnjbngg\1.0_0\_metadata Adds the file computed_hashes.json"="8/4/2021 10:26 AM, 136 bytes, A Adds the file verified_contents.json"="6/30/2021 1:45 PM, 1523 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "oplkomofpnnclabnbficnljkbnnjbngg"="REG_SZ", "0E478F8D5EEDD056854442CCD11F7FFB3C18DC1DAF49823A6B456288219D7793" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/4/21 Scan Time: 10:32 AM Log File: 8ab69e26-f4fe-11eb-995e-080027235d76.json -Software Information- Version: 4.4.4.126 Components Version: 1.0.1413 Update Package Version: 1.0.43852 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 258081 Threats Detected: 5 Threats Quarantined: 5 Time Elapsed: 1 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|oplkomofpnnclabnbficnljkbnnjbngg, Quarantined, 16689, 930423, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OPLKOMOFPNNCLABNBFICNLJKBNNJBNGG, Quarantined, 16689, 930423, 1.0.43852, , ame, , , File: 3 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16689, 930423, , , , , 52CB4BE9DA5D2C8AA12D93427C0A1C26, 37F24711BCA465FE3E54E796D020A230A641626B1CC083FDE57B4F8D8C61AFCC PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16689, 930423, , , , , 311ABD09D1624B703F6643AA7F3918E7, 8DB57B6B52428D5E6C6347A4C38B86F7F8420490AB10C570478C51A98B986F21 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OPLKOMOFPNNCLABNBFICNLJKBNNJBNGG\1.0_0\MANIFEST.JSON, Quarantined, 16689, 930423, 1.0.43852, , ame, , 017E7694B8A586F1E123DEC8C6B88EC6, 1D91DADCC49F4188F7AB58CA4C39EF6C756722A2AB9F2A8A640EAAF826FE1913 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is nok app? The Malwarebytes research team has determined that nok app is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one closes your search tab and opens a new one with their own search engine. How do I know if my computer is affected by nok app? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did nok app get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove nok app? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of nok app? No, Malwarebytes removes nok app completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the nok app hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (nok app) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igbjecfohkegdmjapeikagjnamfnkobn [2021-03-19] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igbjecfohkegdmjapeikagjnamfnkobn\6.4.11_0 Adds the file manifest.json"="3/19/2021 10:24 AM, 1113 bytes, A Adds the file sr.js"="2/21/2021 11:32 AM, 7540 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igbjecfohkegdmjapeikagjnamfnkobn\6.4.11_0\_metadata Adds the file computed_hashes.json"="3/19/2021 10:24 AM, 396 bytes, A Adds the file verified_contents.json"="2/21/2021 11:31 AM, 1639 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\igbjecfohkegdmjapeikagjnamfnkobn\6.4.11_0\icons Adds the file icon128.png"="3/19/2021 10:24 AM, 2188 bytes, A Adds the file icon48.png"="3/19/2021 10:24 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igbjecfohkegdmjapeikagjnamfnkobn Adds the file 000003.log"="3/19/2021 10:25 AM, 224 bytes, A Adds the file CURRENT"="3/19/2021 10:24 AM, 16 bytes, A Adds the file LOCK"="3/19/2021 10:24 AM, 0 bytes, A Adds the file LOG"="3/19/2021 10:24 AM, 183 bytes, A Adds the file MANIFEST-000001"="3/19/2021 10:24 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "igbjecfohkegdmjapeikagjnamfnkobn"="REG_SZ", "069022FAAEAF4683A85C90B97D929AC12935860A611C941DFBCDF1E3FEF6631D" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/19/21 Scan Time: 10:30 AM Log File: ce2f2b62-8895-11eb-94e6-080027235d76.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.38375 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233495 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 1 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|igbjecfohkegdmjapeikagjnamfnkobn, Quarantined, 16197, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\igbjecfohkegdmjapeikagjnamfnkobn, Quarantined, 16197, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IGBJECFOHKEGDMJAPEIKAGJNAMFNKOBN, Quarantined, 16197, 836150, 1.0.38375, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16197, 836150, , , , , 8A6CEF55A366C1BA63C5886CDB36A4B4, E9431AF4EDE62539F5556D8B5996568777B337E4D031E1770A70F75C6C8444F0 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16197, 836150, , , , , 75E3724D5A757FBDE52572E020D75C15, 2AB87DFB473F34D1743B94C0E865EFAD52BDD0AB21FE303DCBF3A559582D3FA0 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igbjecfohkegdmjapeikagjnamfnkobn\000003.log, Quarantined, 16197, 836150, , , , , FE67FA02D608B7EF7634AA00C0A95EF3, C6360004CBB78C773A015C6279B5FC6C94099E2B6E782F6C101FACB01CFED4EF PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igbjecfohkegdmjapeikagjnamfnkobn\CURRENT, Quarantined, 16197, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igbjecfohkegdmjapeikagjnamfnkobn\LOCK, Quarantined, 16197, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igbjecfohkegdmjapeikagjnamfnkobn\LOG, Quarantined, 16197, 836150, , , , , E156FEA19E33C5D942B732CFBDB0B204, 80A8103FF0E7002BB82797DCAF3A58AE0CAFAC60574FF3F752EE13D6B3AAEF59 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\igbjecfohkegdmjapeikagjnamfnkobn\MANIFEST-000001, Quarantined, 16197, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IGBJECFOHKEGDMJAPEIKAGJNAMFNKOBN\6.4.11_0\MANIFEST.JSON, Quarantined, 16197, 836150, 1.0.38375, , ame, , EC721CD7258A7CE8923245A85592B404, 6C76365CFFF723E0955B120CD3270B32240FA9738A7A8E2AC84051CF7BB8D036 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is Your Lovely Tab?The Malwarebytes research team has determined that Your Lovely Tab is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one closes your search tab and opens a new one with their own search engine.How do I know if my computer is affected by Your Lovely Tab?You may see this entry in your list of installed Chrome extensions:You may have noticed these warnings during install:How did Your Lovely Tab get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Your Lovely Tab?Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Your Lovely Tab? No, Malwarebytes removes Your Lovely Tab completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Your Lovely Tab hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR Extension: (Your Lovely Tab) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejiifmohcdfbclcpiiedcihibigfkgo [2021-03-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejiifmohcdfbclcpiiedcihibigfkgo\6.3.73_0 Adds the file manifest.json"="3/17/2021 8:55 AM, 1119 bytes, A Adds the file sr.js"="1/10/2021 9:08 PM, 7535 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejiifmohcdfbclcpiiedcihibigfkgo\6.3.73_0\_metadata Adds the file computed_hashes.json"="3/17/2021 8:55 AM, 396 bytes, A Adds the file verified_contents.json"="1/10/2021 9:08 PM, 1639 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejiifmohcdfbclcpiiedcihibigfkgo\6.3.73_0\icons Adds the file icon128.png"="3/17/2021 8:55 AM, 2188 bytes, A Adds the file icon48.png"="3/17/2021 8:55 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oejiifmohcdfbclcpiiedcihibigfkgo Adds the file 000003.log"="3/17/2021 8:57 AM, 225 bytes, A Adds the file CURRENT"="3/17/2021 8:55 AM, 16 bytes, A Adds the file LOCK"="3/17/2021 8:55 AM, 0 bytes, A Adds the file LOG"="3/17/2021 8:55 AM, 184 bytes, A Adds the file MANIFEST-000001"="3/17/2021 8:55 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "oejiifmohcdfbclcpiiedcihibigfkgo"="REG_SZ", "93F0FF450A63C9E5DD4E7E735C912D8EDA34FD763A727B2FBD8FE8ECFB1BC9AD" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/17/21 Scan Time: 9:05 AM Log File: 8486deb4-86f7-11eb-89f5-080027235d76.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.38283 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233458 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 3 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|oejiifmohcdfbclcpiiedcihibigfkgo, Quarantined, 16179, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\oejiifmohcdfbclcpiiedcihibigfkgo, Quarantined, 16179, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OEJIIFMOHCDFBCLCPIIEDCIHIBIGFKGO, Quarantined, 16179, 836150, 1.0.38283, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16179, 836150, , , , , 8DDC2632144F440A543FB0A80A1E1C4B, 9DFD07EEFC4DFCB7C7C4A3971EE9478DB481B8FDC644CD233778B401E2AD55C5 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16179, 836150, , , , , 9CC936D15B81CDDC7895A2EAF6EDB875, C8E97C768A92D8F2716E990FA550F138F04DA473C63D55945845A6613CCDB91E PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oejiifmohcdfbclcpiiedcihibigfkgo\000003.log, Quarantined, 16179, 836150, , , , , 4D7DAE750110B75EA8E84D2E8F25E9B6, 0511B6A80EC7976A161FFEC28E53A46671EDDBA64805327A8792DD64D92389EE PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oejiifmohcdfbclcpiiedcihibigfkgo\CURRENT, Quarantined, 16179, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oejiifmohcdfbclcpiiedcihibigfkgo\LOCK, Quarantined, 16179, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oejiifmohcdfbclcpiiedcihibigfkgo\LOG, Quarantined, 16179, 836150, , , , , B97761CA17321662B0510A0894E77345, 9217FBE0B9EB4F933700356BFD8F8401E8644148043823848EFEBC2B10FFCBFA PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oejiifmohcdfbclcpiiedcihibigfkgo\MANIFEST-000001, Quarantined, 16179, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OEJIIFMOHCDFBCLCPIIEDCIHIBIGFKGO\6.3.73_0\MANIFEST.JSON, Quarantined, 16179, 836150, 1.0.38283, , ame, , C4A56958ABC2F4030A9CA37F44B78F01, D750031AED38E7E6F70851060408450AC5DDAEC8FE560A6631DDCF0F7DA4EB1F Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is goGame app?The Malwarebytes research team has determined that goGame app is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one closes your search tab and opens a new one with their own search engine.How do I know if my computer is affected by goGame app?You may see this entry in your list of installed Chrome extensions:You may have noticed these warnings during install:How did goGame app get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove goGame app?Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of goGame app? No, Malwarebytes removes goGame app completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the goGame app hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR Extension: (goGame app) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mindjgnkamgejcfhggajieealfmbkhlp [2021-03-14] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mindjgnkamgejcfhggajieealfmbkhlp\6.3.83_0 Adds the file manifest.json"="3/14/2021 12:03 PM, 1117 bytes, A Adds the file sr.js"="2/6/2021 9:50 PM, 7539 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mindjgnkamgejcfhggajieealfmbkhlp\6.3.83_0\_metadata Adds the file computed_hashes.json"="3/14/2021 12:03 PM, 396 bytes, A Adds the file verified_contents.json"="2/2/2021 11:18 AM, 1639 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mindjgnkamgejcfhggajieealfmbkhlp\6.3.83_0\icons Adds the file icon128.png"="3/14/2021 12:03 PM, 2188 bytes, A Adds the file icon48.png"="3/14/2021 12:03 PM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mindjgnkamgejcfhggajieealfmbkhlp Adds the file 000003.log"="3/14/2021 12:04 PM, 226 bytes, A Adds the file CURRENT"="3/14/2021 12:03 PM, 16 bytes, A Adds the file LOCK"="3/14/2021 12:03 PM, 0 bytes, A Adds the file LOG"="3/14/2021 12:03 PM, 184 bytes, A Adds the file MANIFEST-000001"="3/14/2021 12:03 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "mindjgnkamgejcfhggajieealfmbkhlp"="REG_SZ", "6102D58A1ACABEB2C792BF526B35261BEAA9F0CBA2079B99E29F0086F3B7506D" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/14/21 Scan Time: 12:11 PM Log File: f98c582c-84b5-11eb-a495-080027235d76.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1217 Update Package Version: 1.0.38137 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233382 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 3 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mindjgnkamgejcfhggajieealfmbkhlp, Quarantined, 16186, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\mindjgnkamgejcfhggajieealfmbkhlp, Quarantined, 16186, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MINDJGNKAMGEJCFHGGAJIEEALFMBKHLP, Quarantined, 16186, 836150, 1.0.38137, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16186, 836150, , , , , FB1AC27BB1B7B36800A05BAF8D594751, 19B0CD717DEEE856A19AED9B814D7A7DDD95E83EC2035F6AD74FFA54B32E6456 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16186, 836150, , , , , DDDB0F969013B253F0D2D3690DF6391F, AAA7BF41D98331DA94554D9E9A3307B5EE06DE90B5C9918149EEDF5F1054181C PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mindjgnkamgejcfhggajieealfmbkhlp\000003.log, Quarantined, 16186, 836150, , , , , 08C8371C01D13FE6E9D427504B7672C4, A9DDF1D2BBC2218D91759583CA0AA610AD1D3A2852B89A5FF61FAA7E0FCFD5E1 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mindjgnkamgejcfhggajieealfmbkhlp\CURRENT, Quarantined, 16186, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mindjgnkamgejcfhggajieealfmbkhlp\LOCK, Quarantined, 16186, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mindjgnkamgejcfhggajieealfmbkhlp\LOG, Quarantined, 16186, 836150, , , , , 09922250C9E56C4007383826633973F7, A2C7847C6832616AFFF3504E54FAE1334422B0EA5F1CA641DD7F645F39600B7E PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mindjgnkamgejcfhggajieealfmbkhlp\MANIFEST-000001, Quarantined, 16186, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MINDJGNKAMGEJCFHGGAJIEEALFMBKHLP\6.3.83_0\MANIFEST.JSON, Quarantined, 16186, 836150, 1.0.38137, , ame, , 0D7E2037C1CCE94E6412DD47AC079EFE, 019B5B97DDF9BB4C1761427EF81CDE04808F89FCEFBF34F2C5525D8090492179 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is Big Linker? The Malwarebytes research team has determined that Big Linker is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one closes your search tab and opens a new one with their own search engine. How do I know if my computer is affected by Big Linker? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did Big Linker get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Big Linker? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Big Linker? No, Malwarebytes removes Big Linker completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Big Linker hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Big Linker) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akilfngnjmjeoklhmglkpaielnffmaoj [2021-03-05] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akilfngnjmjeoklhmglkpaielnffmaoj\6.3.61_0 Adds the file manifest.json"="3/5/2021 8:44 AM, 1112 bytes, A Adds the file sr.js"="11/21/2020 11:15 AM, 7674 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akilfngnjmjeoklhmglkpaielnffmaoj\6.3.61_0\_metadata Adds the file computed_hashes.json"="3/5/2021 8:44 AM, 396 bytes, A Adds the file verified_contents.json"="11/21/2020 11:15 AM, 1639 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\akilfngnjmjeoklhmglkpaielnffmaoj\6.3.61_0\icons Adds the file icon128.png"="3/5/2021 8:44 AM, 2188 bytes, A Adds the file icon48.png"="3/5/2021 8:44 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\akilfngnjmjeoklhmglkpaielnffmaoj Adds the file 000003.log"="3/5/2021 8:46 AM, 225 bytes, A Adds the file CURRENT"="3/5/2021 8:44 AM, 16 bytes, A Adds the file LOCK"="3/5/2021 8:44 AM, 0 bytes, A Adds the file LOG"="3/5/2021 8:44 AM, 183 bytes, A Adds the file MANIFEST-000001"="3/5/2021 8:44 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "akilfngnjmjeoklhmglkpaielnffmaoj"="REG_SZ", "1BB6EEFCE89EAA3721D0F0C372FAF310DA656E69D47B32FF92C7C139AFEE6BE9" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/5/21 Scan Time: 8:54 AM Log File: 0b93eea2-7d88-11eb-a7fd-080027235d76.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.37813 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username}-PC\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233337 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 3 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|akilfngnjmjeoklhmglkpaielnffmaoj, Quarantined, 9553, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\akilfngnjmjeoklhmglkpaielnffmaoj, Quarantined, 9553, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AKILFNGNJMJEOKLHMGLKPAIELNFFMAOJ, Quarantined, 9553, 836150, 1.0.37813, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 9553, 836150, , , , , 22EDFCAB97A335BF4E6DD4E9CB81AF2A, 519E3EA305EB0D461D2FAF632CFA56D48CB76EBD0C7A3DA7C659533BA3CBA1D6 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 9553, 836150, , , , , EF61E67731D1BCC8AC92EE8CC70BDA02, 5F2F8C19DCB3A6B1D3027AC8BCD6DDC33C9DED2F56E2B2005663973DBBD77ECC PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\akilfngnjmjeoklhmglkpaielnffmaoj\000003.log, Quarantined, 9553, 836150, , , , , 436C45805302A33BEF2BB7AF273CF024, B123ABB5CB3C46039C4F5CC4097638A8CA03DBE43DA22167563E2C3FAF7074EA PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\akilfngnjmjeoklhmglkpaielnffmaoj\CURRENT, Quarantined, 9553, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\akilfngnjmjeoklhmglkpaielnffmaoj\LOCK, Quarantined, 9553, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\akilfngnjmjeoklhmglkpaielnffmaoj\LOG, Quarantined, 9553, 836150, , , , , E4481AA5EAC3196464A965134E326DEB, D3ECFB43E3A607893D7A687DC81B9EBC364CBDE5C95722C852F96FB1BCDBE6FC PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\akilfngnjmjeoklhmglkpaielnffmaoj\MANIFEST-000001, Quarantined, 9553, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AKILFNGNJMJEOKLHMGLKPAIELNFFMAOJ\6.3.61_0\MANIFEST.JSON, Quarantined, 9553, 836150, 1.0.37813, , ame, , 50B72509D2EB1D083A6A2478222B5B53, 5CA539E2A474B249388B5937E4F0FED155AB3F881FF112996693C5A370C0FCB1 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. What is Best Searcher? The Malwarebytes research team has determined that Best Searcher is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one closes the tab you searched in and opens a new tab using your search term in their own engine. How do I know if my computer is affected by Best Searcher? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did Best Searcher get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Best Searcher? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Best Searcher? No, Malwarebytes removes Best Searcher completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Best Searcher hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Best Searcher) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\beggjmpgniaicolgjakmhiopcmmkdbla [2021-01-22] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\beggjmpgniaicolgjakmhiopcmmkdbla\6.3.48_0 Adds the file manifest.json"="1/22/2021 9:14 AM, 1116 bytes, A Adds the file sr.js"="10/15/2020 7:40 PM, 7671 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\beggjmpgniaicolgjakmhiopcmmkdbla\6.3.48_0\_metadata Adds the file computed_hashes.json"="1/22/2021 9:14 AM, 396 bytes, A Adds the file verified_contents.json"="10/15/2020 7:39 PM, 1639 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\beggjmpgniaicolgjakmhiopcmmkdbla\6.3.48_0\icons Adds the file icon128.png"="1/22/2021 9:14 AM, 2188 bytes, A Adds the file icon48.png"="1/22/2021 9:14 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\beggjmpgniaicolgjakmhiopcmmkdbla Adds the file 000003.log"="1/22/2021 9:18 AM, 289 bytes, A Adds the file CURRENT"="1/22/2021 9:14 AM, 16 bytes, A Adds the file LOCK"="1/22/2021 9:14 AM, 0 bytes, A Adds the file LOG"="1/22/2021 9:15 AM, 407 bytes, A Adds the file LOG.old"="1/22/2021 9:14 AM, 183 bytes, A Adds the file MANIFEST-000001"="1/22/2021 9:14 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "beggjmpgniaicolgjakmhiopcmmkdbla"="REG_SZ", "13EDB982223D0A6A807D5B0DDBDDE11358D6B8DE25DA43727A0762F66E452A8A" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/22/21 Scan Time: 9:25 AM Log File: 636e4ffa-5c8b-11eb-bc22-080027235d76.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1146 Update Package Version: 1.0.36089 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232942 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 3 min, 27 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|beggjmpgniaicolgjakmhiopcmmkdbla, Quarantined, 9553, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\beggjmpgniaicolgjakmhiopcmmkdbla, Quarantined, 9553, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BEGGJMPGNIAICOLGJAKMHIOPCMMKDBLA, Quarantined, 9553, 836150, 1.0.36089, , ame, , , File: 9 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 9553, 836150, , , , , 47276A9996459498FF5E18800FBF33DE, 2B6394F58DDC4796736CEF43CD899519678B65A9F7F4C973548FB7C75EDA5005 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 9553, 836150, , , , , FBF42246A191279ABCD4597DB4F4B57E, 4B26CD1C3F417257954DF9B3DCE53B73DAD1E0040272003B51A875A302170C68 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\beggjmpgniaicolgjakmhiopcmmkdbla\000003.log, Quarantined, 9553, 836150, , , , , 240619510DA1F42D7CA96B468E75D79C, 664B3908B2289403C96D0A9C504BA8E322F66685B8971AFCCEBE0E376113B75D PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\beggjmpgniaicolgjakmhiopcmmkdbla\CURRENT, Quarantined, 9553, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\beggjmpgniaicolgjakmhiopcmmkdbla\LOCK, Quarantined, 9553, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\beggjmpgniaicolgjakmhiopcmmkdbla\LOG, Quarantined, 9553, 836150, , , , , D3F7EFCE630B1E9D706704AA6D1103DF, 6ED714CD10EB4BB3D4F39C79C6729F45615C6DD62FD5ACB2BCEDCAA623227A44 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\beggjmpgniaicolgjakmhiopcmmkdbla\LOG.old, Quarantined, 9553, 836150, , , , , 983178C697BACF5C8A31676AB4514FA7, C9CA9F047FF889C9501076FB7E182C9FDC777AC67D33B672F09682CCD3695E7B PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\beggjmpgniaicolgjakmhiopcmmkdbla\MANIFEST-000001, Quarantined, 9553, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BEGGJMPGNIAICOLGJAKMHIOPCMMKDBLA\6.3.48_0\MANIFEST.JSON, Quarantined, 9553, 836150, 1.0.36089, , ame, , 41B24126093C14BCA667F095753898C9, 49FBD707B767DBF6EA9E344214A09B93AE0D982B90F6F9D5E822978972B7936D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  7. What is Movie Tab? The Malwarebytes research team has determined that Movie Tab is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one closes the tab with your search results and opens a new one with the same search query on their own search engine. How do I know if my computer is affected by Movie Tab? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did Movie Tab get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Movie Tab? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Movie Tab? No, Malwarebytes removes Movie Tab completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Movie Tab hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Movie Tab) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipgcjldhhgnkepfeiigdnbkjbhokghh [2020-12-09] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipgcjldhhgnkepfeiigdnbkjbhokghh\6.3.65_0 Adds the file manifest.json"="12/9/2020 8:50 AM, 1111 bytes, A Adds the file sr.js"="11/25/2020 8:11 PM, 7673 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipgcjldhhgnkepfeiigdnbkjbhokghh\6.3.65_0\_metadata Adds the file computed_hashes.json"="12/9/2020 8:50 AM, 396 bytes, A Adds the file verified_contents.json"="11/25/2020 8:11 PM, 1639 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipgcjldhhgnkepfeiigdnbkjbhokghh\6.3.65_0\icons Adds the file icon128.png"="12/9/2020 8:50 AM, 2188 bytes, A Adds the file icon48.png"="12/9/2020 8:50 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aipgcjldhhgnkepfeiigdnbkjbhokghh Adds the file 000003.log"="12/9/2020 8:53 AM, 288 bytes, A Adds the file CURRENT"="12/9/2020 8:50 AM, 16 bytes, A Adds the file LOCK"="12/9/2020 8:50 AM, 0 bytes, A Adds the file LOG"="12/9/2020 8:50 AM, 184 bytes, A Adds the file MANIFEST-000001"="12/9/2020 8:50 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "aipgcjldhhgnkepfeiigdnbkjbhokghh"="REG_SZ", "908198BE40F008044298BE62C91CD9FCADBEB65769B08CFA2B5C375BD9D9415D" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/9/20 Scan Time: 9:01 AM Log File: c5731942-39f4-11eb-bb13-080027235d76.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.34121 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232166 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 2 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|aipgcjldhhgnkepfeiigdnbkjbhokghh, Quarantined, 15741, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\aipgcjldhhgnkepfeiigdnbkjbhokghh, Quarantined, 15741, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AIPGCJLDHHGNKEPFEIIGDNBKJBHOKGHH, Quarantined, 15741, 836150, 1.0.34121, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15741, 836150, , , , , 3643BA7B9DB79EA8353B86C87D0E7AC4, 06229972BCF11620424DD0FBA12A2691C96262B49EA99A2609599878A395CEA0 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15741, 836150, , , , , 731A353059AC82B3C7E222CC7FEED4EC, 9CADDA9822BF63AC706ADFF1E0325746F75A950BD71BD74D56CBD197B2AC0E23 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aipgcjldhhgnkepfeiigdnbkjbhokghh\000003.log, Quarantined, 15741, 836150, , , , , 9303F24C38704428299BFA38339BF996, C34314F1D59B02EB9CEE55E751ED6864AA5C75AE2C11DE80E73B887AA44EF2E0 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aipgcjldhhgnkepfeiigdnbkjbhokghh\CURRENT, Quarantined, 15741, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aipgcjldhhgnkepfeiigdnbkjbhokghh\LOCK, Quarantined, 15741, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aipgcjldhhgnkepfeiigdnbkjbhokghh\LOG, Quarantined, 15741, 836150, , , , , 00147D4E485F12A0BC66D6A9A5429AF9, DABAEEC7079282C420C3F088B974127E8B8F5EE4AFB58E2E3FC0A8A8DD59B340 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aipgcjldhhgnkepfeiigdnbkjbhokghh\MANIFEST-000001, Quarantined, 15741, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AIPGCJLDHHGNKEPFEIIGDNBKJBHOKGHH\6.3.65_0\MANIFEST.JSON, Quarantined, 15741, 836150, 1.0.34121, , ame, , 26C465FDBDC946C330F49F4E822C3249, 44CEE1BD434D1843777723757BF9E2B2C458BBA3039E9ADB156FDA90F77BC92F Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  8. What is StreamBee? The Malwarebytes research team has determined that StreamBee is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one closes your initial search tab and opens a new one with the same querie on their own search domain. More details in this blogpost. How do I know if my computer is affected by StreamBee? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did StreamBee get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove StreamBee? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of StreamBee? No, Malwarebytes removes StreamBee completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the StreamBee hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (StreamBee) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjdmnehbpkmpmihaaggnlihledemnpi [2020-11-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjdmnehbpkmpmihaaggnlihledemnpi\6.3.54_0 Adds the file manifest.json"="11/17/2020 9:40 AM, 1111 bytes, A Adds the file sr.js"="10/19/2020 8:56 PM, 7673 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjdmnehbpkmpmihaaggnlihledemnpi\6.3.54_0\_metadata Adds the file computed_hashes.json"="11/17/2020 9:40 AM, 396 bytes, A Adds the file verified_contents.json"="10/19/2020 8:56 PM, 1639 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjdmnehbpkmpmihaaggnlihledemnpi\6.3.54_0\icons Adds the file icon128.png"="11/17/2020 9:40 AM, 2188 bytes, A Adds the file icon48.png"="11/17/2020 9:40 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nfjdmnehbpkmpmihaaggnlihledemnpi Adds the file 000003.log"="11/17/2020 9:42 AM, 226 bytes, A Adds the file CURRENT"="11/17/2020 9:40 AM, 16 bytes, A Adds the file LOCK"="11/17/2020 9:40 AM, 0 bytes, A Adds the file LOG"="11/17/2020 9:40 AM, 184 bytes, A Adds the file MANIFEST-000001"="11/17/2020 9:40 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "nfjdmnehbpkmpmihaaggnlihledemnpi"="REG_SZ", "669A9C6BD68510895B41CB8F50302CEF906B0AADE4AFC4337CDAE44737649CEE" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/17/20 Scan Time: 9:49 AM Log File: d1132214-28b1-11eb-bf3e-080027235d76.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1104 Update Package Version: 1.0.33016 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232005 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 3 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|nfjdmnehbpkmpmihaaggnlihledemnpi, Quarantined, 15604, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\nfjdmnehbpkmpmihaaggnlihledemnpi, Quarantined, 15604, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NFJDMNEHBPKMPMIHAAGGNLIHLEDEMNPI, Quarantined, 15604, 836150, 1.0.33016, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15604, 836150, , , , , F80747565DB85F9A2F765147036273E5, EA7FB9CA17898803F8811F8947B056B5E0BA247D9DDA7C1BD51774C4B7B34DA1 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15604, 836150, , , , , 7EEDA3C3EE2136287670164003E04658, 5199C17D4B912050CA2FC817C0241CF496361D4FE799709A6DED267C3C9D17A2 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nfjdmnehbpkmpmihaaggnlihledemnpi\000003.log, Quarantined, 15604, 836150, , , , , 2C3CA1B1767378A0DF140247859DDFAE, E423C5BBE2B5FE03A53B3D0EE6DBF681632AC54B2A42DEB22EA2BCABA1C961BD PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nfjdmnehbpkmpmihaaggnlihledemnpi\CURRENT, Quarantined, 15604, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nfjdmnehbpkmpmihaaggnlihledemnpi\LOCK, Quarantined, 15604, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nfjdmnehbpkmpmihaaggnlihledemnpi\LOG, Quarantined, 15604, 836150, , , , , 361F959A1D8A9F223E9AD0662C3C7478, 426D411D1CC792E7C478F5F2EA17717D9483E8C0E17CEF392311BC33153B75CE PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nfjdmnehbpkmpmihaaggnlihledemnpi\MANIFEST-000001, Quarantined, 15604, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NFJDMNEHBPKMPMIHAAGGNLIHLEDEMNPI\6.3.54_0\MANIFEST.JSON, Quarantined, 15604, 836150, 1.0.33016, , ame, , 6ACF9E8B1A1721E285BD19CBF2645F4C, 33BF7A62F8229D42F56FFAF695459DABF87EA25C568B2074DCCA386D0CAFC5EE Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  9. What is Spark Search? The Malwarebytes research team has determined that Spark Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one closes your initial search tab and opens a new one with the same querie on their own search domain. More details in this blogpost. How do I know if my computer is affected by Spark Search? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did Spark Search get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Spark Search? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Spark Search? No, Malwarebytes removes Spark Search completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Spark Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Spark Search) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\daopckbjfljnpaifdbfkiacmeembjphb [2020-11-12] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\daopckbjfljnpaifdbfkiacmeembjphb\6.3.59_0 Adds the file manifest.json"="11/12/2020 8:55 AM, 1114 bytes, A Adds the file sr.js"="11/9/2020 5:51 PM, 7673 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\daopckbjfljnpaifdbfkiacmeembjphb\6.3.59_0\_metadata Adds the file computed_hashes.json"="11/12/2020 8:55 AM, 396 bytes, A Adds the file verified_contents.json"="11/9/2020 5:50 PM, 1639 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\daopckbjfljnpaifdbfkiacmeembjphb\6.3.59_0\icons Adds the file icon128.png"="11/12/2020 8:55 AM, 2188 bytes, A Adds the file icon48.png"="11/12/2020 8:55 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\daopckbjfljnpaifdbfkiacmeembjphb Adds the file 000003.log"="11/12/2020 8:58 AM, 288 bytes, A Adds the file CURRENT"="11/12/2020 8:55 AM, 16 bytes, A Adds the file LOCK"="11/12/2020 8:55 AM, 0 bytes, A Adds the file LOG"="11/12/2020 8:56 AM, 183 bytes, A Adds the file MANIFEST-000001"="11/12/2020 8:55 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "daopckbjfljnpaifdbfkiacmeembjphb"="REG_SZ", "B43293BD6BAFE5A2CB1D4F97D7F434F652EB23FED82D44AABB04E69A7E657860" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/12/20 Scan Time: 9:05 AM Log File: dcf9dcfa-24bd-11eb-b8b8-080027235d76.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1104 Update Package Version: 1.0.32778 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231986 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 3 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|daopckbjfljnpaifdbfkiacmeembjphb, Quarantined, 15565, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\daopckbjfljnpaifdbfkiacmeembjphb, Quarantined, 15565, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DAOPCKBJFLJNPAIFDBFKIACMEEMBJPHB, Quarantined, 15565, 836150, 1.0.32778, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15565, 836150, , , , , B4DE626A1C482C3479CE075FAD1C68BC, 5CD3E751B608145D06D722323356DC381E8331386348428E5B6C7502D8534447 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15565, 836150, , , , , A3236BB5FC96EA8B851816AC38951CB2, EB5CEE683D885D6AD835C967190FF7FACB6CB15F4B2571C5C6B09E1013CAB25D PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\daopckbjfljnpaifdbfkiacmeembjphb\000003.log, Quarantined, 15565, 836150, , , , , 0A8A040D618C3722FFFAC5D61CDB7219, DD653E83715E72C6EC36114F4ED925123AB484C0E2FA20060CB8CEF9B13E8497 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\daopckbjfljnpaifdbfkiacmeembjphb\CURRENT, Quarantined, 15565, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\daopckbjfljnpaifdbfkiacmeembjphb\LOCK, Quarantined, 15565, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\daopckbjfljnpaifdbfkiacmeembjphb\LOG, Quarantined, 15565, 836150, , , , , 88399436D13CA2C1072D9E46449D8C8A, 22D9FF3FCE0FEF7B3CFB0400551C67F766071FF9E0B213C896CB0FDBEDEEA3EC PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\daopckbjfljnpaifdbfkiacmeembjphb\MANIFEST-000001, Quarantined, 15565, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DAOPCKBJFLJNPAIFDBFKIACMEEMBJPHB\6.3.59_0\MANIFEST.JSON, Quarantined, 15565, 836150, 1.0.32778, , ame, , B7727CDD1D696C5241AABB42FC938C1F, 537B461A2D8685A32E33B3269617B94884344D438670525C97726B459C07F9A4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  10. What is Magnifier Search? The Malwarebytes research team has determined that Magnifier Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Magnifier Search? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did Magnifier Search get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Magnifier Search? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Magnifier Search? No, Malwarebytes removes Magnifier Search completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Magnifier Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Magnifier Search) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbgojgpnjbhkolnnhihhddnokjfjnde [2020-11-06] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbgojgpnjbhkolnnhihhddnokjfjnde\7_0 Adds the file manifest.json"="11/6/2020 2:12 PM, 1067 bytes, A Adds the file sr.js"="5/12/2020 4:45 AM, 7285 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbgojgpnjbhkolnnhihhddnokjfjnde\7_0\_metadata Adds the file computed_hashes.json"="11/6/2020 2:12 PM, 285 bytes, A Adds the file verified_contents.json"="5/12/2020 4:45 AM, 1632 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbgojgpnjbhkolnnhihhddnokjfjnde\7_0\icons Adds the file icon128.png"="11/6/2020 2:12 PM, 13013 bytes, A Adds the file icon48.png"="11/6/2020 2:12 PM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ngbgojgpnjbhkolnnhihhddnokjfjnde Adds the file 000003.log"="11/6/2020 2:13 PM, 223 bytes, A Adds the file CURRENT"="11/6/2020 2:12 PM, 16 bytes, A Adds the file LOCK"="11/6/2020 2:12 PM, 0 bytes, A Adds the file LOG"="11/6/2020 2:12 PM, 184 bytes, A Adds the file MANIFEST-000001"="11/6/2020 2:12 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ngbgojgpnjbhkolnnhihhddnokjfjnde"="REG_SZ", "5E33D2749982FC812ABB57BBAB6AD515D3EBE0E827D2983CD1FC4585C8628903" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/6/20 Scan Time: 2:18 PM Log File: 9d995142-2032-11eb-ab5b-080027235d76.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1104 Update Package Version: 1.0.32538 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231970 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 2 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ngbgojgpnjbhkolnnhihhddnokjfjnde, Quarantined, 15535, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\ngbgojgpnjbhkolnnhihhddnokjfjnde, Quarantined, 15535, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGBGOJGPNJBHKOLNNHIHHDDNOKJFJNDE, Quarantined, 15535, 836150, 1.0.32538, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15535, 836150, , , , , 2CCB0C711A5432F4E987CDD7E55CCECE, 6AC32E94A5901AFDE1C37148D291B11553A46AC1399127EF72231EF99B97C8BC PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15535, 836150, , , , , 5C58C2B28F9F0AC5EB42D435554C065B, 58B40D75146253DCE14CC6FC83A333610BF6AC8047111A86F4CD1176CB8401A4 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ngbgojgpnjbhkolnnhihhddnokjfjnde\000003.log, Quarantined, 15535, 836150, , , , , CA00D3D15AA66267DF6CE6C8223828F5, 931D60D3848441052703AE268B5BC1461554AB82D3B1F1DAB3C710966959D331 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ngbgojgpnjbhkolnnhihhddnokjfjnde\CURRENT, Quarantined, 15535, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ngbgojgpnjbhkolnnhihhddnokjfjnde\LOCK, Quarantined, 15535, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ngbgojgpnjbhkolnnhihhddnokjfjnde\LOG, Quarantined, 15535, 836150, , , , , A7867033DBE67C0D7444E4BB40EA62DA, C894699751D95274A52A26A0EDD3A4C1B7218ABA46E03FBE022E5F0CC44ADCB9 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ngbgojgpnjbhkolnnhihhddnokjfjnde\MANIFEST-000001, Quarantined, 15535, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NGBGOJGPNJBHKOLNNHIHHDDNOKJFJNDE\7_0\MANIFEST.JSON, Quarantined, 15535, 836150, 1.0.32538, , ame, , 50FBF44D730BC3AD68D150DCE23675AC, 3DA46350828B329B8E94A1394AFD0CFBFA179E6CC2F1F9F28A4B9AE5C6C5A04D Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  11. What is Kibo web?The Malwarebytes research team has determined that Kibo web is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one closes your search tab and uses the browsing history permission to open a new tab to run your search query on their own site.How do I know if my computer is affected by Kibo web?You may see this entry in your list of installed Chrome extensions:You may have noticed these warnings during install:How did Kibo web get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Kibo web?Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Kibo web? No, Malwarebytes removes Kibo web completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, as well as the full version of Malwarebytes would have protected you against the Kibo web hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR Extension: (Kibo web) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjljjaooipijnkaejbmjcpjdnmopogm [2020-09-24] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjljjaooipijnkaejbmjcpjdnmopogm\6.3.20_0 Adds the file manifest.json"="9/24/2020 10:51 AM, 1078 bytes, A Adds the file sr.js"="8/11/2020 2:22 PM, 7677 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjljjaooipijnkaejbmjcpjdnmopogm\6.3.20_0\_metadata Adds the file computed_hashes.json"="9/24/2020 10:51 AM, 396 bytes, A Adds the file verified_contents.json"="8/11/2020 2:20 PM, 1639 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjljjaooipijnkaejbmjcpjdnmopogm\6.3.20_0\icons Adds the file icon128.png"="9/24/2020 10:51 AM, 2188 bytes, A Adds the file icon48.png"="9/24/2020 10:51 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fgjljjaooipijnkaejbmjcpjdnmopogm Adds the file 000003.log"="9/24/2020 10:53 AM, 224 bytes, A Adds the file CURRENT"="9/24/2020 10:51 AM, 16 bytes, A Adds the file LOCK"="9/24/2020 10:51 AM, 0 bytes, A Adds the file LOG"="9/24/2020 10:51 AM, 183 bytes, A Adds the file MANIFEST-000001"="9/24/2020 10:51 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fgjljjaooipijnkaejbmjcpjdnmopogm"="REG_SZ", "AC7C6B435BE00921B5E0F7E51D185DC3B11DBF28F107678D931358348055359D" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/24/20 Scan Time: 10:58 AM Log File: 1468c822-fe44-11ea-96fd-00ffdcc6fdfc.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1045 Update Package Version: 1.0.30312 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231653 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 4 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fgjljjaooipijnkaejbmjcpjdnmopogm, Quarantined, 15355, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\fgjljjaooipijnkaejbmjcpjdnmopogm, Quarantined, 15355, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FGJLJJAOOIPIJNKAEJBMJCPJDNMOPOGM, Quarantined, 15355, 836150, 1.0.30312, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15355, 836150, , , , , 877B871B6850FC7A3C87609257D01CBF, 3633063E89EE8563E92CA4AEAF3B91DEF3C8C970427300CD47EC08CA7AB309C5 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15355, 836150, , , , , BD2883BD71691C83BBF253DC152D4081, 07F2C3287DC6C116CFDC36212571EB3CAF754F6B5E13B5E2B36433E1B4E59C17 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fgjljjaooipijnkaejbmjcpjdnmopogm\000003.log, Quarantined, 15355, 836150, , , , , 94ED2C7315D08E512336ECDAD4EABD82, A5A48180DD970E40A86220973241D9166C68B5DAF50F7D11B6E8F9BC1961635D PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fgjljjaooipijnkaejbmjcpjdnmopogm\CURRENT, Quarantined, 15355, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fgjljjaooipijnkaejbmjcpjdnmopogm\LOCK, Quarantined, 15355, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fgjljjaooipijnkaejbmjcpjdnmopogm\LOG, Quarantined, 15355, 836150, , , , , A773392E4E1E933CC610FFB9AF4883AB, 8954AE7C3163DDE6B688BD9C7D9B520DE57BAB43662D49FF7CF21148C3539765 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fgjljjaooipijnkaejbmjcpjdnmopogm\MANIFEST-000001, Quarantined, 15355, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FGJLJJAOOIPIJNKAEJBMJCPJDNMOPOGM\6.3.20_0\MANIFEST.JSON, Quarantined, 15355, 836150, 1.0.30312, , ame, , E7D2F9761DCCE1D1A47911B045FD299C, F945B08CF5705C21C8A3E2CBC1E843DDB0E85460EE06EA2D178F682D797B17AF Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  12. What is FlixSearch? The Malwarebytes research team has determined that FlixSearch is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one closes your search tab and uses the browsing history permission to open a new tab to run your search query on their own site. How do I know if my computer is affected by FlixSearch? You may see this entry in your list of installed Chrome extensions: You may have noticed these warnings during install: How did FlixSearch get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove FlixSearch? Our program Malwarebytes can detect and remove this search hijacker. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of FlixSearch? No, Malwarebytes removes FlixSearch completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the FlixSearch hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (FlixSearch) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmnneldijaaabjfipooghccaekkpmnl [2020-09-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmnneldijaaabjfipooghccaekkpmnl\6.2.2_0 Adds the file manifest.json"="9/17/2020 8:51 AM, 1080 bytes, A Adds the file sr.js"="7/14/2020 11:11 PM, 7296 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmnneldijaaabjfipooghccaekkpmnl\6.2.2_0\_metadata Adds the file computed_hashes.json"="9/17/2020 8:51 AM, 396 bytes, A Adds the file verified_contents.json"="7/14/2020 11:11 PM, 1637 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmnneldijaaabjfipooghccaekkpmnl\6.2.2_0\icons Adds the file icon128.png"="9/17/2020 8:51 AM, 2188 bytes, A Adds the file icon48.png"="9/17/2020 8:51 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ihmnneldijaaabjfipooghccaekkpmnl Adds the file 000003.log"="9/17/2020 8:56 AM, 368 bytes, A Adds the file CURRENT"="9/17/2020 8:51 AM, 16 bytes, A Adds the file LOCK"="9/17/2020 8:51 AM, 0 bytes, A Adds the file LOG"="9/17/2020 8:51 AM, 183 bytes, A Adds the file MANIFEST-000001"="9/17/2020 8:51 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ihmnneldijaaabjfipooghccaekkpmnl"="REG_SZ", "5A18AF943B9E77E3D1DDE042EC3C9C31528AA27E7039EF3C99B0E122AE3D1FB7" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/17/20 Scan Time: 9:07 AM Log File: 68197baa-f8b4-11ea-ab21-00ffdcc6fdfc.json -Software Information- Version: 4.2.0.82 Components Version: 1.0.1036 Update Package Version: 1.0.29965 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231547 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 5 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ihmnneldijaaabjfipooghccaekkpmnl, Quarantined, 15324, 836150, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\ihmnneldijaaabjfipooghccaekkpmnl, Quarantined, 15324, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IHMNNELDIJAAABJFIPOOGHCCAEKKPMNL, Quarantined, 15324, 836150, 1.0.29965, , ame, , , File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15324, 836150, , , , , BD705C64FA36ACCBD9C04948ADC31D98, 88E4CB689D3DA623249A9D1279A3782146241BA93524F8EF55DD8444BD401E60 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15324, 836150, , , , , 99C11045C678A4C3DCDEDCC12E29D335, 1709EC004B36E6E0B60ADB4AC739DDFEC48F989A9BEAEED63902CE5B5F9BC667 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ihmnneldijaaabjfipooghccaekkpmnl\000003.log, Quarantined, 15324, 836150, , , , , 9E1AA0BBDBAF9F65BD5382D7346F7921, B3A806DD5585FCBF2AB62E4C4E9B95FAC8F4555E9D46ADE2A91AE048E99519BF PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ihmnneldijaaabjfipooghccaekkpmnl\CURRENT, Quarantined, 15324, 836150, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ihmnneldijaaabjfipooghccaekkpmnl\LOCK, Quarantined, 15324, 836150, , , , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ihmnneldijaaabjfipooghccaekkpmnl\LOG, Quarantined, 15324, 836150, , , , , D7720985DB192F82F31FAECE5DC46A0D, 52106C6D0F13101FC8F25E30883433EDD882EBBA397B15F6A11F67BEF7C6E5F4 PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ihmnneldijaaabjfipooghccaekkpmnl\MANIFEST-000001, Quarantined, 15324, 836150, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IHMNNELDIJAAABJFIPOOGHCCAEKKPMNL\6.2.2_0\MANIFEST.JSON, Quarantined, 15324, 836150, 1.0.29965, , ame, , C3464E2DAE3B34F2623FD10463A132ED, 19C556B7B12AE2D5F8CF26EB5E91CB1087F772DD50CA19CF73C599B5F0B81B53 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  13. What is Niux APP? The Malwarebytes research team has determined that Niux APP is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Niux APP? You may see this entry in your list of installed Chrome extensions: and this new header for your search results: You may have noticed these warnings during install: How did Niux APP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Niux APP? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Niux APP? No, Malwarebytes removes Niux APP completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Niux APP hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Niux APP) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh [2020-07-28] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh\1.4_0 Adds the file background.js"="6/19/2020 1:02 AM, 4614 bytes, A Adds the file manifest.json"="7/28/2020 1:44 PM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh\1.4_0\_metadata Adds the file computed_hashes.json"="7/28/2020 1:44 PM, 183 bytes, A Adds the file verified_contents.json"="6/21/2020 1:24 PM, 2237 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh\1.4_0\assets\icons\app_icons Adds the file icon128.png"="7/28/2020 1:44 PM, 12346 bytes, A Adds the file icon16.png"="7/28/2020 1:44 PM, 520 bytes, A Adds the file icon48.png"="7/28/2020 1:44 PM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh\1.4_0\assets\icons\ba_icons Adds the file icon128.png"="7/28/2020 1:44 PM, 1228 bytes, A Adds the file icon16.png"="7/28/2020 1:44 PM, 167 bytes, A Adds the file icon48.png"="7/28/2020 1:44 PM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh Adds the file 000003.log"="7/28/2020 1:44 PM, 51 bytes, A Adds the file CURRENT"="7/28/2020 1:44 PM, 16 bytes, A Adds the file LOCK"="7/28/2020 1:44 PM, 0 bytes, A Adds the file LOG"="7/28/2020 1:49 PM, 183 bytes, A Adds the file MANIFEST-000001"="7/28/2020 1:44 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pcocncapgaibfcjmkkalopefmmceflnh"="REG_SZ", "A772E416559924BF22E796E0AB5DD234CB752F75FAFF9353531B40C044B5EACD" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/28/20 Scan Time: 1:54 PM Log File: 12923892-d0c9-11ea-b8cd-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27585 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231507 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 4 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pcocncapgaibfcjmkkalopefmmceflnh, Quarantined, 15190, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PCOCNCAPGAIBFCJMKKALOPEFMMCEFLNH, Quarantined, 15190, 832194, 1.0.27585, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\000003.log, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\CURRENT, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\LOCK, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\LOG, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\MANIFEST-000001, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PCOCNCAPGAIBFCJMKKALOPEFMMCEFLNH\1.4_0\MANIFEST.JSON, Quarantined, 15190, 832194, 1.0.27585, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  14. What is Vil APP? The Malwarebytes research team has determined that Vil APP is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Vil APP? You may see this entry in your list of installed Chrome extensions: and this changed setting: You may have noticed these warnings during install: How did Vil APP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Vil APP? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Vil APP? No, Malwarebytes removes Vil APP completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Vil APP hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://s3redirect.com/chrome14.php?q={searchTerms} CHR DefaultSearchKeyword: Default -> dds CHR DefaultSuggestURL: Default -> hxxps://s3redirect.com/chrome14.php?q={searchTerms} CHR Extension: (Direct) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc [2020-07-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc\5.97_0 Adds the file background.js"="7/13/2020 4:25 PM, 5393 bytes, A Adds the file jquery-3.5.1.min.js"="7/13/2020 4:24 PM, 155872 bytes, A Adds the file manifest.json"="7/17/2020 8:33 AM, 1932 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc\5.97_0\_metadata Adds the file computed_hashes.json"="7/17/2020 8:33 AM, 2082 bytes, A Adds the file verified_contents.json"="7/13/2020 4:24 PM, 2357 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc\5.97_0\assets\icons\app_icons Adds the file icon128.png"="7/17/2020 8:33 AM, 12346 bytes, A Adds the file icon16.png"="7/17/2020 8:33 AM, 520 bytes, A Adds the file icon48.png"="7/17/2020 8:33 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc\5.97_0\assets\icons\ba_icons Adds the file icon128.png"="7/17/2020 8:33 AM, 1228 bytes, A Adds the file icon16.png"="7/17/2020 8:33 AM, 167 bytes, A Adds the file icon48.png"="7/17/2020 8:33 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc Adds the file 000003.log"="7/17/2020 8:33 AM, 51 bytes, A Adds the file CURRENT"="7/17/2020 8:33 AM, 16 bytes, A Adds the file LOCK"="7/17/2020 8:33 AM, 0 bytes, A Adds the file LOG"="7/17/2020 8:36 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/17/2020 8:33 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "mgheloialdghfmmfnknhppkcncoglhlc"="REG_SZ", "2DE813BB9ECAC057ADD58F68754AFBD2B69E08B1A68C9FC26ADB6555A0C6EA4D" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/17/20 Scan Time: 8:42 AM Log File: bce6744a-c7f8-11ea-88cf-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.979 Update Package Version: 1.0.26943 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231878 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 7 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchPowerApp.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mgheloialdghfmmfnknhppkcncoglhlc, Quarantined, 15153, 770853, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MGHELOIALDGHFMMFNKNHPPKCNCOGLHLC, Quarantined, 15153, 770853, 1.0.26943, , ame, File: 9 PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\000003.log, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\CURRENT, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\LOCK, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\LOG, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\MANIFEST-000001, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MGHELOIALDGHFMMFNKNHPPKCNCOGLHLC\5.97_0\BACKGROUND.JS, Quarantined, 15153, 770853, 1.0.26943, , ame, PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MGHELOIALDGHFMMFNKNHPPKCNCOGLHLC\5.97_0\MANIFEST.JSON, Quarantined, 15201, 832194, 1.0.26943, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  15. What is Coco APP? The Malwarebytes research team has determined that Coco APP is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Coco APP? You may see this entry in your list of installed Chrome extensions: this new search results page: and this changed setting: You may have noticed these warnings during install: How did Coco APP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Coco APP? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Coco APP? No, Malwarebytes removes Coco APP completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Coco APP hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://s3redirect.com/chrome9.php?q={searchTerms} CHR DefaultSearchKeyword: Default -> dds CHR DefaultSuggestURL: Default -> hxxps://s3redirect.com/chrome9.php?q={searchTerms} CHR Extension: (Direct) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk [2020-07-09] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0 Adds the file background.js"="7/5/2020 9:19 AM, 684 bytes, A Adds the file manifest.json"="7/9/2020 8:53 AM, 1665 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0\_metadata Adds the file computed_hashes.json"="7/9/2020 8:53 AM, 1287 bytes, A Adds the file verified_contents.json"="7/6/2020 1:15 PM, 2361 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0\assets\icons\app_icons Adds the file icon128.png"="7/9/2020 8:53 AM, 12346 bytes, A Adds the file icon16.png"="7/9/2020 8:53 AM, 520 bytes, A Adds the file icon48.png"="7/9/2020 8:53 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0\assets\icons\ba_icons Adds the file icon128.png"="7/9/2020 8:53 AM, 1228 bytes, A Adds the file icon16.png"="7/9/2020 8:53 AM, 167 bytes, A Adds the file icon48.png"="7/9/2020 8:53 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0\lib Adds the file jquery-3.5.1.min.js"="7/6/2020 1:15 PM, 93574 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk Adds the file 000003.log"="7/9/2020 8:53 AM, 51 bytes, A Adds the file CURRENT"="7/9/2020 8:53 AM, 16 bytes, A Adds the file LOCK"="7/9/2020 8:53 AM, 0 bytes, A Adds the file LOG"="7/9/2020 8:58 AM, 183 bytes, A Adds the file MANIFEST-000001"="7/9/2020 8:53 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "mogdjjmfidffpmopcmgekglffklpjenk"="REG_SZ", "2AEC41AA617A049A5A797ACAAAAB3BC27219551C977D3529BD4B6C3F90A4AEF6" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/9/20 Scan Time: 9:03 AM Log File: 40aea510-c1b2-11ea-8690-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.976 Update Package Version: 1.0.26601 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232097 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 4 min, 46 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mogdjjmfidffpmopcmgekglffklpjenk, Quarantined, 15219, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MOGDJJMFIDFFPMOPCMGEKGLFFKLPJENK, Quarantined, 15219, 832194, 1.0.26601, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\000003.log, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\CURRENT, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\LOCK, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\LOG, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\MANIFEST-000001, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MOGDJJMFIDFFPMOPCMGEKGLFFKLPJENK\2.4_0\MANIFEST.JSON, Quarantined, 15219, 832194, 1.0.26601, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  16. What is Serp App? The Malwarebytes research team has determined that Serp App is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Serp App? You may see this entry in your list of installed Chrome extensions: and you may have noticed these warnings during install: and this new search page: Note the extra o in the address How did Serp App get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Serp App? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Serp App? No, Malwarebytes removes Serp App completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Serp App hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Serp App) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao [2020-07-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0 Adds the file background.js"="6/19/2020 4:37 AM, 4614 bytes, A Adds the file manifest.json"="7/3/2020 9:00 AM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\_metadata Adds the file computed_hashes.json"="7/3/2020 9:00 AM, 183 bytes, A Adds the file verified_contents.json"="6/19/2020 4:39 AM, 2237 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\assets\icons\app_icons Adds the file icon128.png"="7/3/2020 9:00 AM, 12346 bytes, A Adds the file icon16.png"="7/3/2020 9:00 AM, 520 bytes, A Adds the file icon48.png"="7/3/2020 9:00 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\assets\icons\ba_icons Adds the file icon128.png"="7/3/2020 9:00 AM, 1228 bytes, A Adds the file icon16.png"="7/3/2020 9:00 AM, 167 bytes, A Adds the file icon48.png"="7/3/2020 9:00 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao Adds the file 000003.log"="7/3/2020 9:00 AM, 51 bytes, A Adds the file CURRENT"="7/3/2020 9:00 AM, 16 bytes, A Adds the file LOCK"="7/3/2020 9:00 AM, 0 bytes, A Adds the file LOG"="7/3/2020 9:15 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/3/2020 9:00 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fmdaigicalbbnbafdmlnolgjoebkhgao"="REG_SZ", "F8DE46E2DC7E985223575406B2F0297596E3BD73C6F6CD2C683A2C651D89C295" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/3/20 Scan Time: 9:21 AM Log File: d2781aa8-bcfd-11ea-8321-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.972 Update Package Version: 1.0.26337 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232259 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 5 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fmdaigicalbbnbafdmlnolgjoebkhgao, Quarantined, 15214, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMDAIGICALBBNBAFDMLNOLGJOEBKHGAO, Quarantined, 15214, 832194, 1.0.26337, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\000003.log, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\CURRENT, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\LOCK, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\LOG, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\MANIFEST-000001, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMDAIGICALBBNBAFDMLNOLGJOEBKHGAO\1.4_0\MANIFEST.JSON, Quarantined, 15214, 832194, 1.0.26337, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  17. What is MySearch Search? The Malwarebytes research team has determined that MySearch Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one redirects your search queries throughtheir own domain. How do I know if my computer is affected by MySearch Search? You may see this entry in your list of installed Chrome extensions: and you may have noticed these warnings during install: How did MySearch Search get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove MySearch Search? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of MySearch Search? No, Malwarebytes removes MySearch Search completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the MySearch Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (MySearch Search) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\doomfigiikcpinpmdgkmlahjickpggng [2020-06-30] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\doomfigiikcpinpmdgkmlahjickpggng\6.1_0 Adds the file manifest.json"="6/30/2020 9:04 AM, 1066 bytes, A Adds the file sr.js"="5/12/2020 6:05 AM, 7306 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\doomfigiikcpinpmdgkmlahjickpggng\6.1_0\_metadata Adds the file computed_hashes.json"="6/30/2020 9:04 AM, 285 bytes, A Adds the file verified_contents.json"="5/12/2020 6:03 AM, 1635 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\doomfigiikcpinpmdgkmlahjickpggng\6.1_0\icons Adds the file icon128.png"="6/30/2020 9:04 AM, 13013 bytes, A Adds the file icon48.png"="6/30/2020 9:04 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng Adds the file 000003.log"="6/30/2020 9:09 AM, 454 bytes, A Adds the file CURRENT"="6/30/2020 9:04 AM, 16 bytes, A Adds the file LOCK"="6/30/2020 9:04 AM, 0 bytes, A Adds the file LOG"="6/30/2020 9:09 AM, 183 bytes, A Adds the file MANIFEST-000001"="6/30/2020 9:04 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "doomfigiikcpinpmdgkmlahjickpggng"="REG_SZ", "8D3BA394FAD14D7C0904942F03CEB0328915F9B302CA9EEFCCF56CE9008BEEF4" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/30/20 Scan Time: 11:39 AM Log File: 8bf476a2-bab5-11ea-bfa5-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26189 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232031 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 1 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|doomfigiikcpinpmdgkmlahjickpggng, Quarantined, 15200, 836150, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DOOMFIGIIKCPINPMDGKMLAHJICKPGGNG, Quarantined, 15200, 836150, 1.0.26189, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\000003.log, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\CURRENT, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\LOCK, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\LOG, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\MANIFEST-000001, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DOOMFIGIIKCPINPMDGKMLAHJICKPGGNG\6.1_0\MANIFEST.JSON, Quarantined, 15200, 836150, 1.0.26189, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  18. What is Kalox APP? The Malwarebytes research team has determined that Kalox APP is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Kalox APP? You may see this browser extension: these warnings during install: You may see this nameless and invisible icon in your browsers menu-bar: this new page when you open a new tab: Note the extra o in the address How did Kalox APP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Kalox APP? Our program Malwarebytes can detect and remove this potentially unwanted program. [Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Kalox APP? No, Malwarebytes' Anti-Malware removes Kalox APP completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Kalox APP hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Kalox APP) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf [2020-06-26] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0 Adds the file background.js"="6/24/2020 10:40 AM, 1261 bytes, A Adds the file manifest.json"="6/26/2020 8:54 AM, 1313 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0\_metadata Adds the file computed_hashes.json"="6/26/2020 8:54 AM, 1287 bytes, A Adds the file verified_contents.json"="6/24/2020 10:56 AM, 2361 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0\assets\icons\app_icons Adds the file icon128.png"="6/26/2020 8:54 AM, 12346 bytes, A Adds the file icon16.png"="6/26/2020 8:54 AM, 520 bytes, A Adds the file icon48.png"="6/26/2020 8:54 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0\assets\icons\ba_icons Adds the file icon128.png"="6/26/2020 8:54 AM, 1228 bytes, A Adds the file icon16.png"="6/26/2020 8:54 AM, 167 bytes, A Adds the file icon48.png"="6/26/2020 8:54 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0\lib Adds the file jquery-3.5.1.min.js"="6/24/2020 10:56 AM, 92195 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf Adds the file 000003.log"="6/26/2020 8:54 AM, 51 bytes, A Adds the file CURRENT"="6/26/2020 8:54 AM, 16 bytes, A Adds the file LOCK"="6/26/2020 8:54 AM, 0 bytes, A Adds the file LOG"="6/26/2020 9:00 AM, 183 bytes, A Adds the file MANIFEST-000001"="6/26/2020 8:54 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pgmoidaocldligppdkaimfdenjfhahlf"="REG_SZ", "491B0E3251552A64571455289CABCD63AF1970841996537C454D68BC4BA23544" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/26/20 Scan Time: 9:06 AM Log File: 85f65c76-b77b-11ea-ad40-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26037 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232137 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 2 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pgmoidaocldligppdkaimfdenjfhahlf, Quarantined, 15195, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PGMOIDAOCLDLIGPPDKAIMFDENJFHAHLF, Quarantined, 15195, 832194, 1.0.26037, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\000003.log, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\CURRENT, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\LOCK, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\LOG, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\MANIFEST-000001, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PGMOIDAOCLDLIGPPDKAIMFDENJFHAHLF\2.2_0\MANIFEST.JSON, Quarantined, 15195, 832194, 1.0.26037, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  19. What is SearchSpace? The Malwarebytes research team has determined that SearchSpace is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one changes Chrome poilcies to hinder removal. Managed by your organization How do I know if my computer is affected by SearchSpace? You may see this entry in your list of installed Chrome extensions: this icon in the Chrome menu-bar: with this description: this changed setting: You may have noticed these warnings during install: How did SearchSpace get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was installed by a bundler. How do I remove SearchSpace? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of SearchSpace? No, Malwarebytes removes SearchSpace completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the SearchSpace adware. It would have blocked the installer before it became too late. Technical details for experts Possible signs in FRST logs: CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR DefaultSearchURL: Default -> hxxps://search-space.net/?q={searchTerms} CHR DefaultSearchKeyword: Default -> search.search-space.search CHR Extension: (search space) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna [2020-06-04] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna\1.3_0 Adds the file manifest.json"="6/4/2020 9:02 AM, 1468 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna\1.3_0\_metadata Adds the file computed_hashes.json"="6/4/2020 9:02 AM, 3373 bytes, A Adds the file verified_contents.json"="3/28/2020 10:20 AM, 2071 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna\1.3_0\img Adds the file 128.png"="6/4/2020 9:02 AM, 5353 bytes, A Adds the file 16.png"="6/4/2020 9:02 AM, 628 bytes, A Adds the file 32.png"="3/27/2020 9:04 PM, 1112 bytes, A Adds the file 48.png"="6/4/2020 9:02 AM, 1389 bytes, A Adds the file 64.png"="3/27/2020 9:04 PM, 2565 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna\1.3_0\js Adds the file background.js"="3/27/2020 11:26 PM, 3298 bytes, A Adds the file jquery-2.2.4.js"="3/27/2020 8:37 PM, 257286 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna Adds the file 000003.log"="6/4/2020 9:02 AM, 61 bytes, A Adds the file CURRENT"="6/4/2020 9:02 AM, 16 bytes, A Adds the file LOCK"="6/4/2020 9:02 AM, 0 bytes, A Adds the file LOG"="6/4/2020 9:09 AM, 185 bytes, A Adds the file MANIFEST-000001"="6/4/2020 9:02 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna Adds the file 000003.log"="6/4/2020 9:02 AM, 51 bytes, A Adds the file CURRENT"="6/4/2020 9:02 AM, 16 bytes, A Adds the file LOCK"="6/4/2020 9:02 AM, 0 bytes, A Adds the file LOG"="6/4/2020 9:09 AM, 184 bytes, A Adds the file MANIFEST-000001"="6/4/2020 9:02 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Chromium\ExtensionInstallForcelist] "1"="REG_SZ", "lpfpbajbnhddlpljjnfndngbkkfkjfna;https://clients2.google.com/service/update2/crx" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist] "1"="REG_SZ", "lpfpbajbnhddlpljjnfndngbkkfkjfna;https://clients2.google.com/service/update2/crx" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lpfpbajbnhddlpljjnfndngbkkfkjfna"="REG_SZ", "6CCD552FBBB961C3253701C97EDFE2822765BB4E39717742B1FEA4E840CCA4BE" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/4/20 Scan Time: 9:19 AM Log File: b6720f3e-a633-11ea-8b20-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.931 Update Package Version: 1.0.24988 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232517 Threats Detected: 24 Threats Quarantined: 24 Time Elapsed: 2 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 4 PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarantined, 2292, -1, 0.0.0, , action, PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarantined, 2292, -1, 0.0.0, , action, PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\POLICIES\CHROMIUM, Quarantined, 2292, -1, 0.0.0, , action, PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\CHROMIUM, Quarantined, 2292, -1, 0.0.0, , action, Registry Value: 3 PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\ExtensionInstallForcelist|1, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\ExtensionInstallForcelist|1, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lpfpbajbnhddlpljjnfndngbkkfkjfna, Quarantined, 2292, 827464, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\lpfpbajbnhddlpljjnfndngbkkfkjfna, Quarantined, 2292, 827464, 1.0.24988, , ame, File: 14 PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\000003.log, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\CURRENT, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\LOCK, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\LOG, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\MANIFEST-000001, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\000003.log, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\CURRENT, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\LOCK, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\LOG, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\MANIFEST-000001, Quarantined, 2292, 827464, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LPFPBAJBNHDDLPLJJNFNDNGBKKFKJFNA\1.3_0\MANIFEST.JSON, Quarantined, 15186, 822525, 1.0.24988, , ame, PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 333, 822034, 1.0.24988, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.