Jump to content

Search the Community

Showing results for tags 'pup.optional.searchenginehijack.generic'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 7 results

  1. What is Niux APP? The Malwarebytes research team has determined that Niux APP is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Niux APP? You may see this entry in your list of installed Chrome extensions: and this new header for your search results: You may have noticed these warnings during install: How did Niux APP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Niux APP? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Niux APP? No, Malwarebytes removes Niux APP completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Niux APP hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Niux APP) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh [2020-07-28] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh\1.4_0 Adds the file background.js"="6/19/2020 1:02 AM, 4614 bytes, A Adds the file manifest.json"="7/28/2020 1:44 PM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh\1.4_0\_metadata Adds the file computed_hashes.json"="7/28/2020 1:44 PM, 183 bytes, A Adds the file verified_contents.json"="6/21/2020 1:24 PM, 2237 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh\1.4_0\assets\icons\app_icons Adds the file icon128.png"="7/28/2020 1:44 PM, 12346 bytes, A Adds the file icon16.png"="7/28/2020 1:44 PM, 520 bytes, A Adds the file icon48.png"="7/28/2020 1:44 PM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcocncapgaibfcjmkkalopefmmceflnh\1.4_0\assets\icons\ba_icons Adds the file icon128.png"="7/28/2020 1:44 PM, 1228 bytes, A Adds the file icon16.png"="7/28/2020 1:44 PM, 167 bytes, A Adds the file icon48.png"="7/28/2020 1:44 PM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh Adds the file 000003.log"="7/28/2020 1:44 PM, 51 bytes, A Adds the file CURRENT"="7/28/2020 1:44 PM, 16 bytes, A Adds the file LOCK"="7/28/2020 1:44 PM, 0 bytes, A Adds the file LOG"="7/28/2020 1:49 PM, 183 bytes, A Adds the file MANIFEST-000001"="7/28/2020 1:44 PM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pcocncapgaibfcjmkkalopefmmceflnh"="REG_SZ", "A772E416559924BF22E796E0AB5DD234CB752F75FAFF9353531B40C044B5EACD" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/28/20 Scan Time: 1:54 PM Log File: 12923892-d0c9-11ea-b8cd-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27585 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231507 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 4 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pcocncapgaibfcjmkkalopefmmceflnh, Quarantined, 15190, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PCOCNCAPGAIBFCJMKKALOPEFMMCEFLNH, Quarantined, 15190, 832194, 1.0.27585, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\000003.log, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\CURRENT, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\LOCK, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\LOG, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pcocncapgaibfcjmkkalopefmmceflnh\MANIFEST-000001, Quarantined, 15190, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PCOCNCAPGAIBFCJMKKALOPEFMMCEFLNH\1.4_0\MANIFEST.JSON, Quarantined, 15190, 832194, 1.0.27585, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is Vil APP? The Malwarebytes research team has determined that Vil APP is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Vil APP? You may see this entry in your list of installed Chrome extensions: and this changed setting: You may have noticed these warnings during install: How did Vil APP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Vil APP? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Vil APP? No, Malwarebytes removes Vil APP completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Vil APP hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://s3redirect.com/chrome14.php?q={searchTerms} CHR DefaultSearchKeyword: Default -> dds CHR DefaultSuggestURL: Default -> hxxps://s3redirect.com/chrome14.php?q={searchTerms} CHR Extension: (Direct) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc [2020-07-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc\5.97_0 Adds the file background.js"="7/13/2020 4:25 PM, 5393 bytes, A Adds the file jquery-3.5.1.min.js"="7/13/2020 4:24 PM, 155872 bytes, A Adds the file manifest.json"="7/17/2020 8:33 AM, 1932 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc\5.97_0\_metadata Adds the file computed_hashes.json"="7/17/2020 8:33 AM, 2082 bytes, A Adds the file verified_contents.json"="7/13/2020 4:24 PM, 2357 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc\5.97_0\assets\icons\app_icons Adds the file icon128.png"="7/17/2020 8:33 AM, 12346 bytes, A Adds the file icon16.png"="7/17/2020 8:33 AM, 520 bytes, A Adds the file icon48.png"="7/17/2020 8:33 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgheloialdghfmmfnknhppkcncoglhlc\5.97_0\assets\icons\ba_icons Adds the file icon128.png"="7/17/2020 8:33 AM, 1228 bytes, A Adds the file icon16.png"="7/17/2020 8:33 AM, 167 bytes, A Adds the file icon48.png"="7/17/2020 8:33 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc Adds the file 000003.log"="7/17/2020 8:33 AM, 51 bytes, A Adds the file CURRENT"="7/17/2020 8:33 AM, 16 bytes, A Adds the file LOCK"="7/17/2020 8:33 AM, 0 bytes, A Adds the file LOG"="7/17/2020 8:36 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/17/2020 8:33 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "mgheloialdghfmmfnknhppkcncoglhlc"="REG_SZ", "2DE813BB9ECAC057ADD58F68754AFBD2B69E08B1A68C9FC26ADB6555A0C6EA4D" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/17/20 Scan Time: 8:42 AM Log File: bce6744a-c7f8-11ea-88cf-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.979 Update Package Version: 1.0.26943 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231878 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 7 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchPowerApp.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mgheloialdghfmmfnknhppkcncoglhlc, Quarantined, 15153, 770853, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MGHELOIALDGHFMMFNKNHPPKCNCOGLHLC, Quarantined, 15153, 770853, 1.0.26943, , ame, File: 9 PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\000003.log, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\CURRENT, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\LOCK, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\LOG, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mgheloialdghfmmfnknhppkcncoglhlc\MANIFEST-000001, Quarantined, 15153, 770853, , , , PUP.Optional.SearchPowerApp.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MGHELOIALDGHFMMFNKNHPPKCNCOGLHLC\5.97_0\BACKGROUND.JS, Quarantined, 15153, 770853, 1.0.26943, , ame, PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MGHELOIALDGHFMMFNKNHPPKCNCOGLHLC\5.97_0\MANIFEST.JSON, Quarantined, 15201, 832194, 1.0.26943, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is Coco APP? The Malwarebytes research team has determined that Coco APP is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Coco APP? You may see this entry in your list of installed Chrome extensions: this new search results page: and this changed setting: You may have noticed these warnings during install: How did Coco APP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Coco APP? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Coco APP? No, Malwarebytes removes Coco APP completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Coco APP hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://s3redirect.com/chrome9.php?q={searchTerms} CHR DefaultSearchKeyword: Default -> dds CHR DefaultSuggestURL: Default -> hxxps://s3redirect.com/chrome9.php?q={searchTerms} CHR Extension: (Direct) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk [2020-07-09] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0 Adds the file background.js"="7/5/2020 9:19 AM, 684 bytes, A Adds the file manifest.json"="7/9/2020 8:53 AM, 1665 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0\_metadata Adds the file computed_hashes.json"="7/9/2020 8:53 AM, 1287 bytes, A Adds the file verified_contents.json"="7/6/2020 1:15 PM, 2361 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0\assets\icons\app_icons Adds the file icon128.png"="7/9/2020 8:53 AM, 12346 bytes, A Adds the file icon16.png"="7/9/2020 8:53 AM, 520 bytes, A Adds the file icon48.png"="7/9/2020 8:53 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0\assets\icons\ba_icons Adds the file icon128.png"="7/9/2020 8:53 AM, 1228 bytes, A Adds the file icon16.png"="7/9/2020 8:53 AM, 167 bytes, A Adds the file icon48.png"="7/9/2020 8:53 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogdjjmfidffpmopcmgekglffklpjenk\2.4_0\lib Adds the file jquery-3.5.1.min.js"="7/6/2020 1:15 PM, 93574 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk Adds the file 000003.log"="7/9/2020 8:53 AM, 51 bytes, A Adds the file CURRENT"="7/9/2020 8:53 AM, 16 bytes, A Adds the file LOCK"="7/9/2020 8:53 AM, 0 bytes, A Adds the file LOG"="7/9/2020 8:58 AM, 183 bytes, A Adds the file MANIFEST-000001"="7/9/2020 8:53 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "mogdjjmfidffpmopcmgekglffklpjenk"="REG_SZ", "2AEC41AA617A049A5A797ACAAAAB3BC27219551C977D3529BD4B6C3F90A4AEF6" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/9/20 Scan Time: 9:03 AM Log File: 40aea510-c1b2-11ea-8690-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.976 Update Package Version: 1.0.26601 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232097 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 4 min, 46 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mogdjjmfidffpmopcmgekglffklpjenk, Quarantined, 15219, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MOGDJJMFIDFFPMOPCMGEKGLFFKLPJENK, Quarantined, 15219, 832194, 1.0.26601, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\000003.log, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\CURRENT, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\LOCK, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\LOG, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\mogdjjmfidffpmopcmgekglffklpjenk\MANIFEST-000001, Quarantined, 15219, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MOGDJJMFIDFFPMOPCMGEKGLFFKLPJENK\2.4_0\MANIFEST.JSON, Quarantined, 15219, 832194, 1.0.26601, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is Serp App? The Malwarebytes research team has determined that Serp App is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Serp App? You may see this entry in your list of installed Chrome extensions: and you may have noticed these warnings during install: and this new search page: Note the extra o in the address How did Serp App get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Serp App? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Serp App? No, Malwarebytes removes Serp App completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Serp App hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Serp App) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao [2020-07-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0 Adds the file background.js"="6/19/2020 4:37 AM, 4614 bytes, A Adds the file manifest.json"="7/3/2020 9:00 AM, 1223 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\_metadata Adds the file computed_hashes.json"="7/3/2020 9:00 AM, 183 bytes, A Adds the file verified_contents.json"="6/19/2020 4:39 AM, 2237 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\assets\icons\app_icons Adds the file icon128.png"="7/3/2020 9:00 AM, 12346 bytes, A Adds the file icon16.png"="7/3/2020 9:00 AM, 520 bytes, A Adds the file icon48.png"="7/3/2020 9:00 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdaigicalbbnbafdmlnolgjoebkhgao\1.4_0\assets\icons\ba_icons Adds the file icon128.png"="7/3/2020 9:00 AM, 1228 bytes, A Adds the file icon16.png"="7/3/2020 9:00 AM, 167 bytes, A Adds the file icon48.png"="7/3/2020 9:00 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao Adds the file 000003.log"="7/3/2020 9:00 AM, 51 bytes, A Adds the file CURRENT"="7/3/2020 9:00 AM, 16 bytes, A Adds the file LOCK"="7/3/2020 9:00 AM, 0 bytes, A Adds the file LOG"="7/3/2020 9:15 AM, 184 bytes, A Adds the file MANIFEST-000001"="7/3/2020 9:00 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "fmdaigicalbbnbafdmlnolgjoebkhgao"="REG_SZ", "F8DE46E2DC7E985223575406B2F0297596E3BD73C6F6CD2C683A2C651D89C295" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/3/20 Scan Time: 9:21 AM Log File: d2781aa8-bcfd-11ea-8321-00ffdcc6fdfc.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.972 Update Package Version: 1.0.26337 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232259 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 5 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fmdaigicalbbnbafdmlnolgjoebkhgao, Quarantined, 15214, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMDAIGICALBBNBAFDMLNOLGJOEBKHGAO, Quarantined, 15214, 832194, 1.0.26337, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\000003.log, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\CURRENT, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\LOCK, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\LOG, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fmdaigicalbbnbafdmlnolgjoebkhgao\MANIFEST-000001, Quarantined, 15214, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FMDAIGICALBBNBAFDMLNOLGJOEBKHGAO\1.4_0\MANIFEST.JSON, Quarantined, 15214, 832194, 1.0.26337, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is MySearch Search? The Malwarebytes research team has determined that MySearch Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one redirects your search queries throughtheir own domain. How do I know if my computer is affected by MySearch Search? You may see this entry in your list of installed Chrome extensions: and you may have noticed these warnings during install: How did MySearch Search get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove MySearch Search? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of MySearch Search? No, Malwarebytes removes MySearch Search completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the MySearch Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (MySearch Search) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\doomfigiikcpinpmdgkmlahjickpggng [2020-06-30] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\doomfigiikcpinpmdgkmlahjickpggng\6.1_0 Adds the file manifest.json"="6/30/2020 9:04 AM, 1066 bytes, A Adds the file sr.js"="5/12/2020 6:05 AM, 7306 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\doomfigiikcpinpmdgkmlahjickpggng\6.1_0\_metadata Adds the file computed_hashes.json"="6/30/2020 9:04 AM, 285 bytes, A Adds the file verified_contents.json"="5/12/2020 6:03 AM, 1635 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\doomfigiikcpinpmdgkmlahjickpggng\6.1_0\icons Adds the file icon128.png"="6/30/2020 9:04 AM, 13013 bytes, A Adds the file icon48.png"="6/30/2020 9:04 AM, 253 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng Adds the file 000003.log"="6/30/2020 9:09 AM, 454 bytes, A Adds the file CURRENT"="6/30/2020 9:04 AM, 16 bytes, A Adds the file LOCK"="6/30/2020 9:04 AM, 0 bytes, A Adds the file LOG"="6/30/2020 9:09 AM, 183 bytes, A Adds the file MANIFEST-000001"="6/30/2020 9:04 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "doomfigiikcpinpmdgkmlahjickpggng"="REG_SZ", "8D3BA394FAD14D7C0904942F03CEB0328915F9B302CA9EEFCCF56CE9008BEEF4" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/30/20 Scan Time: 11:39 AM Log File: 8bf476a2-bab5-11ea-bfa5-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26189 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232031 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 1 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|doomfigiikcpinpmdgkmlahjickpggng, Quarantined, 15200, 836150, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DOOMFIGIIKCPINPMDGKMLAHJICKPGGNG, Quarantined, 15200, 836150, 1.0.26189, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\000003.log, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\CURRENT, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\LOCK, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\LOG, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\doomfigiikcpinpmdgkmlahjickpggng\MANIFEST-000001, Quarantined, 15200, 836150, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DOOMFIGIIKCPINPMDGKMLAHJICKPGGNG\6.1_0\MANIFEST.JSON, Quarantined, 15200, 836150, 1.0.26189, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. What is Kalox APP? The Malwarebytes research team has determined that Kalox APP is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Kalox APP? You may see this browser extension: these warnings during install: You may see this nameless and invisible icon in your browsers menu-bar: this new page when you open a new tab: Note the extra o in the address How did Kalox APP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Kalox APP? Our program Malwarebytes can detect and remove this potentially unwanted program. [Mindspark only]You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Kalox APP? No, Malwarebytes' Anti-Malware removes Kalox APP completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Kalox APP hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR Extension: (Kalox APP) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf [2020-06-26] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0 Adds the file background.js"="6/24/2020 10:40 AM, 1261 bytes, A Adds the file manifest.json"="6/26/2020 8:54 AM, 1313 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0\_metadata Adds the file computed_hashes.json"="6/26/2020 8:54 AM, 1287 bytes, A Adds the file verified_contents.json"="6/24/2020 10:56 AM, 2361 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0\assets\icons\app_icons Adds the file icon128.png"="6/26/2020 8:54 AM, 12346 bytes, A Adds the file icon16.png"="6/26/2020 8:54 AM, 520 bytes, A Adds the file icon48.png"="6/26/2020 8:54 AM, 3091 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0\assets\icons\ba_icons Adds the file icon128.png"="6/26/2020 8:54 AM, 1228 bytes, A Adds the file icon16.png"="6/26/2020 8:54 AM, 167 bytes, A Adds the file icon48.png"="6/26/2020 8:54 AM, 483 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmoidaocldligppdkaimfdenjfhahlf\2.2_0\lib Adds the file jquery-3.5.1.min.js"="6/24/2020 10:56 AM, 92195 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf Adds the file 000003.log"="6/26/2020 8:54 AM, 51 bytes, A Adds the file CURRENT"="6/26/2020 8:54 AM, 16 bytes, A Adds the file LOCK"="6/26/2020 8:54 AM, 0 bytes, A Adds the file LOG"="6/26/2020 9:00 AM, 183 bytes, A Adds the file MANIFEST-000001"="6/26/2020 8:54 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pgmoidaocldligppdkaimfdenjfhahlf"="REG_SZ", "491B0E3251552A64571455289CABCD63AF1970841996537C454D68BC4BA23544" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/26/20 Scan Time: 9:06 AM Log File: 85f65c76-b77b-11ea-ad40-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26037 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232137 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 2 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEngineHijack.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pgmoidaocldligppdkaimfdenjfhahlf, Quarantined, 15195, 832194, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PGMOIDAOCLDLIGPPDKAIMFDENJFHAHLF, Quarantined, 15195, 832194, 1.0.26037, , ame, File: 8 PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\000003.log, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\CURRENT, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\LOCK, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\LOG, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pgmoidaocldligppdkaimfdenjfhahlf\MANIFEST-000001, Quarantined, 15195, 832194, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PGMOIDAOCLDLIGPPDKAIMFDENJFHAHLF\2.2_0\MANIFEST.JSON, Quarantined, 15195, 832194, 1.0.26037, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  7. What is SearchSpace? The Malwarebytes research team has determined that SearchSpace is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one changes Chrome poilcies to hinder removal. Managed by your organization How do I know if my computer is affected by SearchSpace? You may see this entry in your list of installed Chrome extensions: this icon in the Chrome menu-bar: with this description: this changed setting: You may have noticed these warnings during install: How did SearchSpace get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was installed by a bundler. How do I remove SearchSpace? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of SearchSpace? No, Malwarebytes removes SearchSpace completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the SearchSpace adware. It would have blocked the installer before it became too late. Technical details for experts Possible signs in FRST logs: CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR DefaultSearchURL: Default -> hxxps://search-space.net/?q={searchTerms} CHR DefaultSearchKeyword: Default -> search.search-space.search CHR Extension: (search space) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna [2020-06-04] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna\1.3_0 Adds the file manifest.json"="6/4/2020 9:02 AM, 1468 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna\1.3_0\_metadata Adds the file computed_hashes.json"="6/4/2020 9:02 AM, 3373 bytes, A Adds the file verified_contents.json"="3/28/2020 10:20 AM, 2071 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna\1.3_0\img Adds the file 128.png"="6/4/2020 9:02 AM, 5353 bytes, A Adds the file 16.png"="6/4/2020 9:02 AM, 628 bytes, A Adds the file 32.png"="3/27/2020 9:04 PM, 1112 bytes, A Adds the file 48.png"="6/4/2020 9:02 AM, 1389 bytes, A Adds the file 64.png"="3/27/2020 9:04 PM, 2565 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfpbajbnhddlpljjnfndngbkkfkjfna\1.3_0\js Adds the file background.js"="3/27/2020 11:26 PM, 3298 bytes, A Adds the file jquery-2.2.4.js"="3/27/2020 8:37 PM, 257286 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna Adds the file 000003.log"="6/4/2020 9:02 AM, 61 bytes, A Adds the file CURRENT"="6/4/2020 9:02 AM, 16 bytes, A Adds the file LOCK"="6/4/2020 9:02 AM, 0 bytes, A Adds the file LOG"="6/4/2020 9:09 AM, 185 bytes, A Adds the file MANIFEST-000001"="6/4/2020 9:02 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna Adds the file 000003.log"="6/4/2020 9:02 AM, 51 bytes, A Adds the file CURRENT"="6/4/2020 9:02 AM, 16 bytes, A Adds the file LOCK"="6/4/2020 9:02 AM, 0 bytes, A Adds the file LOG"="6/4/2020 9:09 AM, 184 bytes, A Adds the file MANIFEST-000001"="6/4/2020 9:02 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Chromium\ExtensionInstallForcelist] "1"="REG_SZ", "lpfpbajbnhddlpljjnfndngbkkfkjfna;https://clients2.google.com/service/update2/crx" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist] "1"="REG_SZ", "lpfpbajbnhddlpljjnfndngbkkfkjfna;https://clients2.google.com/service/update2/crx" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lpfpbajbnhddlpljjnfndngbkkfkjfna"="REG_SZ", "6CCD552FBBB961C3253701C97EDFE2822765BB4E39717742B1FEA4E840CCA4BE" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/4/20 Scan Time: 9:19 AM Log File: b6720f3e-a633-11ea-8b20-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.931 Update Package Version: 1.0.24988 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 232517 Threats Detected: 24 Threats Quarantined: 24 Time Elapsed: 2 min, 33 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 4 PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarantined, 2292, -1, 0.0.0, , action, PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarantined, 2292, -1, 0.0.0, , action, PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\POLICIES\CHROMIUM, Quarantined, 2292, -1, 0.0.0, , action, PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\CHROMIUM, Quarantined, 2292, -1, 0.0.0, , action, Registry Value: 3 PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\ExtensionInstallForcelist|1, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\ExtensionInstallForcelist|1, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lpfpbajbnhddlpljjnfndngbkkfkjfna, Quarantined, 2292, 827464, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\lpfpbajbnhddlpljjnfndngbkkfkjfna, Quarantined, 2292, 827464, 1.0.24988, , ame, File: 14 PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\000003.log, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\CURRENT, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\LOCK, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\LOG, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\MANIFEST-000001, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\000003.log, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\CURRENT, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\LOCK, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\LOG, Quarantined, 2292, 827464, , , , PUP.Optional.ForcedExtension.ChrPRST, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\lpfpbajbnhddlpljjnfndngbkkfkjfna\MANIFEST-000001, Quarantined, 2292, 827464, , , , PUP.Optional.SearchEngineHijack.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LPFPBAJBNHDDLPLJJNFNDNGBKKFKJFNA\1.3_0\MANIFEST.JSON, Quarantined, 15186, 822525, 1.0.24988, , ame, PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 333, 822034, 1.0.24988, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.