Jump to content

Search the Community

Showing results for tags 'pup.optional.spigot.generic'.


More search options

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

AIM

MSN

Website URL

ICQ

Yahoo

Jabber

Location

Interests

Found 5 results

  1. Metallica
    What is Email Search Tools? The Malwarebytes research team has determined that Email Search Tools is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by Email Search Tools? You may see this entry in your list of installed Chrome extensions: this icon in the Chrome menu-bar: this changed setting: and these warnings during install: How did Email Search Tools get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website: How do I remove Email Search Tools? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Email Search Tools? No, Malwarebytes removes Email Search Tools completely. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below Malwarebytes Browser Guard, as well as the full version of Malwarebytes would have protected you against the Email Search Tools hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://search.emailsearchtools.com/s?query={searchTerms} CHR DefaultSearchKeyword: Default -> qs CHR Extension: (EmailSearchTools) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb [2020-02-18] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0 Adds the file background.js"="9/18/2019 1:42 PM, 14032 bytes, A Adds the file icon.png"="2/18/2020 9:27 AM, 5491 bytes, A Adds the file manifest.json"="2/18/2020 9:27 AM, 1540 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0\_locales\en Adds the file messages.json"="2/18/2020 9:27 AM, 266 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0\_metadata Adds the file computed_hashes.json"="2/18/2020 9:27 AM, 630 bytes, A Adds the file verified_contents.json"="1/8/2020 4:17 PM, 1893 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0\css Adds the file description.css"="5/3/2018 4:42 PM, 1008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.3_0\html\popup Adds the file description.html"="9/5/2019 2:07 PM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb Adds the file 000003.log"="2/18/2020 9:27 AM, 141 bytes, A Adds the file CURRENT"="2/18/2020 9:27 AM, 16 bytes, A Adds the file LOCK"="2/18/2020 9:27 AM, 0 bytes, A Adds the file LOG"="2/18/2020 9:30 AM, 183 bytes, A Adds the file MANIFEST-000001"="2/18/2020 9:27 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jghejomglpmejfcphjbfeplpdndfccbb"="REG_SZ", "97E0F3A7AB704677C53A02393F770EDAD534C32F242AD71AAE6161493AF5A4A7" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/18/20 Scan Time: 9:49 AM Log File: a112250e-522b-11ea-b7ee-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.823 Update Package Version: 1.0.19396 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 235882 Threats Detected: 12 Threats Quarantined: 12 Time Elapsed: 33 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 205, 774169, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB, Quarantined, 205, 774169, 1.0.19396, , ame, File: 9 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\000003.log, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\CURRENT, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOCK, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOG, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\MANIFEST-000001, Quarantined, 205, 774169, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB\1.3_0\BACKGROUND.JS, Quarantined, 205, 774169, 1.0.19396, , ame, PUP.Optional.Spigot.PN, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 220, 786325, 1.0.19396, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. Metallica
    What is Access Gov Docs Tab? The Malwarebytes research team has determined that Access Gov Docs Tab is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This particular one is a newtab hijacker and uses web push notifications. How do I know if my computer is affected by Access Gov Docs Tab? You may see this browser extension: these warnings during install: You may see this new startpage: and this new setting: How did Access Gov Docs Tab get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore: after a redirect from their website. How do I remove Access Gov Docs Tab? Our program Malwarebytes can detect and remove this potentially unwanted program. You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Access Gov Docs Tab? No, Malwarebytes' Anti-Malware removes Access Gov Docs Tab completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes, as well as Browser Guard, would have protected you against the Access Gov Docs Tab hijacker. It blocks their domains: Technical details for experts Possible signs in FRST logs: CHR Notifications: Default -> hxxps://accessgovdocs.net CHR NewTab: Default -> Active:"chrome-extension://pkcbnkckeahemigpmionfaiclhdeellf/newtabhtml/newtabpage.html" CHR Extension: (Access Gov Docs Tab) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf [2020-02-12] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0 Adds the file central.js"="11/4/2019 4:54 PM, 2612 bytes, A Adds the file icon.png"="2/12/2020 8:57 AM, 5222 bytes, A Adds the file manifest.json"="2/12/2020 8:57 AM, 1363 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\_locales\en Adds the file messages.json"="2/12/2020 8:57 AM, 206 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\_metadata Adds the file computed_hashes.json"="2/12/2020 8:57 AM, 1609 bytes, A Adds the file verified_contents.json"="11/4/2019 4:54 PM, 3027 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\html\bAction Adds the file about.html"="11/4/2019 4:54 PM, 4050 bytes, A Adds the file newtabpage.html"="11/4/2019 4:54 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\js Adds the file browseraction.js"="11/4/2019 4:54 PM, 992 bytes, A Adds the file config.js"="11/4/2019 4:54 PM, 1014 bytes, A Adds the file dailyFeature.js"="11/4/2019 4:54 PM, 3479 bytes, A Adds the file diagnostic.js"="11/4/2019 4:54 PM, 874 bytes, A Adds the file log.js"="11/4/2019 4:54 PM, 880 bytes, A Adds the file newTab.js"="11/4/2019 4:54 PM, 2418 bytes, A Adds the file search.js"="11/4/2019 4:54 PM, 857 bytes, A Adds the file store.js"="11/4/2019 4:54 PM, 235 bytes, A Adds the file utility.js"="11/4/2019 4:54 PM, 2534 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf\1.0_0\newtabhtml Adds the file newtabpage.html"="11/4/2019 4:54 PM, 207 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf Adds the file 000003.log"="2/12/2020 8:57 AM, 436 bytes, A Adds the file CURRENT"="2/12/2020 8:57 AM, 16 bytes, A Adds the file LOCK"="2/12/2020 8:57 AM, 0 bytes, A Adds the file LOG"="2/12/2020 9:03 AM, 184 bytes, A Adds the file MANIFEST-000001"="2/12/2020 8:57 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pkcbnkckeahemigpmionfaiclhdeellf"="REG_SZ", "1EC6E39BCCAD8954D53C75484C0712E68018C6906F0131AD4AEEA10CD5CC19FC" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/12/20 Scan Time: 9:08 AM Log File: e61a4dbe-4d6e-11ea-9609-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.823 Update Package Version: 1.0.19088 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 235857 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 11 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pkcbnkckeahemigpmionfaiclhdeellf, Quarantined, 205, 752296, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\pkcbnkckeahemigpmionfaiclhdeellf, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf, Quarantined, 205, 752296, , , , File: 8 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\000003.log, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\CURRENT, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\LOCK, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\LOG, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkcbnkckeahemigpmionfaiclhdeellf\MANIFEST-000001, Quarantined, 205, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PKCBNKCKEAHEMIGPMIONFAICLHDEELLF\1.0_0\JS\DAILYFEATURE.JS, Quarantined, 205, 752296, 1.0.19088, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. Metallica
    What is My Login Hub?The Malwarebytes research team has determined that My Login Hub is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one is a newtab hijacker and uses web push notifications.How do I know if my computer is affected by My Login Hub?You may see this browser extension:these warnings during install:Despite this last notification you may see this icon in your browsers menu-bar:and this new setting:How did My Login Hub get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove My Login Hub?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of My Login Hub? No, Malwarebytes' Anti-Malware removes My Login Hub completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the My Login Hub hijacker. Both Malwarebytes Premium and Browser Guard would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://cgbimlhbabmglaamekacddnjhdloknme/newtabhtml/newtabpage.html" CHR Extension: (My Login Hub) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme [2019-12-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0 Adds the file central.js"="10/28/2019 3:45 PM, 2612 bytes, A Adds the file icon.png"="12/17/2019 8:57 AM, 17075 bytes, A Adds the file manifest.json"="12/17/2019 8:57 AM, 1359 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales\en Adds the file messages.json"="12/17/2019 8:57 AM, 199 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata Adds the file computed_hashes.json"="12/17/2019 8:57 AM, 1507 bytes, A Adds the file verified_contents.json"="10/28/2019 3:45 PM, 3027 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction Adds the file about.html"="10/28/2019 3:45 PM, 4176 bytes, A Adds the file newtabpage.html"="10/28/2019 3:45 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js Adds the file browseraction.js"="10/28/2019 3:45 PM, 988 bytes, A Adds the file config.js"="10/28/2019 3:45 PM, 1014 bytes, A Adds the file dailyFeature.js"="10/28/2019 3:45 PM, 3475 bytes, A Adds the file diagnostic.js"="10/28/2019 3:45 PM, 874 bytes, A Adds the file log.js"="10/28/2019 3:45 PM, 872 bytes, A Adds the file newTab.js"="10/28/2019 3:45 PM, 2443 bytes, A Adds the file search.js"="10/28/2019 3:45 PM, 857 bytes, A Adds the file store.js"="10/28/2019 3:45 PM, 235 bytes, A Adds the file utility.js"="10/28/2019 3:45 PM, 2522 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\newtabhtml Adds the file newtabpage.html"="10/28/2019 3:45 PM, 207 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme Adds the file 000003.log"="12/17/2019 8:58 AM, 466 bytes, A Adds the file CURRENT"="12/17/2019 8:58 AM, 16 bytes, A Adds the file LOCK"="12/17/2019 8:58 AM, 0 bytes, A Adds the file LOG"="12/17/2019 8:58 AM, 183 bytes, A Adds the file MANIFEST-000001"="12/17/2019 8:58 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "cgbimlhbabmglaamekacddnjhdloknme"="REG_SZ", "2EAD79FF084CC24A86786571101318B6CD4AE6C55AF35246677687F872564595" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/17/19 Scan Time: 9:09 AM Log File: 862853c0-20a4-11ea-9e94-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.770 Update Package Version: 1.0.16308 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236141 Threats Detected: 36 Threats Quarantined: 36 Time Elapsed: 18 min, 13 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|cgbimlhbabmglaamekacddnjhdloknme, Quarantined, 206, 752296, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales\en, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\newtabhtml, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGBIMLHBABMGLAAMEKACDDNJHDLOKNME\1.0_0, Quarantined, 206, 752296, 1.0.16308, , ame, File: 25 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\000003.log, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\CURRENT, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\LOCK, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\LOG, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\MANIFEST-000001, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGBIMLHBABMGLAAMEKACDDNJHDLOKNME\1.0_0\JS\DAILYFEATURE.JS, Quarantined, 206, 752296, 1.0.16308, , ame, PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction\about.html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction\newtabpage.html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\browseraction.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\config.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\diagnostic.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\log.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\newTab.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\search.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\store.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\utility.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\newtabhtml\newtabpage.html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales\en\messages.json, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata\computed_hashes.json, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata\verified_contents.json, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\central.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\icon.png, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\manifest.json, Quarantined, 206, 752296, , , , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. Metallica
    What is Email Search Tools?The Malwarebytes research team has determined that Email Search Tools is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Email Search Tools?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did Email Search Tools get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Email Search Tools?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Email Search Tools? No, Malwarebytes removes Email Search Tools completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Email Search Tools hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://search.emailsearchtools.com/s?query={searchTerms} CHR DefaultSearchKeyword: Default -> email CHR Extension: (EmailSearchTools) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb [2019-11-15] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0 Adds the file background.js"="9/18/2019 1:42 PM, 14032 bytes, A Adds the file icon.png"="11/15/2019 9:12 AM, 5491 bytes, A Adds the file manifest.json"="11/15/2019 9:12 AM, 1554 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales\en Adds the file messages.json"="11/15/2019 9:12 AM, 266 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata Adds the file computed_hashes.json"="11/15/2019 9:12 AM, 630 bytes, A Adds the file verified_contents.json"="9/18/2019 11:23 AM, 1893 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\css Adds the file description.css"="5/3/2018 4:42 PM, 1008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html\popup Adds the file description.html"="9/5/2019 2:07 PM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb Adds the file 000003.log"="11/15/2019 9:12 AM, 168 bytes, A Adds the file CURRENT"="11/15/2019 9:12 AM, 16 bytes, A Adds the file LOCK"="11/15/2019 9:12 AM, 0 bytes, A Adds the file LOG"="11/15/2019 9:12 AM, 183 bytes, A Adds the file MANIFEST-000001"="11/15/2019 9:12 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jghejomglpmejfcphjbfeplpdndfccbb"="REG_SZ", "A9322B76617230A96887AEEB8993C10B62005A0728B26F171B4E0708000AC09C" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/15/19 Scan Time: 9:22 AM Log File: 20bbffdc-0781-11ea-8ad9-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.718 Update Package Version: 1.0.14948 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233906 Threats Detected: 25 Threats Quarantined: 25 Time Elapsed: 4 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 208, 575422, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales\en, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html\popup, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\css, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB, Quarantined, 208, 575422, 1.0.14948, , ame, File: 15 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\000003.log, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\CURRENT, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOCK, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOG, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\MANIFEST-000001, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB\1.1_0\BACKGROUND.JS, Quarantined, 208, 575422, 1.0.14948, , ame, PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\css\description.css, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html\popup\description.html, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales\en\messages.json, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata\computed_hashes.json, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata\verified_contents.json, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\icon.png, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\manifest.json, Quarantined, 208, 575422, , , , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. Metallica
    What is Free Live Radio?The Malwarebytes research team has determined that Free Live Radio is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Free Live Radio?You may see this browser extension:these warnings during install:You may see this icon in your browsers menu-bar:this new startpage:and this new setting:How did Free Live Radio get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:How do I remove Free Live Radio?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Free Live Radio? No, Malwarebytes' Anti-Malware removes Free Live Radio completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes and Malwarebytes Browser Guard would have protected you against the Free Live Radio hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://pacogkibldhicojmklpbapiilaleilbp/newtabfile/fastesttab.html" CHR Extension: (Free Live Radio) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp [2019-10-31] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0 Adds the file after.js"="7/16/2019 3:49 PM, 1264 bytes, A Adds the file bg.js"="7/16/2019 3:49 PM, 15172 bytes, A Adds the file contentscript.js"="7/16/2019 3:49 PM, 1247 bytes, A Adds the file icon.png"="10/31/2019 8:28 AM, 2449 bytes, A Adds the file manifest.json"="10/31/2019 8:28 AM, 1442 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales\en Adds the file messages.json"="10/31/2019 8:28 AM, 274 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata Adds the file computed_hashes.json"="10/31/2019 8:28 AM, 1195 bytes, A Adds the file verified_contents.json"="7/16/2019 3:49 PM, 2613 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css Adds the file browserAction.css"="7/16/2019 3:49 PM, 95 bytes, A Adds the file description.css"="7/16/2019 3:49 PM, 1008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction Adds the file browserAction.html"="7/16/2019 3:49 PM, 230 bytes, A Adds the file description.html"="7/16/2019 3:49 PM, 264 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\js Adds the file newTab.js"="7/16/2019 3:49 PM, 1720 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\newtabfile Adds the file fastesttab.html"="7/16/2019 3:49 PM, 208 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp Adds the file 000003.log"="10/31/2019 8:28 AM, 234 bytes, A Adds the file CURRENT"="10/31/2019 8:28 AM, 16 bytes, A Adds the file LOCK"="10/31/2019 8:28 AM, 0 bytes, A Adds the file LOG"="10/31/2019 8:28 AM, 183 bytes, A Adds the file MANIFEST-000001"="10/31/2019 8:28 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pacogkibldhicojmklpbapiilaleilbp"="REG_SZ", "4D051C639B48ED7E29B08E2845AB4CC7F2AA46F4775F75186BC4F68E5DF81F71" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/31/19 Scan Time: 8:40 AM Log File: bf66dd55-fbb1-11e9-9600-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.13123 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234128 Threats Detected: 33 Threats Quarantined: 33 Time Elapsed: 7 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pacogkibldhicojmklpbapiilaleilbp, Quarantined, [209], [754439],1.0.13123 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales\en, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\newtabfile, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PACOGKIBLDHICOJMKLPBAPIILALEILBP, Quarantined, [209], [754439],1.0.13123 File: 21 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\000003.log, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\CURRENT, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\LOCK, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\LOG, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\MANIFEST-000001, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PACOGKIBLDHICOJMKLPBAPIILALEILBP\4.1_0\BG.JS, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css\browserAction.css, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css\description.css, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction\browserAction.html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction\description.html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\js\newTab.js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\newtabfile\fastesttab.html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales\en\messages.json, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata\computed_hashes.json, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata\verified_contents.json, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\after.js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\contentscript.js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\icon.png, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\manifest.json, Quarantined, [209], [754439],1.0.13123 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept