Jump to content

Search the Community

Showing results for tags 'pup.optional.spigot.generic'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 4 results

  1. What is My Login Hub?The Malwarebytes research team has determined that My Login Hub is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.This particular one is a newtab hijacker and uses web push notifications.How do I know if my computer is affected by My Login Hub?You may see this browser extension:these warnings during install:Despite this last notification you may see this icon in your browsers menu-bar:and this new setting:How did My Login Hub get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove My Login Hub?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of My Login Hub? No, Malwarebytes' Anti-Malware removes My Login Hub completely. If you have allowed the notifications you can read here how to disable them. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the My Login Hub hijacker. Both Malwarebytes Premium and Browser Guard would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://cgbimlhbabmglaamekacddnjhdloknme/newtabhtml/newtabpage.html" CHR Extension: (My Login Hub) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme [2019-12-17] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0 Adds the file central.js"="10/28/2019 3:45 PM, 2612 bytes, A Adds the file icon.png"="12/17/2019 8:57 AM, 17075 bytes, A Adds the file manifest.json"="12/17/2019 8:57 AM, 1359 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales\en Adds the file messages.json"="12/17/2019 8:57 AM, 199 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata Adds the file computed_hashes.json"="12/17/2019 8:57 AM, 1507 bytes, A Adds the file verified_contents.json"="10/28/2019 3:45 PM, 3027 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction Adds the file about.html"="10/28/2019 3:45 PM, 4176 bytes, A Adds the file newtabpage.html"="10/28/2019 3:45 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js Adds the file browseraction.js"="10/28/2019 3:45 PM, 988 bytes, A Adds the file config.js"="10/28/2019 3:45 PM, 1014 bytes, A Adds the file dailyFeature.js"="10/28/2019 3:45 PM, 3475 bytes, A Adds the file diagnostic.js"="10/28/2019 3:45 PM, 874 bytes, A Adds the file log.js"="10/28/2019 3:45 PM, 872 bytes, A Adds the file newTab.js"="10/28/2019 3:45 PM, 2443 bytes, A Adds the file search.js"="10/28/2019 3:45 PM, 857 bytes, A Adds the file store.js"="10/28/2019 3:45 PM, 235 bytes, A Adds the file utility.js"="10/28/2019 3:45 PM, 2522 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\newtabhtml Adds the file newtabpage.html"="10/28/2019 3:45 PM, 207 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme Adds the file 000003.log"="12/17/2019 8:58 AM, 466 bytes, A Adds the file CURRENT"="12/17/2019 8:58 AM, 16 bytes, A Adds the file LOCK"="12/17/2019 8:58 AM, 0 bytes, A Adds the file LOG"="12/17/2019 8:58 AM, 183 bytes, A Adds the file MANIFEST-000001"="12/17/2019 8:58 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "cgbimlhbabmglaamekacddnjhdloknme"="REG_SZ", "2EAD79FF084CC24A86786571101318B6CD4AE6C55AF35246677687F872564595" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/17/19 Scan Time: 9:09 AM Log File: 862853c0-20a4-11ea-9e94-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.770 Update Package Version: 1.0.16308 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236141 Threats Detected: 36 Threats Quarantined: 36 Time Elapsed: 18 min, 13 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|cgbimlhbabmglaamekacddnjhdloknme, Quarantined, 206, 752296, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales\en, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\newtabhtml, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGBIMLHBABMGLAAMEKACDDNJHDLOKNME\1.0_0, Quarantined, 206, 752296, 1.0.16308, , ame, File: 25 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\000003.log, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\CURRENT, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\LOCK, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\LOG, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cgbimlhbabmglaamekacddnjhdloknme\MANIFEST-000001, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CGBIMLHBABMGLAAMEKACDDNJHDLOKNME\1.0_0\JS\DAILYFEATURE.JS, Quarantined, 206, 752296, 1.0.16308, , ame, PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction\about.html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\html\bAction\newtabpage.html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\browseraction.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\config.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\diagnostic.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\log.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\newTab.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\search.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\store.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\js\utility.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\newtabhtml\newtabpage.html, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_locales\en\messages.json, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata\computed_hashes.json, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\_metadata\verified_contents.json, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\central.js, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\icon.png, Quarantined, 206, 752296, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbimlhbabmglaamekacddnjhdloknme\1.0_0\manifest.json, Quarantined, 206, 752296, , , , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is Email Search Tools?The Malwarebytes research team has determined that Email Search Tools is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Email Search Tools?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did Email Search Tools get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Email Search Tools?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of Email Search Tools? No, Malwarebytes removes Email Search Tools completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below Malwarebytes Browser Guard, and the full version of Malwarebytes would have protected you against the Email Search Tools hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://search.emailsearchtools.com/s?query={searchTerms} CHR DefaultSearchKeyword: Default -> email CHR Extension: (EmailSearchTools) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb [2019-11-15] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0 Adds the file background.js"="9/18/2019 1:42 PM, 14032 bytes, A Adds the file icon.png"="11/15/2019 9:12 AM, 5491 bytes, A Adds the file manifest.json"="11/15/2019 9:12 AM, 1554 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales\en Adds the file messages.json"="11/15/2019 9:12 AM, 266 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata Adds the file computed_hashes.json"="11/15/2019 9:12 AM, 630 bytes, A Adds the file verified_contents.json"="9/18/2019 11:23 AM, 1893 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\css Adds the file description.css"="5/3/2018 4:42 PM, 1008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html\popup Adds the file description.html"="9/5/2019 2:07 PM, 240 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb Adds the file 000003.log"="11/15/2019 9:12 AM, 168 bytes, A Adds the file CURRENT"="11/15/2019 9:12 AM, 16 bytes, A Adds the file LOCK"="11/15/2019 9:12 AM, 0 bytes, A Adds the file LOG"="11/15/2019 9:12 AM, 183 bytes, A Adds the file MANIFEST-000001"="11/15/2019 9:12 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jghejomglpmejfcphjbfeplpdndfccbb"="REG_SZ", "A9322B76617230A96887AEEB8993C10B62005A0728B26F171B4E0708000AC09C" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/15/19 Scan Time: 9:22 AM Log File: 20bbffdc-0781-11ea-8ad9-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.718 Update Package Version: 1.0.14948 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233906 Threats Detected: 25 Threats Quarantined: 25 Time Elapsed: 4 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 208, 575422, , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales\en, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html\popup, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\css, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB, Quarantined, 208, 575422, 1.0.14948, , ame, File: 15 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\000003.log, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\CURRENT, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOCK, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\LOG, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jghejomglpmejfcphjbfeplpdndfccbb\MANIFEST-000001, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGHEJOMGLPMEJFCPHJBFEPLPDNDFCCBB\1.1_0\BACKGROUND.JS, Quarantined, 208, 575422, 1.0.14948, , ame, PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\css\description.css, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\html\popup\description.html, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_locales\en\messages.json, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata\computed_hashes.json, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\_metadata\verified_contents.json, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\icon.png, Quarantined, 208, 575422, , , , PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghejomglpmejfcphjbfeplpdndfccbb\1.1_0\manifest.json, Quarantined, 208, 575422, , , , Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is Free Live Radio?The Malwarebytes research team has determined that Free Live Radio is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Free Live Radio?You may see this browser extension:these warnings during install:You may see this icon in your browsers menu-bar:this new startpage:and this new setting:How did Free Live Radio get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:How do I remove Free Live Radio?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Free Live Radio? No, Malwarebytes' Anti-Malware removes Free Live Radio completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes and Malwarebytes Browser Guard would have protected you against the Free Live Radio hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://pacogkibldhicojmklpbapiilaleilbp/newtabfile/fastesttab.html" CHR Extension: (Free Live Radio) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp [2019-10-31] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0 Adds the file after.js"="7/16/2019 3:49 PM, 1264 bytes, A Adds the file bg.js"="7/16/2019 3:49 PM, 15172 bytes, A Adds the file contentscript.js"="7/16/2019 3:49 PM, 1247 bytes, A Adds the file icon.png"="10/31/2019 8:28 AM, 2449 bytes, A Adds the file manifest.json"="10/31/2019 8:28 AM, 1442 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales\en Adds the file messages.json"="10/31/2019 8:28 AM, 274 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata Adds the file computed_hashes.json"="10/31/2019 8:28 AM, 1195 bytes, A Adds the file verified_contents.json"="7/16/2019 3:49 PM, 2613 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css Adds the file browserAction.css"="7/16/2019 3:49 PM, 95 bytes, A Adds the file description.css"="7/16/2019 3:49 PM, 1008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction Adds the file browserAction.html"="7/16/2019 3:49 PM, 230 bytes, A Adds the file description.html"="7/16/2019 3:49 PM, 264 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\js Adds the file newTab.js"="7/16/2019 3:49 PM, 1720 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\newtabfile Adds the file fastesttab.html"="7/16/2019 3:49 PM, 208 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp Adds the file 000003.log"="10/31/2019 8:28 AM, 234 bytes, A Adds the file CURRENT"="10/31/2019 8:28 AM, 16 bytes, A Adds the file LOCK"="10/31/2019 8:28 AM, 0 bytes, A Adds the file LOG"="10/31/2019 8:28 AM, 183 bytes, A Adds the file MANIFEST-000001"="10/31/2019 8:28 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "pacogkibldhicojmklpbapiilaleilbp"="REG_SZ", "4D051C639B48ED7E29B08E2845AB4CC7F2AA46F4775F75186BC4F68E5DF81F71" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/31/19 Scan Time: 8:40 AM Log File: bf66dd55-fbb1-11e9-9600-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.13123 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234128 Threats Detected: 33 Threats Quarantined: 33 Time Elapsed: 7 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pacogkibldhicojmklpbapiilaleilbp, Quarantined, [209], [754439],1.0.13123 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales\en, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\newtabfile, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PACOGKIBLDHICOJMKLPBAPIILALEILBP, Quarantined, [209], [754439],1.0.13123 File: 21 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\000003.log, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\CURRENT, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\LOCK, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\LOG, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pacogkibldhicojmklpbapiilaleilbp\MANIFEST-000001, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PACOGKIBLDHICOJMKLPBAPIILALEILBP\4.1_0\BG.JS, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css\browserAction.css, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\css\description.css, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction\browserAction.html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\html\browserAction\description.html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\js\newTab.js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\newtabfile\fastesttab.html, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_locales\en\messages.json, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata\computed_hashes.json, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\_metadata\verified_contents.json, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\after.js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\contentscript.js, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\icon.png, Quarantined, [209], [754439],1.0.13123 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacogkibldhicojmklpbapiilaleilbp\4.1_0\manifest.json, Quarantined, [209], [754439],1.0.13123 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. Hi I have a couple of issues. Malwarebytes stopped running scheduled scans for a few months. When I ran a scan yesterday, it had multiple infections that needed to be cleaned. It cleaned them but I have read online sometimes you have to to more. I have attached the infected scan, a scan after cleaning, and Farbar reports. So my questions are: -Why are scheduled scans not running? -Do the Farbar reports show that I am still infected? Thanks. cleaned.txt infected.txt Addition.txt FRST.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.