Search the Community

Showing results for tags 'pup.optional.spigot'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Malware Removal for Windows
    • Malware Removal for Mac
    • Malware Removal for Mobile
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3.0
    • Malwarebytes Anti-Malware for Mac
    • Malwarebytes Anti-Malware Mobile
    • False Positives
    • Translator Lounge
    • Comments and Suggestions
  • Malwarebytes Endpoint Security Support
    • Malwarebytes Anti-Malware for Business
    • Malwarebytes Anti-Exploit for Business
    • Malwarebytes Breach Remediation
    • Malwarebytes Anti-Ransomware for Business
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy) Support
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
  • General
    • General Chat
    • Forums Announcements & Feedback

Found 6 results

  1. What is Your Instant Email? The Malwarebytes research team has determined that Your Instant Email is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. Your Instant Email is a member of the Spigot family as described in the blogpost Spigot browser hijackers. How do I know if my computer is affected by Your Instant Email? You may see this Firefox extension: this new default search provider in Internet Explorer: and this entry in your list of installed software: You may also see these warnings during install: and this new startpage in the affected browser(s): How did Your Instant Email get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove Your Instant Email? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Your Instant Email? If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the Your Instant Email entry. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Your Instant Email hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yourinstantemail.com/?source=tt&uid={uid1}&uc=20170215&ap=&i_id=email__1.30 SearchScopes: HKCU -> DefaultScope {3FE479AA-6079-437A-913F-2FB27F48B31A} URL = hxxp://search.yourinstantemail.com/s?source=tt-bb8&uid={uid1}&uc=20170215&ap=&i_id=email__1.30&query={searchTerms} SearchScopes: HKCU -> {3FE479AA-6079-437A-913F-2FB27F48B31A} URL = hxxp://search.yourinstantemail.com/s?source=tt-bb8&uid={uid1}&uc=20170215&ap=&i_id=email__1.30&query={searchTerms} FF Homepage: hxxp://search.yourinstantemail.com?uid={uid2}&uc=20170215&ap=&source=tt&page=homepage&implementation_id=email_4.0.12 FF Extension: Email - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\@Email.xpi [2017-02-15] C:\Users\{username}\AppData\Roaming\SpigotSettings Your Instant Email (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 2.2.0.5 - Spigot, Inc.) <==== ATTENTION Most relevant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file @Email.xpi"="2/15/2017 8:51 AM, 21706 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Email\simple-storage Adds the file store.json"="2/15/2017 8:55 AM, 315 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SpigotSettings Adds the file Uninstall.exe"="2/15/2017 8:50 AM, 267616 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://search.yourinstantemail.com/?source=tt&uid={uid1}&uc=20170215&ap=&i_id=email__1.30" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{3FE479AA-6079-437A-913F-2FB27F48B31A}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3FE479AA-6079-437A-913F-2FB27F48B31A}] "DisplayName"="REG_SZ", "Search" "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" "URL"="REG_SZ", "http://search.yourinstantemail.com/s?source=tt-bb8&uid={uid1}&uc=20170215&ap=&i_id=email__1.30&query={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}] "DisplayName"="REG_SZ", "Your Instant Email" "DisplayVersion"="REG_SZ", "2.2.0.5" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\SpigotSettings\" "Publisher"="REG_SZ", "Spigot, Inc." "UninstallHomepage"="REG_SZ", "http://search.yourinstantemail.com/?source=tt&uid={uid1}&uc=20170215&ap=&i_id=email__1.30" "UninstallImpression"="REG_SZ", "http://imp.yourinstantemail.com/impression.do?source=tt&sub_id=20170215&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&traffic_source=&user_id={uid1}&implementation_id=email__1.30&event={exEvent}" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\SpigotSettings\Uninstall.exe" /uninstall" Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/15/17 Scan Time: 9:08 AM Logfile: mbamYourInstantEmail.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1266 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 360113 Time Elapsed: 1 min, 30 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [810], [300859],1.0.1266 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3FE479AA-6079-437A-913F-2FB27F48B31A}, Delete-on-Reboot, [2353], [368913],1.0.1266 Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3FE479AA-6079-437A-913F-2FB27F48B31A}|URL, Delete-on-Reboot, [2353], [368913],1.0.1266 Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.MyEmailXP, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Email\simple-storage, Delete-on-Reboot, [1843], [335005],1.0.1266 PUP.Optional.MyEmailXP, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\JETPACK\@EMAIL, Delete-on-Reboot, [1843], [335005],1.0.1266 File: 4 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\SPIGOTSETTINGS\UNINSTALL.EXE, Delete-on-Reboot, [810], [300859],1.0.1266 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\PREFS.JS, Replaced, [2353], [361537],1.0.1266 PUP.Optional.MyEmailXP, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Email\simple-storage\store.json, Delete-on-Reboot, [1843], [335005],1.0.1266 PUP.Optional.MyEmailXP, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\EXTENSIONS\@EMAIL.XPI, Delete-on-Reboot, [1843], [335030],1.0.1266 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is GetFitNow? The Malwarebytes research team has determined that GetFitNow is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. GetFitNow is a member of the Spigot family. How do I know if my computer is affected by GetFitNow? You may see these browser extensions/add-ons: and these altered settings: You may see this entry in your list of installed software: these warnings during install: and this new startpage in the affected browser(s): How did GetFitNow get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove GetFitNow? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GetFitNow? If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the GetFitNow entry. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the GetFitNow hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.getfitnow.co/?source=&uid={uid1}&uc=20170208&ap=appfocus1&i_id=fitness__1.30 SearchScopes: HKCU -> DefaultScope {E4B45767-A66A-459A-B864-3B8F8C7E246A} URL = hxxp://search.getfitnow.co/s?source=&uid={uid1}&uc=20170208&ap=appfocus1&i_id=fitness__1.30&query={searchTerms} SearchScopes: HKCU -> {E4B45767-A66A-459A-B864-3B8F8C7E246A} URL = hxxp://search.getfitnow.co/s?source=&uid={uid1}&uc=20170208&ap=appfocus1&i_id=fitness__1.30&query={searchTerms} FF Homepage: hxxp://search.getfitnow.co?uid={uid2}&uc=20170208&ap=appfocus1&source=tt&page=homepage&implementation_id=fitness_4.0.1 FF Extension: Fitness - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\@Fitness.xpi [2017-02-08] CHR Extension: (Get Fit Now) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh [2017-02-08] C:\Users\{username}\AppData\Roaming\SpigotSettings GetFitNow (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 2.1.0.1 - Spigot, Inc.) <==== ATTENTION The most significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jgblngkjeffdpdnfgenlfjnaakgahfoh Adds the file 000003.log"="2/8/2017 9:18 AM, 252 bytes, A Adds the file CURRENT"="2/8/2017 9:18 AM, 16 bytes, A Adds the file LOCK"="2/8/2017 9:18 AM, 0 bytes, A Adds the file LOG"="2/8/2017 9:28 AM, 410 bytes, A Adds the file LOG.old"="2/8/2017 9:18 AM, 184 bytes, A Adds the file MANIFEST-000001"="2/8/2017 9:18 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file @Fitness.xpi"="2/8/2017 9:16 AM, 64432 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Fitness\simple-storage Adds the file store.json"="2/8/2017 9:17 AM, 317 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SpigotSettings Adds the file Uninstall.exe"="2/8/2017 9:12 AM, 267616 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://search.getfitnow.co/?source=&uid={uid1}&uc=20170208&ap=appfocus1&i_id=fitness__1.30" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{E4B45767-A66A-459A-B864-3B8F8C7E246A}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4B45767-A66A-459A-B864-3B8F8C7E246A}] "DisplayName"="REG_SZ", "Search" "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" "URL"="REG_SZ", "http://search.getfitnow.co/s?source=&uid={uid1}&uc=20170208&ap=appfocus1&i_id=fitness__1.30&query={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}] "DisplayName"="REG_SZ", "GetFitNow" "DisplayVersion"="REG_SZ", "2.1.0.1" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\SpigotSettings\" "Publisher"="REG_SZ", "Spigot, Inc." "UninstallHomepage"="REG_SZ", "http://search.getfitnow.co/?source=&uid={uid1}&uc=20170208&ap=appfocus1&i_id=fitness__1.30" "UninstallImpression"="REG_SZ", "http://imp.getfitnow.co/impression.do?source=&sub_id=20170208&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&traffic_source=appfocus1&user_id={uid1}&implementation_id=fitness__1.30&event={exEvent}" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\SpigotSettings\Uninstall.exe" /uninstall" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/8/17 Scan Time: 9:38 AM Logfile: mbamGetFitNow.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1207 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 359252 Time Elapsed: 1 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [811], [300859],1.0.1207 Registry Value: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 13 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Fitness\simple-storage, Delete-on-Reboot, [2350], [364585],1.0.1207 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\JETPACK\@FITNESS, Delete-on-Reboot, [2350], [364585],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\_locales\en, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\html\popup, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\_metadata, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\js\popup, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\_locales, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\newtab, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\html, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\css, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\js, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGBLNGKJEFFDPDNFGENLFJNAAKGAHFOH, Delete-on-Reboot, [2350], [362981],1.0.1207 File: 18 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Fitness\simple-storage\store.json, Delete-on-Reboot, [2350], [364585],1.0.1207 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\PREFS.JS, Replaced, [2350], [361537],1.0.1207 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\SPIGOTSETTINGS\UNINSTALL.EXE, Delete-on-Reboot, [811], [300859],1.0.1207 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JGBLNGKJEFFDPDNFGENLFJNAAKGAHFOH\3.0_0\BACKGROUND.JS, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\css\description.css, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\css\popup.css, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\html\popup\description.html, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\html\popup\popup.html, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\js\popup\popup.js, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\js\userNewTab.js, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\newtab\newtab.html, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\_locales\en\messages.json, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\_metadata\computed_hashes.json, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\_metadata\verified_contents.json, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\contentscript.js, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\icon.png, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgblngkjeffdpdnfgenlfjnaakgahfoh\3.0_0\manifest.json, Delete-on-Reboot, [2350], [362981],1.0.1207 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\EXTENSIONS\@FITNESS.XPI, Delete-on-Reboot, [2350], [364607],1.0.1207 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is Easy Online Game Access? The Malwarebytes research team has determined that Easy Online Game Access is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is affected by Easy Online Game Access? You may see these warnings during install: this browser extension: this new default Search Provider: and this new startpage in the affected browser(s): How did Easy Online Game Access get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove Easy Online Game Access? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Easy Online Game Access? No, Malwarebytes removes Easy Online Game Access completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Easy Online Game Access hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block the traffic to their sites. Technical details for experts Possible signs in FRST logs: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.easyonlinegameaccess.com/?source=tt&uid={uid1}&uc=20170201&ap=&i_id=games__1.30 SearchScopes: HKCU -> DefaultScope {0B73690C-0686-422A-999D-FEE19642DD9E} URL = hxxp://search.easyonlinegameaccess.com/s?source=tt&uid={uid1}&uc=20170201&ap=&i_id=games__1.30&query={searchTerms} SearchScopes: HKCU -> {0B73690C-0686-422A-999D-FEE19642DD9E} URL = hxxp://search.easyonlinegameaccess.com/s?source=tt&uid={uid1}&uc=20170201&ap=&i_id=games__1.30&query={searchTerms} FF NewTab: hxxp://search.easyonlinegameaccess.com?uid={uid2}&uc=20170201&ap=&source=-bb8&page=newtab&implementation_id=games_0.2.0 FF Homepage: hxxp://search.easyonlinegameaccess.com?uid={uid2}&uc=20170201&ap=&source=-bb8&page=homepage&implementation_id=games_0.2.0 FF Extension: Games - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\@Games.xpi [2017-02-01] C:\Users\{username}\AppData\Roaming\SpigotSettings Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file @Games.xpi"="2/1/2017 9:28 AM, 27453 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Games\simple-storage Adds the file store.json"="2/1/2017 9:29 AM, 327 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\SpigotSettings Adds the file Uninstall.exe"="2/1/2017 9:25 AM, 267616 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://search.easyonlinegameaccess.com/?source=tt&uid={uid1}&uc=20170201&ap=&i_id=games__1.30" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{0B73690C-0686-422A-999D-FEE19642DD9E}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B73690C-0686-422A-999D-FEE19642DD9E}] "DisplayName"="REG_SZ", "Search" "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" "URL"="REG_SZ", "http://search.easyonlinegameaccess.com/s?source=tt&uid={uid1}&uc=20170201&ap=&i_id=games__1.30&query={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}] "DisplayName"="REG_SZ", "" "DisplayVersion"="REG_SZ", "2.1.0.1" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\SpigotSettings\" "Publisher"="REG_SZ", "Spigot, Inc." "UninstallHomepage"="REG_SZ", "http://search.easyonlinegameaccess.com/?source=tt&uid={uid1}&uc=20170201&ap=&i_id=games__1.30" "UninstallImpression"="REG_SZ", "http://imp.easyonlinegameaccess.com/impression.do?source=tt&sub_id=20170201&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&traffic_source=&user_id={uid1}&implementation_id=games__1.30&event={exEvent}" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\SpigotSettings\Uninstall.exe" /uninstall" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/1/17 Scan Time: 9:40 AM Logfile: mbamEasyOnlineGameAccess.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1148 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 358118 Time Elapsed: 1 min, 36 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [811], [300859],1.0.1148 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Games\simple-storage, Delete-on-Reboot, [2349], [364932],1.0.1148 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\JETPACK\@GAMES, Delete-on-Reboot, [2349], [364932],1.0.1148 File: 5 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\PREFS.JS, Replaced, [2349], [361537],1.0.1148 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\PREFS.JS, Replaced, [2349], [361538],1.0.1148 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Games\simple-storage\store.json, Delete-on-Reboot, [2349], [364932],1.0.1148 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\SPIGOTSETTINGS\UNINSTALL.EXE, Delete-on-Reboot, [811], [300859],1.0.1148 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\EXTENSIONS\@GAMES.XPI, Delete-on-Reboot, [811], [364940],1.0.1148 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is Your Television Now? The Malwarebytes research team has determined that Your Television Now is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements. How do I know if my computer is affected by Your Television Now? You may see this entry in your list of installed software: and these warnings during install: this browser extension: these changed settings: and you will see this startpage in the affected browser(s): How did Your Television Now get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website. How do I remove Your Television Now? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Your Television Now? No, Malwarebytes removes Your Television Now completely. You should have a look at our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the Your Television Now hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and blocked access to their domain Technical details for experts Possible signs in FRST logs: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yourtelevisionnow.com/?source=tt&uid={uid1}&uc=20170123&ap=&i_id=tv__1.30 SearchScopes: HKCU -> DefaultScope {8A490DD9-D192-4A44-B961-D42E26BCCDF9} URL = hxxp://search.yourtelevisionnow.com/s?source=tt&uid={uid1}&uc=20170123&ap=&i_id=tv__1.30&query={searchTerms} SearchScopes: HKCU -> {8A490DD9-D192-4A44-B961-D42E26BCCDF9} URL = hxxp://search.yourtelevisionnow.com/s?source=tt&uid={uid1}&uc=20170123&ap=&i_id=tv__1.30&query={searchTerms} FF NewTab: hxxp://search.yourtelevisionnow.com?uid=35ee8831-69c2-4e4c-a3ff-eac66c3e6c09&uc=20170123&ap=&source=tt&page=newtab&implementation_id=tv_0.2.0 FF Homepage: hxxp://search.yourtelevisionnow.com?uid=35ee8831-69c2-4e4c-a3ff-eac66c3e6c09&uc=20170123&ap=&source=tt&page=homepage&implementation_id=tv_0.2.0 FF Extension: TV - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\@TV.xpi [2017-01-23] C:\Users\{username}\AppData\Roaming\YourTelevisionNow YourTelevisionNow (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 2.0.0.1 - Spigot, Inc.) <==== ATTENTION Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file @TV.xpi"="1/23/2017 8:58 AM, 24688 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@TV\simple-storage Adds the file store.json"="1/23/2017 8:58 AM, 317 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\YourTelevisionNow Adds the file YourTelevisionNowUn.exe"="1/23/2017 8:56 AM, 250696 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://search.yourtelevisionnow.com/?source=tt&uid={uid1}&uc=20170123&ap=&i_id=tv__1.30" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{8A490DD9-D192-4A44-B961-D42E26BCCDF9}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A490DD9-D192-4A44-B961-D42E26BCCDF9}] "DisplayName"="REG_SZ", "Search" "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" "URL"="REG_SZ", "http://search.yourtelevisionnow.com/s?source=tt&uid={uid1}&uc=20170123&ap=&i_id=tv__1.30&query={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}] "DisplayName"="REG_SZ", "YourTelevisionNow" "DisplayVersion"="REG_SZ", "2.0.0.1" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\YourTelevisionNow\" "Publisher"="REG_SZ", "Spigot, Inc." "UninstallHomepage"="REG_SZ", "http://search.yourtelevisionnow.com/?source=tt&uid={uid1}&uc=20170123&ap=&i_id=tv__1.30" "UninstallImpression"="REG_SZ", "http://imp.yourtelevisionnow.com/impression.do?source=tt&sub_id=20170123&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&traffic_source=&user_id={uid1}&implementation_id=tv__1.30&event={exEvent}" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\YourTelevisionNow\YourTelevisionNowUn.exe" /uninstall" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/23/17 Scan Time: 12:07 PM Logfile: mbamYourTVNow.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1080 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 356865 Time Elapsed: 7 min, 57 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [812], [300859],1.0.1080 PUP.Optional.YourTelevisionNow, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7B5E1387-A4C1-4F5E-A501-DEDFDCE5AA97}, Delete-on-Reboot, [17784], [252971],1.0.1080 Registry Value: 2 PUP.Optional.YourTelevisionNow, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7B5E1387-A4C1-4F5E-A501-DEDFDCE5AA97}|URL, Delete-on-Reboot, [17784], [252971],1.0.1080 PUP.Optional.YourTelevisionNow, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [17784], [293375],1.0.1080 Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@TV\simple-storage, Quarantined, [2351], [363617],1.0.1080 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT\JETPACK\@TV, Quarantined, [2351], [363617],1.0.1080 File: 7 PUP.Optional.YourTelevisionNow, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT\PREFS.JS, Removal Failed, [17784], [301736],1.0.1080 PUP.Optional.YourTelevisionNow, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT\PREFS.JS, Removal Failed, [17784], [303304],1.0.1080 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT\PREFS.JS, Removal Failed, [2351], [361537],1.0.1080 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\YOURTELEVISIONNOW\YOURTELEVISIONNOWUN.EXE, Delete-on-Reboot, [812], [300859],1.0.1080 PUP.Optional.Spigot, C:\USERS\{username}\DESKTOP\YOURTELEVISIONNOW.ZIP, Delete-on-Reboot, [812], [300859],1.0.1080 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@TV\simple-storage\store.json, Delete-on-Reboot, [2351], [363617],1.0.1080 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT\EXTENSIONS\@TV.XPI, Delete-on-Reboot, [2351], [363616],1.0.1080 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is My Shopping XP? The Malwarebytes research team has determined that My Shopping XP is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. How do I know if my computer is affected by My Shopping XP? You may see this entry in your list of installed software: and these warnings during install: this browser add-on: and you will see this entry in your startmenu: and this startpage in the affected browser(s): How did My Shopping XP get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site: How do I remove My Shopping XP? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of My Shopping XP? No, Malwarebytes removes My Shopping XP completely. You should read our Restore Browser page. You can read there how to fix (additional) browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the My Shopping XP hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for experts Possible signs in FRST logs: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myshoppingxp.com?uid={uid1}&uc=20170117&source=-bb8&ap=appfocus15&i_id=shopping__1.0.2.25 FF NewTab: hxxp://search.myshoppingxp.com?uid=8242a7d2-1952-4934-b479-95ad131084b7&uc=20170117&ap=appfocus15&source=tt&page=newtab&implementation_id=shopping_0.2.0 FF Homepage: hxxp://search.myshoppingxp.com?uid=8242a7d2-1952-4934-b479-95ad131084b7&uc=20170117&ap=appfocus15&source=tt&page=homepage&implementation_id=shopping_0.2.0 FF Extension: Shopping - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\@Shopping.xpi [2017-01-17] C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon.com My Shopping XP (HKCU\...\2f1dc0e87b487648) (Version: 1.0.2.25 - Amazon.com) Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/17/17 Scan Time: 12:44 PM Logfile: mbamMyShoppingXP2.txt Administrator: Yes -Software Information- Version: 3.0.5.1299 Components Version: 1.0.43 Update Package Version: 1.0.1035 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 355998 Time Elapsed: 9 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\2f1dc0e87b487648, Delete-on-Reboot, [2345], [360182],1.0.1035 Registry Value: 2 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [2345], [361539],1.0.1035 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\2f1dc0e87b487648|URLUPDATEINFO, Delete-on-Reboot, [2345], [360182],1.0.1035 Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Shopping\simple-storage, Quarantined, [2345], [361784],1.0.1035 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\JETPACK\@SHOPPING, Quarantined, [2345], [361784],1.0.1035 File: 4 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\PREFS.JS, Removal Failed, [2345], [361537],1.0.1035 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\PREFS.JS, Removal Failed, [2345], [361538],1.0.1035 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\jetpack\@Shopping\simple-storage\store.json, Delete-on-Reboot, [2345], [361784],1.0.1035 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NCH5MQSA.DEFAULT\EXTENSIONS\@SHOPPING.XPI, Delete-on-Reboot, [2345], [361785],1.0.1035 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. My PC has been infected by the PUP.Optional.Spigot browser hijack. It has been quarantined by Malwarehytes Anti-Malware Premium but the hijack is still continuing. Any help in combating it would be very appreciated. Also, does this malware have the ability to infect my work network and blast spam? We're suffering this issue at the office which happens to coincide with my infection. Thanks in advance. Windows 10 Pro 64 bit on a Surface Pro 3.