Jump to content

Search the Community

Showing results for tags 'spigot'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 11 results

  1. I created a Coupons folder on my Windows 7 desktop, and when I ran adwcleaner_7.2.4.0.exe it identified the folder as PUP.Optional.Spigot.Generic and quarantined it. Making a new Coupons folder there leads to the same behavior. Creating a Coupons folder on the desktop of a different Windows 7 computer and on a different Windows 10 computer desktop gave the same behavior. I would attach the empty Coupons folder, but that does not seem to be an accepted type. I suggest you test it by creating a Coupons folder and running adwcleaner. Creating a Coupons folder elsewhere did not give a false positive. This would seem to be a false-alarm problem with significant consequences if a user's desktop Coupons folder contains valuable coupons, discount codes, etc. only to have them deleted by quarantine.
  2. My mother recently informed me of invasive pop-ups on her computer, and having had previous experience with Conduit malware, my heart sank :( Sure enough, she somehow downloaded malware, showing up as "Microsoft Office 365 - en-us" from "Microsoft Corporation", "version 16.0.10730.20102". I've run Malwarebytes, HItmanpro, and have Revo uninstaller at the ready, but have not found a site that can tell me how to remove it all, and it's been years since I had Conduit, so my memory's a little fuzzy. The Malwarebytes report is attached below- Please HELP!! malware1.txt
  3. Trovi and Spigot returns every time I open Chrome. If I remove and restart and scan without opening Chrome, nothing is detected. If I then run Chrome and do a scan it will detect it. Please help. Log are attached. I appreciate it very much thank you! Addition.txt FRST.txt MBLog.txt
  4. Hi, I'm having the same issue as the user on this thread: I've tried rkill, hitmanpro, adwcleaner, etc. The only program that sees it is malwarebytes, but after I quarantine and remove, it pops up again just as described in this post. I already downloaded the Farbar recovery scan tool. Thanks for your help, Eric
  5. Hi, I have the problem with the PUP.Optional.Spigot, I saw a previous topic, this is the Zoek log. Thank you zoek-results.log
  6. I woke up this morning after leaving my PC running overnight and Malwarebytes suddenly told me I have some PUP on my comp[uter. I keep deleting it and run the scan but it keeps returning. I tried everything I found online and I even deleted Chrome and reinstall it. The whole thing is gone after deleting Chrome, but came back after installation. I attached the latest screenshot for reference.
  7. Good Afternoon, I have seen there are quite a few other people who are having this same issue, and so I want to make a post to try to resolve this same issue I am having. This PUP.Optional.Spigot keeps coming back, even after I let the scan go and I quarantine it. I followed the guidelines listed in this post: However, this did not help, as the PUP still came back after following the directions. I'm not the best at figuring out this kind of stuff, so some help would be greatly appreciated. I'll post the logs of the Malwarebytes Scan that I ran, as well as that FRST and Addition.txt I saw mentioned in the "I'm infected - What do I do?" thread. If there is anything else I need to upload, please inform me. On a side note, I ran the AdwCleaner, and the PUP.Optional.Spigot doesn't pop up, which I am somewhat confused by. Anyway, if anyone could help me out here, I would be greatly appreciate. Thank you. Addition.txt FRST.txt pupspigot.txt AdwCleaner[S0].txt
  8. So I recently ran MalwareBytes and it came up with this PUP. Optional.ASK Users\Name\AppData\Local\Google\Chrome\USER DATA\Default\Web Data PUP.Optional.Spigot Users\Name\AppData\Local\Google\Chrome\USER DATA\Default\Web Data When I quarantine the files and run another scan it detects the same ones again (immediately after it just quarantined them)and will quarantine even more files. This just goes on and on, yet I have no toolbar installed in chrome and see nothing about Spigot or any unwanted ads? I haven't installed any new programs so I'm not sure what it could be from if not a false positive? Any idea what it could be?
  9. My Windows 7 computer appears to be infected with a PUP called SweetPacks. I've tried removing it using Malwarebytes Pro, Windows Defender, and Hitman Pro. SweetPacks is not showing up as a program I can uninstall on the Control panel. What do I need to do to get rid of this infection permanently?
  10. What is TubeTab? The Malwarebytes research team has determined that TubeTab is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. TubeTab is a member of the Spigot family as described in the blogpost Spigot browser hijackers. How do I know if my computer is affected by TubeTab? You may see this Chrome extension: this icon in your Chrome toolbar: and these warnings when you open Chrome during or after the install: and this new startpage in the affected browser(s): How did TubeTab get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software. How do I remove TubeTab? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of TubeTab? If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the TubeTab entry. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the TubeTab hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains: Technical details for experts Possible signs in a FRST log: CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms} CHR DefaultSearchKeyword: Default -> ut CHR Extension: (TubeTab) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce [2017-08-14] CHR HKCU\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx The changes made by the installer: File system details [View: All details] (Selection) Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0 Adds the file background.js"="7/12/2017 2:29 PM, 16416 bytes, A Adds the file contentscript.js"="7/12/2017 2:29 PM, 1540 bytes, A Adds the file icon.png"="8/14/2017 9:10 AM, 6164 bytes, A Adds the file manifest.json"="8/14/2017 9:10 AM, 1794 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_locales\en Adds the file messages.json"="8/14/2017 9:10 AM, 269 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_metadata Adds the file computed_hashes.json"="8/14/2017 9:10 AM, 1223 bytes, A Adds the file verified_contents.json"="7/12/2017 2:29 PM, 2783 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\css Adds the file description.css"="7/12/2017 2:29 PM, 1008 bytes, A Adds the file popup.css"="7/12/2017 2:29 PM, 95 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\html\popup Adds the file description.html"="7/12/2017 2:29 PM, 259 bytes, A Adds the file popup.html"="7/12/2017 2:29 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js Adds the file userNewTab.js"="7/12/2017 2:29 PM, 2587 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js\popup Adds the file popup.js"="7/12/2017 2:29 PM, 805 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\newtab Adds the file newtab.html"="7/12/2017 2:29 PM, 190 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\jlhpijolpcimadhjingadnbcjncmjdce Adds the file 000003.log"="8/14/2017 9:10 AM, 268 bytes, A Adds the file CURRENT"="8/14/2017 9:10 AM, 16 bytes, A Adds the file LOCK"="8/14/2017 9:10 AM, 0 bytes, A Adds the file LOG"="8/14/2017 9:10 AM, 184 bytes, A Adds the file MANIFEST-000001"="8/14/2017 9:10 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\jlhpijolpcimadhjingadnbcjncmjdce] "update_url"="REG_SZ", "https://clients2.google.com/service/update2/crx" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/14/17 Scan Time: 9:24 AM Log File: mbamTubeTab.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2581 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 321366 Threats Detected: 25 Threats Quarantined: 25 Time Elapsed: 1 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_locales\en, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\html\popup, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_metadata, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js\popup, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_locales, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\newtab, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\html, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\css, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JLHPIJOLPCIMADHJINGADNBCJNCMJDCE, Quarantined, [1902], [362981],1.0.2581 File: 14 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JLHPIJOLPCIMADHJINGADNBCJNCMJDCE\2.4_0\BACKGROUND.JS, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\css\description.css, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\css\popup.css, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\html\popup\description.html, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\html\popup\popup.html, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js\popup\popup.js, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js\userNewTab.js, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\newtab\newtab.html, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_locales\en\messages.json, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_metadata\computed_hashes.json, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_metadata\verified_contents.json, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\contentscript.js, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\icon.png, Quarantined, [1902], [362981],1.0.2581 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\manifest.json, Quarantined, [1902], [362981],1.0.2581 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  11. What is GetSports? The Malwarebytes research team has determined that GetSports is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. GetSports is a member of the Spigot family as described in the blogpost Spigot browser hijackers. How do I know if my computer is affected by GetSports? You may see these browser extensions/add-ons: and search settings like these: You may see this entry in your list of installed software: these warnings during install: and this new startpage in the affected browser(s): How did GetSports get on my computer? Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site. How do I remove GetSports? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GetSports? If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the GetSports entry. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this hijacker. As you can see below the full version of Malwarebytes would have protected you against the GetSports hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to their domains: Technical details for experts Possible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.getsports.co/?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30 SearchScopes: HKCU -> DefaultScope {8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1} URL = hxxp://search.getsports.co/s?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30&query={searchTerms} SearchScopes: HKCU -> {8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1} URL = hxxp://search.getsports.co/s?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30&query={searchTerms} FF NewTab: hxxp://search.getsports.co?uid={uid2}&uc={date}&ap=appfocus1&source=-v2-bb8&page=newtab&implementation_id=sports_0.2.0 FF Homepage: hxxp://search.getsports.co?uid={uid2}&uc={date}&ap=appfocus1&source=-v2-bb8&page=homepage&implementation_id=sports_0.2.0 FF Extension: Sports - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\Extensions\@Sports.xpi [2017-05-05] CHR Extension: (Get Sports) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco [2017-05-05] C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} Get Sports (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 2.6.0.2 - Cloud Installer) The most significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0 Adds the file background.js"="12/6/2016 1:27 PM, 15293 bytes, A Adds the file contentscript.js"="12/6/2016 1:27 PM, 1238 bytes, A Adds the file icon.png"="5/5/2017 3:10 PM, 9393 bytes, A Adds the file manifest.json"="5/5/2017 3:10 PM, 1394 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_locales\en Adds the file messages.json"="5/5/2017 3:10 PM, 252 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_metadata Adds the file computed_hashes.json"="5/5/2017 3:10 PM, 1176 bytes, A Adds the file verified_contents.json"="12/6/2016 1:27 PM, 2783 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\css Adds the file description.css"="12/6/2016 1:27 PM, 1008 bytes, A Adds the file popup.css"="12/6/2016 1:27 PM, 95 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html\popup Adds the file description.html"="12/6/2016 1:27 PM, 242 bytes, A Adds the file popup.html"="12/6/2016 1:27 PM, 214 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js Adds the file userNewTab.js"="12/6/2016 1:27 PM, 2494 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js\popup Adds the file popup.js"="12/6/2016 1:27 PM, 793 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\newtab Adds the file newtab.html"="12/6/2016 1:27 PM, 190 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlfmljafhfcncnaekjmgnchfapibfmco Adds the file 000003.log"="5/5/2017 3:10 PM, 262 bytes, A Adds the file CURRENT"="5/5/2017 3:10 PM, 16 bytes, A Adds the file LOCK"="5/5/2017 3:10 PM, 0 bytes, A Adds the file LOG"="5/5/2017 3:10 PM, 184 bytes, A Adds the file MANIFEST-000001"="5/5/2017 3:10 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8} Adds the file Uninstall.exe"="5/5/2017 3:06 PM, 263168 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\extensions Adds the file @Sports.xpi"="5/5/2017 3:08 PM, 43962 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\jetpack\@Sports\simple-storage Adds the file store.json"="5/5/2017 3:09 PM, 327 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://search.getsports.co/?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope" = REG_SZ, "{8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1}] "DisplayName"="REG_SZ", "Search" "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" "URL"="REG_SZ", "http://search.getsports.co/s?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30&query={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28e56cfb-e30e-4f66-85d8-339885b726b8}] "DisplayName"="REG_SZ", "Get Sports" "DisplayVersion"="REG_SZ", "2.6.0.2" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\" "Publisher"="REG_SZ", "Cloud Installer" "UninstallHomepage"="REG_SZ", "http://search.getsports.co/?source=-v2-bb8&uid={uid1}&uc={date}&ap=appfocus1&i_id=sports__1.30" "UninstallImpression"="REG_SZ", "http://imp.getsports.co/impression.do?source=-v2-bb8&sub_id={date}&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&traffic_source=appfocus1&user_id={uid1}&implementation_id=sports__1.30&event={exEvent}" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall" Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/5/17 Scan Time: 3:19 PM Logfile: mbamGetSports.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1874 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 329664 Time Elapsed: 2 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [625], [373878],1.0.1874 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1}, Delete-on-Reboot, [1974], [368913],1.0.1874 Registry Value: 1 PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8C42E1F9-15DF-4A77-8FD4-5109B63A6CD1}|URL, Delete-on-Reboot, [1974], [368913],1.0.1874 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 14 PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [625], [373878],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\jetpack\@Sports\simple-storage, Delete-on-Reboot, [1974], [362990],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\JETPACK\@SPORTS, Delete-on-Reboot, [1974], [362990],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_locales\en, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html\popup, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_metadata, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js\popup, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_locales, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\newtab, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\css, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLFMLJAFHFCNCNAEKJMGNCHFAPIBFMCO, Delete-on-Reboot, [1974], [362981],1.0.1874 File: 20 PUP.Optional.Spigot, C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe, Delete-on-Reboot, [625], [373878],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default-1491393116824\jetpack\@Sports\simple-storage\store.json, Delete-on-Reboot, [1974], [362990],1.0.1874 PUP.Optional.Spigot, C:\USERS\{username}\DESKTOP\GETSPORTS.EXE, Delete-on-Reboot, [625], [372110],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [1974], [361537],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\PREFS.JS, Replaced, [1974], [361538],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.DEFAULT-1491393116824\EXTENSIONS\@SPORTS.XPI, Delete-on-Reboot, [1974], [362994],1.0.1874 PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NLFMLJAFHFCNCNAEKJMGNCHFAPIBFMCO\4.0_0\BACKGROUND.JS, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\css\description.css, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\css\popup.css, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html\popup\description.html, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\html\popup\popup.html, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js\popup\popup.js, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\js\userNewTab.js, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\newtab\newtab.html, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_locales\en\messages.json, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_metadata\computed_hashes.json, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\_metadata\verified_contents.json, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\contentscript.js, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\icon.png, Delete-on-Reboot, [1974], [362981],1.0.1874 PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfmljafhfcncnaekjmgnchfapibfmco\4.0_0\manifest.json, Delete-on-Reboot, [1974], [362981],1.0.1874 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.