Jump to content
Sign in to follow this  
Metallica

Removal instructions for Punctis Plugin

Recommended Posts

What is Punctis Plugin?

The Malwarebytes research team has determined that Punctis Plugin is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice.

How do I know if my computer is effected by Punctis Plugin?

You may see this warning during install:

warning1.png

Together with this icon in your taskbar:

icons.png

In Internet Explorer you will see these changes in the add-ons and the toolbar:

warning2.png

warning3.png

How did Punctis Plugin get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Punctis Plugin?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Punctis Plugin?
  • No, but to remove the Chrome extension you will need Malwarebytes Anti-Malware 2.00 beta or newer.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Punctis Plugin rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: CrossriderApp0047482 - {11111111-1111-1111-1111-110411741182} - C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll
Alterations made by the installer:

File system details---------------------------------------------	Adds the folder C:\Program Files\Punctis Plugin	   Adds the file background.html"="12/20/2013 1:52 PM, 729 bytes, A	   Adds the file Installer.log"="2/8/2014 8:40 PM, 162616 bytes, A	   Adds the file Punctis Plugin.ico"="12/20/2013 1:52 PM, 9662 bytes, A	   Adds the file Punctis Plugin-bg.exe"="2/8/2014 8:40 PM, 773120 bytes, A	   Adds the file Punctis Plugin-bho.dll"="2/8/2014 8:40 PM, 640512 bytes, A	   Adds the file Punctis Plugin-buttonutil.dll"="2/8/2014 8:40 PM, 428544 bytes, A	   Adds the file Punctis Plugin-buttonutil.exe"="2/8/2014 8:40 PM, 331264 bytes, A	   Adds the file Punctis Plugin-codedownloader.exe"="2/8/2014 8:40 PM, 523776 bytes, A	   Adds the file Punctis Plugin-enabler.exe"="2/8/2014 8:40 PM, 344064 bytes, A	   Adds the file Punctis Plugin-helper.exe"="2/8/2014 8:40 PM, 331776 bytes, A	   Adds the file Uninstall.exe"="2/8/2014 8:40 PM, 402424 bytes, ARegistry details [View: All details] (All)------------------------------------------	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}]	   "(Default)"="REG_SZ, "Punctis Plugin"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\Implemented Categories]	   "(Default)"="REG_SZ, ""	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]	   "(Default)"="REG_SZ, ""	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\InprocServer32]	   "(Default)"="REG_SZ, "C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll"	   "ThreadingModel"="REG_SZ, "Apartment"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\ProgID]	   "(Default)"="REG_SZ, "CrossriderApp0047482.BHO.1"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\Programmable]	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\TypeLib]	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444744482}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\VersionIndependentProgID]	   "(Default)"="REG_SZ, "CrossriderApp0047482"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}]	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\InprocServer32]	   "(Default)"="REG_SZ, "C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll"	   "ThreadingModel"="REG_SZ, "Apartment"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\ProgID]	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox.1"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\Programmable]	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\TypeLib]	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444744482}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\VersionIndependentProgID]	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO]	   "(Default)"="REG_SZ, "CrossriderApp0047482"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO\CLSID]	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110411741182}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO\CurVer]	   "(Default)"="REG_SZ, "CrossriderApp0047482"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO.1]	   "(Default)"="REG_SZ, "CrossriderApp0047482"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO.1\CLSID]	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110411741182}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox]	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox\CLSID]	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220422742282}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox\CurVer]	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox.1]	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox.1\CLSID]	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220422742282}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455745582}]	   "(Default)"="REG_SZ, "ICrossriderBHO"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455745582}\ProxyStubClsid]	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455745582}\ProxyStubClsid32]	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455745582}\TypeLib]	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444744482}"	   "Version"="REG_SZ, "1.0"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466746682}]	   "(Default)"="REG_SZ, "ISandBox"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466746682}\ProxyStubClsid]	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466746682}\ProxyStubClsid32]	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466746682}\TypeLib]	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444744482}"	   "Version"="REG_SZ, "1.0"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444744482}\1.0]	   "(Default)"="REG_SZ, "CrossriderApp0047482 Type Library"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444744482}\1.0\0\win32]	   "(Default)"="REG_SZ, "C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444744482}\1.0\FLAGS]	   "(Default)"="REG_SZ, "0"	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444744482}\1.0\HELPDIR]	   "(Default)"="REG_SZ, "C:\Program Files\Punctis Plugin"	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]	   "Punctis Plugin-bg.exe"="REG_DWORD, 8000"	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411741182}]	   "(Default)"="REG_SZ, "CrossriderApp0047482"	   "NoExplorer"="REG_DWORD, 1"	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Punctis Plugin]	   "CrAppId"="REG_SZ, "47482"	   "CrPublisherId"="REG_SZ, "25470"	   "DisplayIcon"="REG_SZ, "C:\Program Files\Punctis Plugin\Uninstall.exe"	   "DisplayName"="REG_SZ, "Punctis Plugin"	   "DisplayVersion"="REG_SZ, "1.32.153.0"	   "Publisher"="REG_SZ, "Guido Arata"	   "UninstallString"="REG_SZ, "C:\Program Files\Punctis Plugin\Uninstall.exe /fromcontrolpanel=1"	[HKEY_LOCAL_MACHINE\SOFTWARE\Punctis Plugin\IE]	   "TotalProfiles"="REG_DWORD, 1"	[HKEY_LOCAL_MACHINE\SOFTWARE\Punctis Plugin\IE\Profiles]	   "{userID}"="REG_DWORD, 1"	[HKEY_LOCAL_MACHINE\SOFTWARE\Punctis Plugin\Installer]	   "BundledIe"="REG_DWORD, 1"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]	   "Bic"="REG_SZ, "70D45A0607354EF7883B264E9B9C0974IE"	   "Verifier"="REG_SZ, "b71217994f21c545dd787539e8f9e0e6"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin]	   "ActiveAppId"="REG_SZ, "47482"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Code]	   "AppJavaScript"="REG_SZ, "*Knowing issues: "	   "NewTabJavaScript"="REG_SZ, ""	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Debug]	   "IsDebuggingPlugins"="REG_DWORD, 0"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Installer]	   "CodeDownloadDomain"="REG_SZ, "http://app-static.crossrider.com"	   "ErrorsDomain"="REG_SZ, "http://errors.statsmyapp.com"	   "FullVersion"="REG_SZ, "1.32.153.0"	   "FullVersionForUrl"="REG_SZ, "1_32_153"	   "Params"="REG_SZ, "{   "source_id" : "0",   "sub_id" : "0",   "uzid" : "0"}"	   "SrcId"="REG_SZ, "0"	   "StatsDomain"="REG_SZ, "http://stats.statsmyapp.com"	   "SubId"="REG_SZ, "0"	   "Time"="REG_SZ, "1391888394"	   "ZData"="REG_SZ, "0"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Log]	   "punctis plugin-bho"="REG_DWORD, 0"	   "punctis plugin-helper"="REG_DWORD, 0"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Manifest]	   "AddressbarURL"="REG_SZ, "NA"	   "BgVersion"="REG_SZ, "6"	   "ChangePrevious"="REG_SZ, "false"	   "Description"="REG_SZ, "Give a real value to your everyday life on the Web: earn great voucher discounts while surfing the web"	   "DisableIe"="REG_SZ, "true"	   "EnableSearchIE"="REG_SZ, "false"	   "HomePageUrl"="REG_SZ, "NA"	   "IsButtonEnabled"="REG_SZ, "true"	   "Manifest"="REG_SZ, "NA"	   "ModeType"="REG_SZ, "production"	   "Name"="REG_SZ, "Punctis Plugin"	   "PluginsManifestVersion"="REG_SZ, "3"	   "PublisherId"="REG_SZ, "25470"	   "PublisherName"="REG_SZ, "Guido Arata"	   "RunInFrame"="REG_SZ, "false"	   "SetNewTab"="REG_SZ, "false"	   "ThanksUrl"="REG_SZ, "NA"	   "UninstallerOfferAction"="REG_SZ, "NA"	   "UninstallerOfferUrl"="REG_SZ, "NA"	   "UpdateInterval"="REG_DWORD, 360	   "Version"="REG_SZ, "20"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins]	   "AppPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,207,72,177,28"	   "BgPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,64,183,207,47,182,72"	   "BrowserEventPluginList"="REG_SZ, "14,42,41,44,39,38,43,37,64,72"	   "NewTabPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"	   "OnRequestPluginList"="REG_SZ, "14,42,41,39,38,43,45,64,72"	   "PopupPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,13,64,207,47,182,72,94"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\1]	   "JavaScript"="REG_SZ, "*code in javascript   "		   "Name"="REG_SZ, "base"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/base.js"	   "Version"="REG_DWORD, 10	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\13]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "CrossriderAppUtils"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"	   "Version"="REG_DWORD, 7"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\14]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "CrossriderUtils"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"	   "Version"="REG_DWORD, 11"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\17]	   "Name"="REG_SZ, "jQuery"	   "Version"="REG_DWORD, 4"	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\177]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "crossriderDashboard"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/crossriderDashboard.js"	   "Version"="REG_DWORD, 2	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\182]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "openUrl"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/openUrl.js"	   "Version"="REG_DWORD, 3	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\183]	   "JavaScript"="REG_SZ, ""*code in javascript   "	   "Name"="REG_SZ, "tabsWrapper"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/tabsWrapper.js"	   "Version"="REG_DWORD, 3	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\2]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "ie8_fix_1"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"	   "Version"="REG_DWORD, 2	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\207]	   "JavaScript"="REG_SZ, ""*code in javascript   "	   "Name"="REG_SZ, "dbWrapper"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/dbWrapper.js"	   "Version"="REG_DWORD, 2	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\21]	   "JavaScript"="REG_SZ, ""*code in javascript   "	   "Name"="REG_SZ, "debug"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/debug.js"	   "Version"="REG_DWORD, 5	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\22]	   "JavaScript"="REG_SZ, ""*code in javascript   "	   "Name"="REG_SZ, "resources"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/resources.js"	   "Version"="REG_DWORD, 5	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\28]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "initializer"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/initializer.js"	   "Version"="REG_DWORD, 4	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\3]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "ie8_fix_2"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"	   "Version"="REG_DWORD, 2	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\3]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "IEAjax"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"	   "Version"="REG_DWORD, 4	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\36]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "IEBackground"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"	   "Version"="REG_DWORD, 7	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\37]	   "JavaScript"="*code in javascript   "	   "Name"="REG_SZ, "IEBrowserEvents"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"	   "Version"="REG_DWORD, 6	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\38]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "IECallbacks"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"	   "Version"="REG_DWORD, 4	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\39]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "IEDatabase"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"	   "Version"="REG_DWORD, 5	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\4]	   "Name"="REG_SZ, "jquery_1_7_1"	   "Version"="REG_DWORD, 4	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\40]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "IEExtension"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"	   "Version"="REG_DWORD, 4	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\41]	   "JavaScript"="*code in javascript   "	   "Name"="REG_SZ, "IEInfo"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"	   "Version"="REG_DWORD, 7	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\42]	   "JavaScript"="*code in javascript   "	   "Name"="REG_SZ, "IEInternal"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"	   "Version"="REG_DWORD, 9	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\43]	   "JavaScript"="*code in javascript   "	   "Name"="REG_SZ, "IEMessaging"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"	   "Version"="REG_DWORD, 5	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\44]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "IEMisc"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"	   "Version"="REG_DWORD, 6	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\45]	   "JavaScript"="*code in javascript   "	   "Name"="REG_SZ, "IEOnRequest"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"	   "Version"="REG_DWORD, 4	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\46]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "IETimers"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IETimers.js"	   "Version"="REG_DWORD, 5	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\47]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "resources_background"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/resources_background.js"	   "Version"="REG_DWORD, 3	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\64]	   "JavaScript"="*code in javascript   "	   "Name"="REG_SZ, "appApiMessage"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/appApiMessage.js"	   "Version"="REG_DWORD, 3	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\72]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "appApiValidation"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/appApiValidation.js"	   "Version"="REG_DWORD, 4	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\78]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "CrossriderInfo"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"	   "Version"="REG_DWORD, 5	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\94]	   "JavaScript"="REG_SZ, "*code in javascript   "	   "Name"="REG_SZ, "IEPopup"	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"	   "Version"="REG_DWORD, 2	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Update]	   "LastCheck"="REG_DWORD, 1391888433"	[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Punctis Plugin]	[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Guido Arata]	   "47482"="REG_SZ, "Punctis Plugin"	[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]	   "{11111111-1111-1111-1111-110411741182}"="REG_BINARY, ............	[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411741182}\iexplore]	   "Blocked"="REG_DWORD, 1	   "Count"="REG_DWORD, 1	   "Flags"="REG_DWORD, 0	   "Time"="REG_BINARY, .....*..	   "Type"="REG_DWORD, 3	[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]	   "C:\Users\{username}\Desktop\punctisplugin.exe"="REG_DWORD, 1
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/8/2014Scan Time: 8:50:50 PMFilename: mbampunctislog.txtOS: Windows 7 Service Pack 1CPU: x86User: MalwarebytesFile System: NTFSVersion: 2.00.0.0502Database: v2014.02.08.07Administrator: trueLicense: TrialProtection: trueScan Type: Threat ScanResult: CompletedObjects Scanned: 189278Time Elapsed: 2 min, 33 secMemory: yesStartup: yesFileSystem: yesHeuristicsShuriken: yesPUP: yesPUM: yesProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 18Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 4Files: 22key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411741182},key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444744482},key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455745582},key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466746682},key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CrossriderApp0047482.BHO.1,key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411741182},key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CrossriderApp0047482.BHO,key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411741182},key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411741182},key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220422742282},key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CrossriderApp0047482.Sandbox.1,key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CrossriderApp0047482.Sandbox,key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411741182}\INPROCSERVER32,key, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Punctis Plugin,key, PUP.Optional.CrossRider.A, success, [3a8df3e6651596a0b79bfba7946f8080], HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider,key, PUP.Optional.PunctisPlugin.A, success, [ecdba732e397063060d5d0a3d1316c94], HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Guido Arata,key, PUP.Optional.PunctisPlugin.A, success, [53745a7fc4b681b50532f87b36cc6997], HKLM\SOFTWARE\Punctis Plugin,key, PUP.Optional.Ligtning.A, success, [349349900d6d2e08ba8abeb5c33f4cb4], HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml,folder, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin,folder, PUP.Optional.eSafe.A, success, [8740ca0fcfab261089d701729e64a957], C:\ProgramData\eSafe\log,folder, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml,folder, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0,file, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll,file, PUP.Optional.PunctisPlugin.A, success, [c20571686f0b6cca8d74d08806faa55b], C:\Users\{username}\Desktop\punctisplugin.exe,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\background.html,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Installer.log,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-bg.exe,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-buttonutil.dll,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-buttonutil.exe,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-codedownloader.exe,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-enabler.exe,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-helper.exe,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin.ico,file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Uninstall.exe,file, PUP.Optional.eSafe.A, success, [8740ca0fcfab261089d701729e64a957], C:\ProgramData\eSafe\log\eGdpSvc.LOG,file, PUP.Optional.NewTab.A, success, [ebdcc21718625ed8647960138e741fe1], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx,file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html,file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js,file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json,file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png,file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js,file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json,file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js,file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js,(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.