Jump to content

Removal instructions for HypeNet


Recommended Posts

  • Staff

What is HypeNet?

The Malwarebytes research team has determined that HypeNet is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is effected by HypeNet?

You may see these toolbars/add-ons:

warning1.png

warning2.png

or this warning:

main.png

How did HypeNet get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove HypeNet?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Firefox extension.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of HypeNet?
  • The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" (if necessary) and "Restart" to complete the removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the HypeNet hijacker. It would have warned you before the browser helper object could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: HypeNet - {9cf7f2d8-05d0-477d-bd80-49233e2ad7d9} - C:\Program Files\HypeNet\HypeNetbho.dllO23 - Service: Update HypeNet - Unknown owner - C:\Program Files\HypeNet\updateHypeNet.exe
Alterations made by the installer:

File system details [View: All details] (All)---------------------------------------------    Adds the folder C:\Program Files\HypeNet       Adds the file 7za.exe"="2/21/2014 2:43 AM, 536064 bytes, A       Adds the file HypeNet.FirstRun.exe"="2/21/2014 5:49 AM, 1727256 bytes, A       Adds the file HypeNet.ico"="2/21/2014 5:48 AM, 1150 bytes, A       Adds the file HypeNetBHO.dll"="2/21/2014 5:48 AM, 249624 bytes, A       Adds the file HypeNetUninstall.exe"="3/1/2014 10:05 AM, 241099 bytes, A       Adds the file updateHypeNet.exe"="2/21/2014 5:48 AM, 111384 bytes, A    Adds the folder C:\Users\Malwarebytes\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions       Adds the file {b1ce3ece-1927-4e6e-b064-2f9628964a7a}.xpi"="2/21/2014 5:48 AM, 9114 bytes, ARegistry details [View: All details] (All)------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]       "(Default)"="REG_SZ, "81C65CE7-11E7-49AF-A827-82A10A57C176"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}]       "(Default)"="REG_SZ, "ED5DCF52-CA4E-4D9D-B781-B6E8F75AD942"       "id"="REG_SZ, "138"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cf7f2d8-05d0-477d-bd80-49233e2ad7d9}]       "(Default)"="REG_SZ, "HypeNet"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cf7f2d8-05d0-477d-bd80-49233e2ad7d9}\InprocServer32]       "(Default)"="REG_SZ, "C:\Program Files\HypeNet\HypeNetbho.dll"       "ThreadingModel"="REG_SZ, "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cf7f2d8-05d0-477d-bd80-49233e2ad7d9}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cf7f2d8-05d0-477d-bd80-49233e2ad7d9}\TypeLib]       "(Default)"="REG_SZ, "{43eb825f-9f2d-4504-8c52-049ad32cb80e}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cf7f2d8-05d0-477d-bd80-49233e2ad7d9}\Version]       "(Default)"="REG_SZ, "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7C9D1E6-993A-436A-9DA5-7CF54E8F3215}]       "(Default)"="REG_SZ, "IHypeNetBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7C9D1E6-993A-436A-9DA5-7CF54E8F3215}\ProxyStubClsid]       "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7C9D1E6-993A-436A-9DA5-7CF54E8F3215}\ProxyStubClsid32]       "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7C9D1E6-993A-436A-9DA5-7CF54E8F3215}\TypeLib]       "(Default)"="REG_SZ, "{43EB825F-9F2D-4504-8C52-049AD32CB80E}"       "Version"="REG_SZ, "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{43EB825F-9F2D-4504-8C52-049AD32CB80E}\1.0]       "(Default)"="REG_SZ, "HypeNetIEClientLib"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{43EB825F-9F2D-4504-8C52-049AD32CB80E}\1.0\0\win32]       "(Default)"="REG_SZ, "C:\Program Files\HypeNet\HypeNetbho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{43EB825F-9F2D-4504-8C52-049AD32CB80E}\1.0\FLAGS]       "(Default)"="REG_SZ, "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{43EB825F-9F2D-4504-8C52-049AD32CB80E}\1.0\HELPDIR]       "(Default)"="REG_SZ, "C:\Program Files\HypeNet"    [HKEY_LOCAL_MACHINE\SOFTWARE\HypeNet\Chrome]       "sgc"="REG_SZ, "true"    [HKEY_LOCAL_MACHINE\SOFTWARE\HypeNet\Firefox]       "sff"="REG_SZ, "false"    [HKEY_LOCAL_MACHINE\SOFTWARE\HypeNet\Internet Explorer]       "sie"="REG_SZ, "false"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HypeNet_RASAPI32]       "ConsoleTracingMask"="REG_DWORD, -65536"       "EnableConsoleTracing"="REG_DWORD, 0"       "EnableFileTracing"="REG_DWORD, 0"       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD, -65536"       "MaxFileSize"="REG_DWORD, 1048576"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\HypeNet_RASMANCS]       "ConsoleTracingMask"="REG_DWORD, -65536"       "EnableConsoleTracing"="REG_DWORD, 0"       "EnableFileTracing"="REG_DWORD, 0"       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD, -65536"       "MaxFileSize"="REG_DWORD, 1048576"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateHypeNet_RASAPI32]       "ConsoleTracingMask"="REG_DWORD, -65536"       "EnableConsoleTracing"="REG_DWORD, 0"       "EnableFileTracing"="REG_DWORD, 0"       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD, -65536"       "MaxFileSize"="REG_DWORD, 1048576"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateHypeNet_RASMANCS]       "ConsoleTracingMask"="REG_DWORD, -65536"       "EnableConsoleTracing"="REG_DWORD, 0"       "EnableFileTracing"="REG_DWORD, 0"       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD, -65536"       "MaxFileSize"="REG_DWORD, 1048576"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9cf7f2d8-05d0-477d-bd80-49233e2ad7d9}]       "(Default)"="REG_SZ, "HypeNet"       "NoExplorer"="REG_DWORD, 1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HypeNet]       "DisplayIcon"="REG_SZ, "C:\Program Files\HypeNet\HypeNet.ico"       "DisplayName"="REG_SZ, "HypeNet"       "DisplayVersion"="REG_SZ, "2014.02.21.044812"       "EstimatedSize"="REG_DWORD, 2799"       "HelpLink"="REG_SZ, "mailto:support@hypenet.info"       "InstallLocation"="REG_SZ, "C:\Program Files\HypeNet"       "InstallTime"="REG_SZ, "2014-03-01 10:05:16"       "NoModify"="REG_DWORD, 1"       "NoRepair"="REG_DWORD, 1"       "Publisher"="REG_SZ, "HypeNet"       "QuietUninstallString"="REG_SZ, "C:\Program Files\HypeNet\HypeNetuninstall.exe /S"       "UninstallString"="REG_SZ, "C:\Program Files\HypeNet\HypeNetuninstall.exe"       "URLInfoAbout"="REG_SZ, "http://hypenet.info/support"       "URLUpdateInfo"="REG_SZ, "http://hypenet.info"    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Update HypeNet]       "EventMessageFile"="REG_EXPAND_SZ, "C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Update HypeNet]       "DisplayName"="REG_SZ, "Update HypeNet"       "ErrorControl"="REG_DWORD, 1"       "FailureActions"="REG_BINARY, ......................       "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files\HypeNet\updateHypeNet.exe""       "ObjectName"="REG_SZ, "LocalSystem"       "Start"="REG_DWORD, 2"       "Type"="REG_DWORD, 16"    [HKEY_CURRENT_USER\Software\HypeNet]       "id"="REG_SZ, "2014-03-01 10:05:16"       "iid"="REG_SZ, "def_HypeNet"       "is"="REG_SZ, "def_HypeNet"    [HKEY_CURRENT_USER\Software\HypeNet\Firefox]       "ug"="REG_SZ, "26E69CD9-886B-4B66-B6D1-936D850FFB79"    [HKEY_CURRENT_USER\Software\HypeNet\Internet Explorer]       "ug"="REG_SZ, "C02FB843-FD74-41A2-BA39-B9FB86BD18B3"    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]       "{9CF7F2D8-05D0-477D-BD80-49233E2AD7D9}"="REG_BINARY, ............"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/1/2014Scan Time: 10:11:23 AMLogfile: mbamHypeNet.txtAdministrator: YesVersion: 2.00.0.0504Malware Database: v2014.03.01.02Rootkit Database: v2014.02.20.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 198067Time Elapsed: 3 min, 15 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 2PUP.Optional.Sambreel.A, C:\Program Files\HypeNet\HypeNet.FirstRun.exe, 5896, Delete-on-Reboot, [9086ab534f2bc96d310500965fa2ee12]PUP.Optional.HypeNet.A, C:\Program Files\HypeNet\updateHypeNet.exe, 2872, Delete-on-Reboot, [5eb8b44a0e6cde58b5bd574ac73a9e62]Modules: 1PUP.Optional.HypeNet.A, C:\Program Files\HypeNet\HypeNetBHO.dll, Delete-on-Reboot, [cb4ba45a691169cdbdb04061af52c33d], Registry Keys: 13PUP.Optional.HypeNet.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update HypeNet, Quarantined, [5eb8b44a0e6cde58b5bd574ac73a9e62], PUP.Optional.HypeNet.A, HKLM\SOFTWARE\CLASSES\CLSID\{9cf7f2d8-05d0-477d-bd80-49233e2ad7d9}, Quarantined, [cb4ba45a691169cdbdb04061af52c33d], PUP.Optional.HypeNet.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{43eb825f-9f2d-4504-8c52-049ad32cb80e}, Quarantined, [cb4ba45a691169cdbdb04061af52c33d], PUP.Optional.HypeNet.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B7C9D1E6-993A-436A-9DA5-7CF54E8F3215}, Quarantined, [cb4ba45a691169cdbdb04061af52c33d], PUP.Optional.HypeNet.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9CF7F2D8-05D0-477D-BD80-49233E2AD7D9}, Quarantined, [cb4ba45a691169cdbdb04061af52c33d], PUP.Optional.HypeNet.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9CF7F2D8-05D0-477D-BD80-49233E2AD7D9}, Quarantined, [cb4ba45a691169cdbdb04061af52c33d], PUP.Optional.HypeNet.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9CF7F2D8-05D0-477D-BD80-49233E2AD7D9}, Quarantined, [cb4ba45a691169cdbdb04061af52c33d], PUP.Optional.HypeNet.A, HKLM\SOFTWARE\CLASSES\CLSID\{9CF7F2D8-05D0-477D-BD80-49233E2AD7D9}\INPROCSERVER32, Quarantined, [cb4ba45a691169cdbdb04061af52c33d], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [1afc936b2357f83ee2b379f8e91933cd], PUP.Optional.HypeNet.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HypeNet, Quarantined, [29edf7076a103204eae29debc9396a96], PUP.Optional.HypeNet.A, HKLM\SOFTWARE\HypeNet, Quarantined, [4fc70fef1763fb3b38961a6ed92926da], PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [2cea639b7cfef244e811f498a26054ac], PUP.Optional.HypeNet.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HypeNet, Quarantined, [59bda6587dfda39313ba2860d42e4eb2], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 4PUP.Optional.HypeNet.A, C:\Program Files\HypeNet, Delete-on-Reboot, [29edf7076a103204eae29debc9396a96], PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [7c9a42bcaecc2511fc197e0fdd255da3], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], Files: 17PUP.Optional.Sambreel.A, C:\Program Files\HypeNet\HypeNet.FirstRun.exe, Delete-on-Reboot, [9086ab534f2bc96d310500965fa2ee12], PUP.Optional.HypeNet.A, C:\Program Files\HypeNet\updateHypeNet.exe, Delete-on-Reboot, [5eb8b44a0e6cde58b5bd574ac73a9e62], PUP.Optional.HypeNet.A, C:\Program Files\HypeNet\HypeNetBHO.dll, Delete-on-Reboot, [cb4ba45a691169cdbdb04061af52c33d], PUP.Optional.HypeNet.A, C:\Users\Malwarebytes\Desktop\338d9bebaaf75e3f4cbdd806906a671d96502b6e5c316b9c807319b04f196fd0.5b8e425a010a8f7ce73f84f250315d8d.exe, Quarantined, [19fdeb13a7d3082e81ec49581ee3f709], PUP.Optional.HypeNet.A, C:\Program Files\HypeNet\HypeNet.ico, Quarantined, [29edf7076a103204eae29debc9396a96], PUP.Optional.HypeNet.A, C:\Program Files\HypeNet\7za.exe, Quarantined, [29edf7076a103204eae29debc9396a96], PUP.Optional.HypeNet.A, C:\Program Files\HypeNet\HypeNetUninstall.exe, Quarantined, [29edf7076a103204eae29debc9396a96], PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [7c9a42bcaecc2511fc197e0fdd255da3], PUP.Optional.NewTab.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [b26417e7661449ede2ad2667de24cf31], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], PUP.Optional.Lightning.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [d73f13eb6416ef474e887c0a946e7b85], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.