Jump to content
Sign in to follow this  
Metallica

Removal instructions for MediaBuzz

Recommended Posts

What is MediaBuzz?

The Malwarebytes research team has determined that MediaBuzz is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by MediaBuzz?

This is how their advertisements look:

main.png

And you may see these toolbars:

warning1.png

warning2.png

or this entry in your list of installed programs:

warning3.png

How did MediaBuzz get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove MediaBuzz?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of MediaBuzz?
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the MediaBuzz listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the MediaBuzz rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: MediaBuzzV1mode6855 - {2ac8ecb3-cce2-43be-b940-3f3b9a1beb30} - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie\MediaBuzzV1mode6855.dll
Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0       Adds the file ffMediaBuzzV1mode6855chaction.js"="27/04/2014 13:49, 829 bytes, A       Adds the file icon.ico"="27/04/2014 13:49, 588 bytes, A       Adds the file manifest.json"="27/04/2014 13:49, 963 bytes, A    Adds the folder C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images       Adds the file MediaBuzzV1mode6855_128.png"="27/04/2014 13:49, 12999 bytes, A       Adds the file MediaBuzzV1mode6855_16.png"="27/04/2014 13:49, 12999 bytes, A       Adds the file MediaBuzzV1mode6855_48.png"="27/04/2014 13:49, 12999 bytes, A       Adds the file MediaBuzzV1mode6855_64.png"="27/04/2014 13:49, 17847 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855       Adds the file uninstall.exe"="27/04/2014 13:49, 296183 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ch       Adds the file MediaBuzzV1mode6855.crx"="24/04/2014 08:24, 75496 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff       Adds the file chrome.manifest"="24/04/2014 08:24, 147 bytes, A       Adds the file install.rdf"="24/04/2014 08:24, 782 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content       Adds the file ffMediaBuzzV1mode6855.js"="24/04/2014 08:24, 744 bytes, A       Adds the file ffMediaBuzzV1mode6855ffaction.js"="24/04/2014 08:24, 674 bytes, A       Adds the file overlay.xul"="24/04/2014 08:24, 342 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons       Adds the file Thumbs.db"="23/04/2014 14:24, 36352 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons\default       Adds the file MediaBuzzV1mode6855_32.png"="23/04/2014 14:30, 17847 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie       Adds the file MediaBuzzV1mode6855.dll"="24/04/2014 08:24, 87040 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}]       "(Default)"="REG_SZ", "Media Buzz"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie\MediaBuzzV1mode6855.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}\TypeLib]       "(Default)"="REG_SZ", "{16a0aed2-adef-4a43-b47f-90e11bc173fb}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}\Version]       "(Default)"="REG_SZ", "1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}]       "(Default)"="REG_SZ", "IMediaBuzzV1mode6855BHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}\TypeLib]       "(Default)"="REG_SZ", "{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}"       "Version"="REG_SZ", "1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}\1.1]       "(Default)"="REG_SZ", "MediaBuzzV1mode6855Lib"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}\1.1\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie\MediaBuzzV1mode6855.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}\1.1\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}\1.1\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie"    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp]       "path"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ch\MediaBuzzV1mode6855.crx"       "version"="REG_SZ", "1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\MediaBuzzV1\Media Buzz]       "installed"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\MediaBuzzV1mode6855]       "Path"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855"    [HKEY_LOCAL_MACHINE\SOFTWARE\MediaBuzzV1mode6855\Components]       "Ch"="REG_SZ", "1"       "ff"="REG_SZ", "1"       "Ie"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}]       "(Default)"="REG_SZ", "MediaBuzzV1mode6855"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaBuzzV1mode6855]       "DisplayIcon"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\uninstall.exe"       "DisplayName"="REG_SZ", "Media Buzz"       "DisplayVersion"="REG_SZ", "1.1"       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "Media Buzz"       "UninstallString"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\uninstall.exe"       "URLInfoAbout"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]       "ext@MediaBuzzV1mode6855.net"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff"    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist]       "1"="REG_SZ", "pjdiekamjobnbdfdgjocopipdhggpdpp"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 27-4-2014Scan Time: 15:29:10Logfile: mbamMediaBuzz.txtAdministrator: YesVersion: 2.00.1.1004Malware Database: v2014.04.27.03Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 318975Time Elapsed: 9 min, 24 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 12PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1, Quarantined, [8c7418e8758b2ed23bbe3e32cf330bf5], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1mode6855, Quarantined, [25dbec14eb151be598612c448979946c], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pjdiekamjobnbdfdgjocopipdhggpdpp, Quarantined, [51af28d825db897747b15f110002f808], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MediaBuzzV1mode6855, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{16a0aed2-adef-4a43-b47f-90e11bc173fb}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{16a0aed2-adef-4a43-b47f-90e11bc173fb}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2AC8ECB3-CCE2-43BE-B940-3F3B9A1BEB30}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKU\S-1-5-21-3593670260-2180827866-1624307833-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2AC8ECB3-CCE2-43BE-B940-3F3B9A1BEB30}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKU\S-1-5-21-3593670260-2180827866-1624307833-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2AC8ECB3-CCE2-43BE-B940-3F3B9A1BEB30}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], Registry Values: 1PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode6855.net, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff, Quarantined, [23ddfe02d12f29d721d93f318280f30d]Registry Data: 0(No malicious items detected)Folders: 11PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ch, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons\default, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ie, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], Files: 18PUP.Optional.MediaBuzz.A, C:\Downloads\be23ae4bc2ec5b68d5d554ce10fcec83636cf370eb3d0ed4d055e70688ad7181.exe, Quarantined, [7987d03031cf7a86b5c0510bb94be11f], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\ffMediaBuzzV1mode6855chaction.js, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\icon.ico, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\manifest.json, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images\MediaBuzzV1mode6855_128.png, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images\MediaBuzzV1mode6855_16.png, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images\MediaBuzzV1mode6855_48.png, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images\MediaBuzzV1mode6855_64.png, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\uninstall.exe, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ch\MediaBuzzV1mode6855.crx, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome.manifest, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\install.rdf, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\ffMediaBuzzV1mode6855.js, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\ffMediaBuzzV1mode6855ffaction.js, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\overlay.xul, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons\Thumbs.db, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons\default\MediaBuzzV1mode6855_32.png, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ie\MediaBuzzV1mode6855.dll, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.