Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Removal instructions for MediaBuzz


Recommended Posts

  • Staff

What is MediaBuzz?

The Malwarebytes research team has determined that MediaBuzz is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by MediaBuzz?

This is how their advertisements look:

main.png

And you may see these toolbars:

warning1.png

warning2.png

or this entry in your list of installed programs:

warning3.png

How did MediaBuzz get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove MediaBuzz?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of MediaBuzz?
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the MediaBuzz listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the MediaBuzz rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: MediaBuzzV1mode6855 - {2ac8ecb3-cce2-43be-b940-3f3b9a1beb30} - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie\MediaBuzzV1mode6855.dll
Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0       Adds the file ffMediaBuzzV1mode6855chaction.js"="27/04/2014 13:49, 829 bytes, A       Adds the file icon.ico"="27/04/2014 13:49, 588 bytes, A       Adds the file manifest.json"="27/04/2014 13:49, 963 bytes, A    Adds the folder C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images       Adds the file MediaBuzzV1mode6855_128.png"="27/04/2014 13:49, 12999 bytes, A       Adds the file MediaBuzzV1mode6855_16.png"="27/04/2014 13:49, 12999 bytes, A       Adds the file MediaBuzzV1mode6855_48.png"="27/04/2014 13:49, 12999 bytes, A       Adds the file MediaBuzzV1mode6855_64.png"="27/04/2014 13:49, 17847 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855       Adds the file uninstall.exe"="27/04/2014 13:49, 296183 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ch       Adds the file MediaBuzzV1mode6855.crx"="24/04/2014 08:24, 75496 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff       Adds the file chrome.manifest"="24/04/2014 08:24, 147 bytes, A       Adds the file install.rdf"="24/04/2014 08:24, 782 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content       Adds the file ffMediaBuzzV1mode6855.js"="24/04/2014 08:24, 744 bytes, A       Adds the file ffMediaBuzzV1mode6855ffaction.js"="24/04/2014 08:24, 674 bytes, A       Adds the file overlay.xul"="24/04/2014 08:24, 342 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons       Adds the file Thumbs.db"="23/04/2014 14:24, 36352 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons\default       Adds the file MediaBuzzV1mode6855_32.png"="23/04/2014 14:30, 17847 bytes, A    Adds the folder C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie       Adds the file MediaBuzzV1mode6855.dll"="24/04/2014 08:24, 87040 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}]       "(Default)"="REG_SZ", "Media Buzz"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie\MediaBuzzV1mode6855.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}\TypeLib]       "(Default)"="REG_SZ", "{16a0aed2-adef-4a43-b47f-90e11bc173fb}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}\Version]       "(Default)"="REG_SZ", "1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}]       "(Default)"="REG_SZ", "IMediaBuzzV1mode6855BHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}\TypeLib]       "(Default)"="REG_SZ", "{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}"       "Version"="REG_SZ", "1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}\1.1]       "(Default)"="REG_SZ", "MediaBuzzV1mode6855Lib"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}\1.1\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie\MediaBuzzV1mode6855.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}\1.1\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{16A0AED2-ADEF-4A43-B47F-90E11BC173FB}\1.1\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ie"    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp]       "path"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ch\MediaBuzzV1mode6855.crx"       "version"="REG_SZ", "1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\MediaBuzzV1\Media Buzz]       "installed"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\MediaBuzzV1mode6855]       "Path"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855"    [HKEY_LOCAL_MACHINE\SOFTWARE\MediaBuzzV1mode6855\Components]       "Ch"="REG_SZ", "1"       "ff"="REG_SZ", "1"       "Ie"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}]       "(Default)"="REG_SZ", "MediaBuzzV1mode6855"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaBuzzV1mode6855]       "DisplayIcon"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\uninstall.exe"       "DisplayName"="REG_SZ", "Media Buzz"       "DisplayVersion"="REG_SZ", "1.1"       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "Media Buzz"       "UninstallString"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\uninstall.exe"       "URLInfoAbout"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]       "ext@MediaBuzzV1mode6855.net"="REG_SZ", "C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6855\ff"    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist]       "1"="REG_SZ", "pjdiekamjobnbdfdgjocopipdhggpdpp"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 27-4-2014Scan Time: 15:29:10Logfile: mbamMediaBuzz.txtAdministrator: YesVersion: 2.00.1.1004Malware Database: v2014.04.27.03Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 318975Time Elapsed: 9 min, 24 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 12PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1, Quarantined, [8c7418e8758b2ed23bbe3e32cf330bf5], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1mode6855, Quarantined, [25dbec14eb151be598612c448979946c], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pjdiekamjobnbdfdgjocopipdhggpdpp, Quarantined, [51af28d825db897747b15f110002f808], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MediaBuzzV1mode6855, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2ac8ecb3-cce2-43be-b940-3f3b9a1beb30}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{16a0aed2-adef-4a43-b47f-90e11bc173fb}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{209C6134-D8C5-4048-A52C-0B8B12BAA18A}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{16a0aed2-adef-4a43-b47f-90e11bc173fb}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2AC8ECB3-CCE2-43BE-B940-3F3B9A1BEB30}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKU\S-1-5-21-3593670260-2180827866-1624307833-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2AC8ECB3-CCE2-43BE-B940-3F3B9A1BEB30}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, HKU\S-1-5-21-3593670260-2180827866-1624307833-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2AC8ECB3-CCE2-43BE-B940-3F3B9A1BEB30}, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], Registry Values: 1PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode6855.net, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff, Quarantined, [23ddfe02d12f29d721d93f318280f30d]Registry Data: 0(No malicious items detected)Folders: 11PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ch, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons\default, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ie, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], Files: 18PUP.Optional.MediaBuzz.A, C:\Downloads\be23ae4bc2ec5b68d5d554ce10fcec83636cf370eb3d0ed4d055e70688ad7181.exe, Quarantined, [7987d03031cf7a86b5c0510bb94be11f], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\ffMediaBuzzV1mode6855chaction.js, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\icon.ico, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\manifest.json, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images\MediaBuzzV1mode6855_128.png, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images\MediaBuzzV1mode6855_16.png, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images\MediaBuzzV1mode6855_48.png, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjdiekamjobnbdfdgjocopipdhggpdpp\1.1_0\images\MediaBuzzV1mode6855_64.png, Quarantined, [649c2fd1cf314fb14c88e0901ee4f010], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\uninstall.exe, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ch\MediaBuzzV1mode6855.crx, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome.manifest, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\install.rdf, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\ffMediaBuzzV1mode6855.js, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\ffMediaBuzzV1mode6855ffaction.js, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\overlay.xul, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons\Thumbs.db, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ff\chrome\content\icons\default\MediaBuzzV1mode6855_32.png, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6855\ie\MediaBuzzV1mode6855.dll, Quarantined, [7a86f20e639d6f91765f7cf4689ab64a], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.