Sign in to follow this  
Metallica

Removal instructions for Adblocker-Bylekh

Recommended Posts

What is Adblocker-Bylekh?

The Malwarebytes research team has determined that Adblocker-Bylekh is adware. These adware applications display advertisements not originating from the sites you are browsing.

Please note that there is also a legitimate program by the name of AdBlock Plus that this one is mimicking.

More information can be found on our blog.

How do I know if my computer is affected by Adblocker-Bylekh?

You may see this entry in your list of installed programs:

warning4.png

despite of not having the legitimate AdBlock Plus installed.

How did Adblocker-Bylekh get on my computer?

Adware applications use different methods for distributing themselves. This particular one mimicks a legitimate program.

How do I remove Adblocker-Bylekh?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Make sure to enable the Scan for rootkits option under Settings > Detection and Protection
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • After the first reboot you will be prompted to reboot again so Malwarebytes Anti-Malware can restore your internet connection. This is done to repair any damages done during the removal of the LSP hijacker.
  • After this reboot, repeat the Threat scan to remove any rootkit elements that were invisible to Malwarebytes Anti-Malware during the first scan. It will probably find some registry keys that were left behind.
Is there anything else I need to do to get rid of Adblocker-Bylekh?
  • No, following the procedure outlined above, Malwarebytes' Anti-Malware removes Adblocker-Bylekh completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Adblocker-Bylekh adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

You may see these signs in a HijackThis log:

O10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dllO23 - Service: Bylekh - Unknown owner - C:\ProgramData\adblocker\1.1.0.31\Bylekh.exeVM:O23 - Service: oqhjedlath - Unknown owner - C:\ProgramData\adblocker\1.1.0.31\hysagie.exe
Possible signs in FRST logs:

() C:\ProgramData\adblocker\1.1.0.31\Bylekh.EXE() C:\ProgramData\adblocker\1.1.0.31\hyswgie.EXE() C:\ProgramData\adblocker\1.1.0.31\hysagie.EXE() C:\ProgramData\adblocker\1.1.0.31\CyeanDowmei.exe() C:\ProgramData\adblocker\1.1.0.31\hysdgie.exeWinsock: Catalog9 01 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()Winsock: Catalog9 02 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()Winsock: Catalog9 03 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()Winsock: Catalog9 04 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()Winsock: Catalog9 15 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()Winsock: Catalog9-x64 01 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()Winsock: Catalog9-x64 02 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()Winsock: Catalog9-x64 03 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()Winsock: Catalog9-x64 04 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()Winsock: Catalog9-x64 15 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()Locked "kozitevc" service could not be unlocked. <===== ATTENTIONLocked "oqhjedlath" service could not be unlocked. <===== ATTENTIONLocked "tammgF120" service could not be unlocked. <===== ATTENTIONLocked "tammgR120" service could not be unlocked. <===== ATTENTIONLocked "XuippuLonfix" service could not be unlocked. <===== ATTENTIONR3 Bylekh; C:\ProgramData\adblocker\1.1.0.31\Bylekh.exe [0 ] () <==== ATTENTION (zero size file/folder)R5 tammgF120; C:\Windows\System32\Drivers\tammgF120.sys [34952 2015-05-15] () [File not signed]R5 tammgR120; C:\Windows\System32\Drivers\tammgR120.sys [36488 2015-05-15] () [File not signed]R5 kozitevc;  <===== ATTENTION Locked ServiceR5 oqhjedlath;  <===== ATTENTION Locked ServiceR5 tammgF120;  <===== ATTENTION Locked ServiceR5 tammgR120;  <===== ATTENTION Locked ServiceR5 XuippuLonfix;  <===== ATTENTION Locked Service () C:\Windows\SysWOW64\Bylekh.ini () C:\Windows\SysWOW64\BylekhOff.ini () C:\Windows\system32\BylekhOff.ini () C:\Windows\system32\Drivers\tammgR120.sys () C:\Windows\system32\Drivers\tammgF120.sys () C:\ProgramData\adblocker () C:\Windows\system32\Bylekh64.dll () C:\Windows\SysWOW64\Bylekh.dlladblocker (HKLM-x32\...\{67436C6F-CD49-45A7-8BF3-8FA8C6193C7A}) (Version: 1.1.0.31 - adblocker)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Bylekh => ""="service"FirewallRules: [{DF955721-1862-4F11-806D-DF603B958BB8}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXEFirewallRules: [{22CDEE43-97AF-430D-B466-EBA50878F211}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXEFirewallRules: [{68555BCE-3B8C-4269-A73D-0F5BC8F28007}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXEFirewallRules: [{807828B1-2CA0-46E9-83D8-1687E4B74C19}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXEFirewallRules: [{D8A7E579-BE64-495D-85E7-1E5BEAE734E7}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXE
Malwarebytes Anti-Malware log (first scan):

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 5/15/2015Scan Time: 1:45:29 PMLogfile: mbamAdblockerBylekh.txtAdministrator: YesVersion: 2.01.6.1022Malware Database: v2015.05.15.02Rootkit Database: v2015.05.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 324247Time Elapsed: 4 min, 8 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 6PUP.Optional.Bylekh.A, c:\programdata\adblocker\1.1.0.31\bylekh.exe, 624, Delete-on-Reboot, [9d51563daae08caaab975914d134d42c]Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\bylekh.exe, 624, Delete-on-Reboot, [be3099fa4d3d5fd74718501daa5b41bf]PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\cyeandowmei.exe, 3700, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e]PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysagie.exe, 3540, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e]PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysdgie.exe, 3924, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e]PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hyswgie.exe, 3336, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e]Modules: 8PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nss3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\freebl3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysdgieu.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libnspr4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libplc4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libplds4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nssutil3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\smime3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], Registry Keys: 113PUP.Optional.Bylekh.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Bylekh, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [9d51563daae08caaab975914d134d42c], PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [9d51563daae08caaab975914d134d42c], Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tammgF120, Delete-on-Reboot, [27c7a0f3d9b1181e677dfb704cb9d32d], Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tammgR120, Delete-on-Reboot, [ee00d4bf2763af872cb88fdc30d5a957], Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BYLEKH, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{67436C6F-CD49-45A7-8BF3-8FA8C6193C7A}, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], Registry Values: 1Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Bylekh|ImagePath, C:\ProgramData\adblocker\1.1.0.31\Bylekh.exe, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf]Registry Data: 0(No malicious items detected)Folders: 3PUP.Optional.MultiPlug, c:\programdata\adblocker, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], Files: 55Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammg.sys, Delete-on-Reboot, [32bc692acbbf1125a560b6a370961ce4], Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgd.sys, Delete-on-Reboot, [cb23098a92f89d99ea1bd4859d69f709], Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgf.sys, Delete-on-Reboot, [4ea0dcb7583248ee7c8998c132d4bf41], Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgfd.sys, Delete-on-Reboot, [c12d5241acdec96df90cc8916e9828d8], Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgod.sys, Delete-on-Reboot, [fcf2f3a0315970c6966f3326bd494bb5], Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgr.sys, Delete-on-Reboot, [7579e6addab0f2449c693920e521bd43], Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgrd.sys, Delete-on-Reboot, [ffefdcb7cdbd1a1c8a7b174256b0ad53], PUP.Optional.Adblocker.A, C:\Users\{username}\Desktop\AdBlocker-Bylekh installer.exe, Quarantined, [23cb95fe07833afc78369faecf34916f], Rootkit.Agent.A, c:\windows\system32\drivers\tammgf120.sys, Delete-on-Reboot, [2fbf2172becc6dc908fd66f3cb3b966a], Rootkit.Agent.A, c:\windows\system32\drivers\tammgr120.sys, Delete-on-Reboot, [836b7a191f6b15212bda5405e323c838], PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\Bylekh.dll, Delete-on-Reboot, [608e0d863654af87005ba8c56a9b2dd3], PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\Bylekh.ini, Quarantined, [717dc4cf4545df574814b2bb51b450b0], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\Bylekh64.dll, Delete-on-Reboot, [945a1e75e5a5c07691ccdd90e71eee12], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\BylekhOff.ini, Quarantined, [5a94e7acdeac41f5a3bbbab3b055d828], PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\BylekhOff.ini, Quarantined, [f9f5c0d3bcce9e98d688333afb0a6997], PUP.Optional.Bylekh.A, c:\programdata\adblocker\1.1.0.31\bylekh.exe, Delete-on-Reboot, [9d51563daae08caaab975914d134d42c], Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\bylekh.exe, Delete-on-Reboot, [be3099fa4d3d5fd74718501daa5b41bf], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nss3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\bylekh.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\bylekh64.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\cyeandowmei.exe, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\freebl3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysagie.exe, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysdgie.exe, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysdgieu.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hyswgie.exe, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\jebjoelc.dat, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\jebjoelcb.dat, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libnspr4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libplc4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libplds4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\logo.ico, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nssckbi.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nssdbm3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nssutil3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\oukaqxurpi.exe, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\oukaqxurpi64.exe, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\smime3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\softokn3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\sqlite3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\ssl3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammg.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgd.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgf.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgfd.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgod.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgr.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgrd.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\uninstaller.exe, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\utils.exe, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\conagouvgi.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\jquery4toolbar.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\nazfauhuvu.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\neagnhsas.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\selloxjes.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.