Jump to content

Recommended Posts

  • Staff

What is MVPlayer?

 

The Malwarebytes research team has determined that MVPlayer is adware. These adware applications display advertisements not originating from the sites you are browsing.

 

How do I know if my computer is affected by MVPlayer?

You may see this entry in your list of installed programs:

 

warning4.png

and these warnings during install:

main.png

warning1.png

and this icon on your desktop:

icons.png

 

How did MVPlayer get on my computer?

 

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

 

How do I remove MVPlayer?

 

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of MVPlayer?
  • No, Malwarebytes' Anti-Malware removes MVPlayer completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the MVPlayer adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

protection1.png

Technical details for experts

 

You will see these signs in a HijackThis log:

O23 - Service: MVPlayer - Fresh Applications - C:\ProgramData\MVPlayer\MVPlayerService.exe
 

You may see these signs in FRST logs:

 (Fresh Applications) C:\ProgramData\MVPlayer\MVPlayerService.exe R2 MVPlayer; C:\ProgramData\MVPlayer\MVPlayerService.exe [2729448 2015-06-05] (Fresh Applications) () C:\Users\{username}\AppData\Local\MVPlayer () C:\Users\Public\Desktop\MVPlayer.lnk () C:\ProgramData\MVPlayerApp () C:\ProgramData\MVPlayer () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MVPlayerMVPlayer (HKLM\...\MVPlayer) (Version: 3.0.59 - Fresh Applications)
 

 

Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MVPlayer       Adds the file MVPlayer.lnk"="6/5/2015 1:53 PM, 1635 bytes, A    Adds the folder C:\ProgramData\MVPlayer       Adds the file info.dat"="6/5/2015 1:53 PM, 80 bytes, A       Adds the file MVPlayer.dll"="6/5/2015 1:53 PM, 1240552 bytes, A       Adds the file MVPlayer.exe"="6/5/2015 1:53 PM, 47592 bytes, A       Adds the file MVPlayer.exe.config"="6/5/2015 1:53 PM, 190 bytes, A       Adds the file MVPlayer.ico"="6/5/2015 1:53 PM, 114342 bytes, A       Adds the file MVPlayerService.exe"="6/5/2015 1:53 PM, 2729448 bytes, A       Adds the file MVPlayerService.exe.config"="6/5/2015 1:53 PM, 288 bytes, A       Adds the file uninstall.exe"="6/5/2015 1:53 PM, 658920 bytes, A       Adds the file uninstall.exe.config"="6/5/2015 1:53 PM, 168 bytes, A    Adds the folder C:\ProgramData\MVPlayerApp       Adds the file AxInterop.WMPLib.dll"="5/27/2015 5:43 PM, 61440 bytes, A       Adds the file Interop.WMPLib.dll"="5/27/2015 5:43 PM, 339968 bytes, A       Adds the file mvplayer.exe"="5/27/2015 5:43 PM, 1652736 bytes, A       Adds the file mvplayer.exe.config"="5/21/2015 12:07 AM, 186 bytes, A       Adds the file mvplayer.ico"="5/21/2015 4:03 PM, 370070 bytes, A       Adds the file uninstall.exe"="6/5/2015 1:53 PM, 32253 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\MVPlayer       Adds the file data2.dat"="6/5/2015 1:54 PM, 3072 bytes, A    In the existing folder C:\Users\Public\Desktop       Adds the file MVPlayer.lnk"="6/5/2015 1:53 PM, 1647 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]       "id"="REG_SZ", "530586e5a8b043a7904539f424792cee"       "p"="REG_SZ", "3000"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b4f4383-5960-e803-480d-081318164cbf}]       "id"="REG_SZ", "530586e5a8b043a7904539f424792cee"       "lpvcc"="REG_SZ", "3.0.59"       "p"="REG_SZ", "3000"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4768258f-e7aa-ef0c-78d3-8720916c055e}]       "ik"="REG_SZ", "{d28d264b-7eab-3f15-bab0-5ff3e3eec105}"]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}]       "(Default)"="REG_DWORD", 1       "v"="REG_DWORD", 1       "vs"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b21a6521-767b-e1f4-7735-b503b5c7e572}]       "id"="REG_SZ", "530586e5a8b043a7904539f424792cee"       "ip"="REG_SZ", "3000"       "p"="REG_SZ", "3000"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MVPlayerService_RASAPI32]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MVPlayerService_RASMANCS]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASAPI32]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\setup_RASMANCS]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MVPlayer]       "DisplayIcon"="REG_SZ", "C:\ProgramData\MVPlayer\MVPlayer.ico"       "DisplayName"="REG_SZ", "MVPlayer"       "DisplayVersion"="REG_SZ", "3.0.59"       "EstimatedSize"="REG_DWORD", 5000       "HelpLink"="REG_SZ", "http://www.downloadmvplayer.com/support.html"       "InstallDate"="REG_SZ", "6/5/2015"       "Publisher"="REG_SZ", "Fresh Applications"       "UninstallString"="REG_SZ", ""C:\ProgramData\MVPlayer\uninstall.exe""    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MVPlayer]       "DependOnService"="REG_MULTI_SZ, "Winmgmt CryptSvc "       "DisplayName"="REG_SZ", "MVPlayer"       "ErrorControl"="REG_DWORD", 1       "FailureActions"="REG_BINARY, <.....................       "ImagePath"="REG_EXPAND_SZ, ""C:\ProgramData\MVPlayer\MVPlayerService.exe""       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 6/5/2015Scan Time: 2:17:12 PMLogfile: mbamMVPlayer.txtAdministrator: YesVersion: 2.01.6.1022Malware Database: v2015.06.05.02Rootkit Database: v2015.06.02.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 292792Time Elapsed: 4 min, 22 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\MVPlayerService.exe, 2696, Delete-on-Reboot, [67af6d4a6129092d37b7d296a45e6e92]Modules: 0(No malicious items detected)Registry Keys: 3PUP.Optional.MVPlayer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MVPlayer, Quarantined, [67af6d4a6129092d37b7d296a45e6e92], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [9482c9eed0ba7bbb403a83e7c3402cd4], PUP.Optional.MVPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MVPlayer, Quarantined, [dd392f882862b08602ecdc8c28da08f8], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 4PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer, Delete-on-Reboot, [888e635423672e086f96632119ece020], PUP.Optional.MVPlayer.A, C:\Users\{username}\AppData\Local\MVPlayer, Quarantined, [1bfb2394c3c72e08db2cc8bc13f233cd], PUP.Optional.MVPlayer.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MVPlayer, Quarantined, [799dfabd1f6bf93d7c8cef9564a19070], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayerApp, Quarantined, [9383fcbb6129033324f2cb1bff0437c9], Files: 19PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\MVPlayerService.exe, Delete-on-Reboot, [67af6d4a6129092d37b7d296a45e6e92], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\MVPlayer.exe, Quarantined, [8e88c7f0107aae886b830464709216ea], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\uninstall.exe, Quarantined, [dd392f882862b08602ecdc8c28da08f8], PUP.Optional.MVPlayer.A, C:\Users\{username}\Desktop\MVPlayer.exe, Quarantined, [da3cebcc8bffb77fcd214b1d32d08878], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\uninstall.exe.config, Quarantined, [888e635423672e086f96632119ece020], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\info.dat, Delete-on-Reboot, [888e635423672e086f96632119ece020], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\MVPlayer.dll, Quarantined, [888e635423672e086f96632119ece020], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\MVPlayer.exe.config, Quarantined, [888e635423672e086f96632119ece020], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\MVPlayer.ico, Quarantined, [888e635423672e086f96632119ece020], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayer\MVPlayerService.exe.config, Quarantined, [888e635423672e086f96632119ece020], PUP.Optional.MVPlayer.A, C:\Users\Public\Desktop\MVPlayer.lnk, Quarantined, [f521ffb8612945f1c541b8cc58ad8c74], PUP.Optional.MVPlayer.A, C:\Users\{username}\AppData\Local\MVPlayer\data2.dat, Quarantined, [1bfb2394c3c72e08db2cc8bc13f233cd], PUP.Optional.MVPlayer.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MVPlayer\MVPlayer.lnk, Quarantined, [799dfabd1f6bf93d7c8cef9564a19070], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayerApp\AxInterop.WMPLib.dll, Quarantined, [9383fcbb6129033324f2cb1bff0437c9], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayerApp\Interop.WMPLib.dll, Quarantined, [9383fcbb6129033324f2cb1bff0437c9], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayerApp\mvplayer.exe, Quarantined, [9383fcbb6129033324f2cb1bff0437c9], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayerApp\mvplayer.exe.config, Quarantined, [9383fcbb6129033324f2cb1bff0437c9], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayerApp\mvplayer.ico, Quarantined, [9383fcbb6129033324f2cb1bff0437c9], PUP.Optional.MVPlayer.A, C:\ProgramData\MVPlayerApp\uninstall.exe, Quarantined, [9383fcbb6129033324f2cb1bff0437c9], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.