Jump to content

Removal instructions for AnySend


Recommended Posts

  • Staff

What is AnySend?

The Malwarebytes research team has determined that AnySend is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by AnySend?

You may see these entries in your list of installed programs:

warning4.png

and these warnings during install:

main.png

warning1.png

and this balloon icon on your desktop (the menu opens when you click the balloon) :

icons.png

and this rightclick context menu item:

warning2.png

How did AnySend get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove AnySend?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of AnySend?
  • No, Malwarebytes' Anti-Malware removes AnySend completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the AnySend adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

You will see these signs in a HijackThis log:

O4 - HKLM\..\Run: [AnySend User Interface] C:\Program Files (x86)\AnySend\AnySendUI.exeO23 - Service: AnySend (AnySendService) - Unknown owner - C:\Program Files (x86)\AnySend\AnySendSVC.exe
You may see these signs in FRST logs:

 () C:\Program Files (x86)\AnySend\AnySendSvc.exe () C:\Program Files (x86)\AnySend\AnySendUI.exe HKLM-x32\...\Run: [AnySend User Interface] => C:\Program Files (x86)\AnySend\AnySendUI.exe [7081984 2015-04-20] () BHO: AnySend -> {61628E2A-4FF9-4454-992D-D92A8CD27399} -> C:\Program Files\AnySend\AnySendShellExtension.dll [2012-08-21] (ClickMeIn Limited) R2 AnySendService; C:\Program Files (x86)\AnySend\AnySendSVC.exe [3710464 2015-04-20] () [File not signed] C:\ProgramData\AnySend C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend C:\Users\{username}\AppData\Roaming\AnySend C:\Program Files\AnySend (AnySend.com) C:\Users\{username}\AppData\Local\nsh873A.tmp C:\Program Files (x86)\AnySend (AnySend.com) C:\Users\{username}\AppData\Local\nsu38E5.tmp C:\Users\{username}\AppData\Local\Temp\AnySendSetup_full.exeAnySend (HKLM-x32\...\ASPackage) (Version:  - CMI Limited) <==== ATTENTIONAnySend 1.0.18.0 (x64) (HKLM\...\{7203C44E-08F7-471D-8C9B-349A0D17506F}) (Version: 1.0.18.0 - ClickMeIn Limited) <==== ATTENTIONAnySend, Any file, Any size, Anywhere! (HKLM-x32\...\AnySend) (Version: 1.0.0.56 - AnySend Limited) <==== ATTENTION
Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    Adds the folder C:\Program Files\AnySend       Adds the file AnySendShellExtension.dll"="21/08/2012 11:06, 401920 bytes, A    Adds the  C:\Program Files (x86)\AnySend       Adds the file AnySend.guid"="11/08/2015 12:24, 92 bytes, A       Adds the file AnySendIcon.ico"="28/03/2012 11:58, 99678 bytes, A       Adds the file AnySendShellExtension_x64.msi"="21/08/2012 10:08, 482007 bytes, A       Adds the file AnySendShellExtension_x86.msi"="21/08/2012 10:08, 469713 bytes, A       Adds the file AnySendSvc.exe"="20/04/2015 11:47, 3710464 bytes, A       Adds the file AnySendUI.exe"="20/04/2015 11:48, 7081984 bytes, A       Adds the file AnySendUpdater.exe"="20/04/2015 11:48, 177629 bytes, A       Adds the file CurrentVersion"="20/04/2015 11:48, 8 bytes, A       Adds the file icudt.dll"="10/03/2013 05:16, 3846656 bytes, A       Adds the file libcef.dll"="10/03/2013 05:16, 5984256 bytes, A       Adds the file Uninstall.exe"="11/08/2015 12:24, 305107 bytes, A       Adds the file upnp.dll"="12/07/2012 17:14, 90513 bytes, A    Adds the folder C:\ProgramData\AnySend       Adds the file ann.dat"="11/08/2015 12:24, 92 bytes, A       Adds the file AnySend.DB"="11/08/2015 12:25, 256 bytes, A       Adds the file EmailChecks.dat"="11/08/2015 12:24, 0 bytes, A       Adds the file Vids.dat"="11/08/2015 12:24, 112 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\AnySend       Adds the file exceptions.log"="11/08/2015 12:24, 0 bytes, A       Adds the file VidPlays.dat"="11/08/2015 12:24, 9 bytes, A    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\SendTo       Adds the file AnySend.lnk"="11/08/2015 12:24, 1143 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend       Adds the file AnySend Show Tutorial.lnk"="11/08/2015 12:24, 1945 bytes, A       Adds the file AnySend.lnk"="11/08/2015 12:24, 1917 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\AnySend\ShellExtension]       "ButtonText"="REG_SZ", "AnySend"       "EnableButton"="REG_SZ", "1"       "EnableMenu"="REG_SZ", "1"       "IconFile"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendIcon.ico"       "MenuHelpText"="REG_SZ", "Send AnyFile, AnySize, AnyWhere Now with AnySend"       "MenuText"="REG_SZ", "Send or Share with AnySend (Recommended)"       "Run"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendUI.exe"       "RunParameters"="REG_SZ", "/SEND %FILELIST%"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AnySend]       "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect]       "(Default)"="REG_SZ", "AnySend"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect\CLSID]       "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect\CurVer]       "(Default)"="REG_SZ", "AnySend.Connect.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect.1]       "(Default)"="REG_SZ", "AnySend"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect.1\CLSID]       "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}]       "(Default)"="REG_SZ", "AnySend"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\AnySend\AnySendShellExtension.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\ProgID]       "(Default)"="REG_SZ", "AnySend.Connect.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\TypeLib]       "(Default)"="REG_SZ", "{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\VersionIndependentProgID]       "(Default)"="REG_SZ", "AnySend.Connect"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\AnySend]       "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0]       "(Default)"="REG_SZ", "AnySend 1.0 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0\0\win64]       "(Default)"="REG_SZ", "C:\Program Files\AnySend\AnySendShellExtension.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61628E2A-4FF9-4454-992D-D92A8CD27399}]       "(Default)"="REG_SZ", "AnySend"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}]       "(Default)"="REG_SZ", "AnySend"       "Icon"="REG_EXPAND_SZ, "C:\Program Files (x86)\AnySend\AnySendIcon.ico"       "Title"="REG_SZ", "AnySend"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}\shell\InvokeTask\command]       "(Default)"="REG_EXPAND_SZ, "rundll32.exe "C:\Program Files\AnySend\AnySendShellExtension.dll",ExecuteCommand "%*""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksNoItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}]       "(Default)"="REG_SZ", "AnySend"       "Icon"="REG_EXPAND_SZ, "C:\Program Files (x86)\AnySend\AnySendIcon.ico"       "Title"="REG_SZ", "AnySend"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksNoItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}\shell\InvokeTask\command]       "(Default)"="REG_EXPAND_SZ, "rundll32.exe "C:\Program Files\AnySend\AnySendShellExtension.dll",ExecuteCommand "%*""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]       "C:\Program Files\AnySend\"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61628E2A-4FF9-4454-992D-D92A8CD27399}]       "(Default)"="REG_SZ", "AnySend"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7203C44E-08F7-471D-8C9B-349A0D17506F}]       "AuthorizedCDFPrefix"="REG_SZ", ""       "Comments"="REG_SZ", ""       "Contact"="REG_SZ", ""       "DisplayName"="REG_SZ", "AnySend 1.0.18.0 (x64)"       "DisplayVersion"="REG_SZ", "1.0.18.0"       "EstimatedSize"="REG_DWORD", 373       "HelpLink"="REG_SZ", ""       "HelpTelephone"="REG_SZ", ""       "InstallDate"="REG_SZ", "20150811"       "InstallLocation"="REG_SZ", ""       "InstallSource"="REG_SZ", "C:\Program Files (x86)\AnySend\"       "Language"="REG_DWORD", 1033       "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{7203C44E-08F7-471D-8C9B-349A0D17506F}"       "Publisher"="REG_SZ", "ClickMeIn Limited"       "Readme"="REG_SZ", ""       "Size"="REG_SZ", ""       "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{7203C44E-08F7-471D-8C9B-349A0D17506F}"       "URLInfoAbout"="REG_SZ", ""       "URLUpdateInfo"="REG_SZ", ""       "Version"="REG_DWORD", 16777234       "VersionMajor"="REG_DWORD", 1       "VersionMinor"="REG_DWORD", 0       "WindowsInstaller"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\SampleShellExtnesion]       "FreeFolderTypeDocumentsTasksItemsSelected"="REG_SZ", "0"       "FreeFolderTypeDocumentsTasksNoItemsSelected"="REG_SZ", "0"       "FreeFolderTypeGenericTasksItemsSelected"="REG_SZ", "0"       "FreeFolderTypeGenericTasksNoItemsSelected"="REG_SZ", "0"       "FreeFolderTypeMusicTasksItemsSelected"="REG_SZ", "0"       "FreeFolderTypeMusicTasksNoItemsSelected"="REG_SZ", "0"       "FreeFolderTypePicturesTasksItemsSelected"="REG_SZ", "0"       "FreeFolderTypePicturesTasksNoItemsSelected"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AnySend\ShellExtension]       "ButtonText"="REG_SZ", "AnySend"       "IconFile"="REG_SZ", "C:\Program Files (x86)\AnySend\anysendicon.ico"       "MenuHelpText"="REG_SZ", "AnySend"       "MenuText"="REG_SZ", "AnySend"       "Run"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendUI.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]       "AnySend User Interface"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendUI.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnySend]       "DisplayIcon"="REG_SZ", ""C:\Program Files (x86)\AnySend\uninstall.exe""       "DisplayName"="REG_SZ", "AnySend, Any file, Any size, Anywhere!"       "DisplayVersion"="REG_SZ", "1.0.0.56"       "Publisher"="REG_SZ", "AnySend Limited"       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\AnySend\uninstall.exe""    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AnySendService]       "DisplayName"="REG_SZ", "AnySend"       "ErrorControl"="REG_DWORD", 1       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\AnySend\AnySendSVC.exe"       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16       "WOW64"="REG_DWORD", 1
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 11/08/2015Scan Time: 12:55Logfile: mbamAnySend.txtAdministrator: YesVersion: 2.1.8.1057Malware Database: v2015.08.11.05Rootkit Database: v2015.08.06.01License: PremiumMalware Protection: DisabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 330063Time Elapsed: 4 min, 19 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 2PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendUI.exe, 3572, Delete-on-Reboot, [662b7b8caae125112e1e26f64eb5bd43]PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendSvc.exe, 3504, Delete-on-Reboot, [a9e82cdb8cff62d4460737e5ea1906fa]Modules: 3PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\icudt.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\libcef.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\upnp.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], Registry Keys: 23PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\INPROCSERVER32, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AF31E0EB-48CF-4A3B-893F-E999A0E29944}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\AnySend.Connect.1, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\AnySend.Connect, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AnySend.Connect, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\AnySend.Connect, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{61628E2A-4FF9-4454-992D-D92A8CD27399}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AnySend.Connect.1, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\AnySend.Connect.1, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{61628E2A-4FF9-4454-992D-D92A8CD27399}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.ASPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], PUP.Optional.AnySend.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AnySendService, Quarantined, [a9e82cdb8cff62d4460737e5ea1906fa], PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AnySend, Quarantined, [99f88582bfccbd7927b554ba18eb738d], Registry Values: 1PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AnySend User Interface, C:\Program Files (x86)\AnySend\AnySendUI.exe, Quarantined, [662b7b8caae125112e1e26f64eb5bd43]Registry Data: 0(No malicious items detected)Folders: 7PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\ASPackage, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, Quarantined, [ccc5e81f74177fb7e2ee6ac28a79f10f], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend, Quarantined, [553cde296625f83e94470806ab58659b], PUP.Optional.AnySend.A, C:\Program Files\AnySend, Delete-on-Reboot, [f69b7e89b9d22016d90348c67093b24e], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\ProgramData\AnySend, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\AnySend, Delete-on-Reboot, [bad758af305bf046e7f6a36ba85b04fc], Files: 29PUP.Optional.AnySend.A, C:\Program Files\AnySend\AnySendShellExtension.dll, Delete-on-Reboot, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.GetNow.A, C:\Users\{username}\AppData\Local\Temp\nszD421.tmp\SevenZip-apset.exe, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.Installcore, C:\Users\{username}\AppData\Local\Temp\Setup__2140_il256.exe, Quarantined, [eba65bacb8d3cd69623f8ef527de21df], PUP.Optional.Installcore, C:\Users\{username}\AppData\Local\Temp\is1921360829\1FDF0D2B_stp\icc.dll, Quarantined, [94fd16f1325945f1e531f0527590d729], PUP.Optional.OutBrowse, C:\Users\{username}\AppData\Local\Temp\nszD421.tmp\setup-1228.exe, Quarantined, [f79a7a8d008b75c1415f943340c15aa6], PUP.Optional.Installcore, C:\Users\{username}\AppData\Local\Temp\nszD421.tmp\Setup__2140_il256.exe, Quarantined, [6829bd4a4744f73f7f22a9daad58956b], PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\ASPackage\Uninstall.exe, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\ASPackage\ASPackage.exe, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, Quarantined, [ccc5e81f74177fb7e2ee6ac28a79f10f], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendUI.exe, Delete-on-Reboot, [662b7b8caae125112e1e26f64eb5bd43], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendSvc.exe, Delete-on-Reboot, [a9e82cdb8cff62d4460737e5ea1906fa], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend Show Tutorial.lnk, Quarantined, [553cde296625f83e94470806ab58659b], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend.lnk, Quarantined, [553cde296625f83e94470806ab58659b], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySend.guid, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendIcon.ico, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendShellExtension_x64.msi, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendShellExtension_x86.msi, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendUpdater.exe, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\CurrentVersion, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\icudt.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\libcef.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\Uninstall.exe, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\upnp.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\ProgramData\AnySend\ann.dat, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\ProgramData\AnySend\AnySend.DB, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\ProgramData\AnySend\EmailChecks.dat, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\ProgramData\AnySend\Vids.dat, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\AnySend\exceptions.log, Delete-on-Reboot, [bad758af305bf046e7f6a36ba85b04fc], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\AnySend\VidPlays.dat, Quarantined, [bad758af305bf046e7f6a36ba85b04fc], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.