Jump to content

Removal instructions for PlayGem


Recommended Posts

  • Staff

What is PlayGem?

The Malwarebytes research team has determined that PlayGem is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by PlayGem?

You may see this entry in your list of installed programs:

warning4.png

this kind of advertisements:

warning1.png

and this icon in your startmenu:

icons.png

How did PlayGem get on my computer?

Adware applications use different methods for distributing themselves. This particular one is offered as an online game portal.

main.png

How do I remove PlayGem?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of PlayGem?
  • No, Malwarebytes' Anti-Malware removes PlayGem completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the PlayGem adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

You will see these signs in a HijackThis log:

O4 - HKLM\..\Run: [PlayGem] "C:\Program Files (x86)\PlayGem\PlayGem.exe" monetize
You may see these signs in FRST logs:

 (PlayGem) C:\Program Files (x86)\PlayGem\PlayGem.exe HKLM-x32\...\Run: [PlayGem] => C:\Program Files (x86)\PlayGem\PlayGem.exe [3247616 2015-10-21] (PlayGem) C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayGem C:\ProgramData\PlayGemConfig C:\Program Files (x86)\PlayGemPlayGem 1.0 (HKLM-x32\...\PlayGem) (Version: 1.0 - PlayGem)
Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    Adds the folder C:\Program Files (x86)\PlayGem       Adds the file Compaign.dat"="22/01/2016 09:35, 8 bytes, A       Adds the file Events.dat"="22/01/2016 09:35, 731 bytes, A       Adds the file PlayGem.exe"="21/10/2015 14:38, 3247616 bytes, A       Adds the file uninst.exe"="22/01/2016 09:35, 165582 bytes, A       Adds the file Version.dat"="22/01/2016 09:35, 54 bytes, A    Adds the folder C:\ProgramData\PlayGemConfig       Adds the file Sample.json"="22/01/2016 09:35, 20108 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayGem       Adds the file PlayGem.lnk"="22/01/2016 09:35, 1027 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]       "EnableLUA"= REG_DWORD, 0    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]       "ExploreMedia.exe"="REG_DWORD", 9999       "PlayGem.exe"="REG_DWORD", 9999    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PlayGem\ExploreMedia]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\PlayGem\PlayGem]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]       "PlayGem"="REG_SZ", ""C:\Program Files (x86)\PlayGem\PlayGem.exe" monetize"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PlayGem]       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\PlayGem\PlayGem.exe"       "DisplayName"="REG_SZ", "PlayGem 1.0"       "DisplayVersion"="REG_SZ", "1.0"       "Publisher"="REG_SZ", "PlayGem"       "UninstallString"="REG_SZ", "C:\Program Files (x86)\PlayGem\uninst.exe"       "URLInfoAbout"="REG_SZ", " www.PlayGem.com"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PlayGem]       "xDaysDownload"="REG_DWORD", 2147483647
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 22/01/2016Scan Time: 09:54Logfile: mbamPlayGem.txtAdministrator: YesVersion: 2.2.0.1020Malware Database: v2016.01.22.03Rootkit Database: v2016.01.20.01License: PremiumMalware Protection: DisabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 317631Time Elapsed: 4 min, 30 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 2PUP.Optional.PlayGem, C:\Program Files (x86)\PlayGem\PlayGem.exe, 3548, Delete-on-Reboot, [7d2eba823d5cdc5a0f9e332108f8c33d]PUP.Optional.PlayGem, C:\Program Files (x86)\PlayGem\PlayGem.exe, 1824, Delete-on-Reboot, [7d2eba823d5cdc5a0f9e332108f8c33d]Modules: 0(No malicious items detected)Registry Keys: 3PUP.Optional.PlayGem, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PlayGem, Quarantined, [7b301f1d8811c96d0e0e84786c97748c], PUP.Optional.PlayGem, HKLM\SOFTWARE\WOW6432NODE\PlayGem, Quarantined, [3378c17b0297f640c15fee0e2dd627d9], PUP.Optional.PlayGem, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\PlayGem, Quarantined, [9714c17bc9d0bb7bda444bb1f80bb54b], Registry Values: 4PUP.Optional.PlayGem, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PlayGem, "C:\Program Files (x86)\PlayGem\PlayGem.exe" monetize, Quarantined, [7d2eba823d5cdc5a0f9e332108f8c33d]PUP.Optional.PlayGem, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PlayGem.exe, 9999, Quarantined, [c0ebed4f4b4e1e183c14e8506f9508f8]PUP.Optional.ExploreMedia, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|ExploreMedia.exe, 9999, Quarantined, [bbf0cf6d5a3fab8b2d424490c73bb947]PUP.Optional.PlayGem, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYGEM|URLInfoAbout,  www.PlayGem.com, Quarantined, [1596a399d9c0f04639b0869718ec08f8]Registry Data: 0(No malicious items detected)Folders: 3PUP.Optional.PlayGem, C:\Program Files (x86)\PlayGem, Delete-on-Reboot, [7b301f1d8811c96d0e0e84786c97748c], PUP.Optional.PlayGem, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayGem, Quarantined, [4a6145f76831d85eca5329d39a690bf5], PUP.Optional.PlayGem, C:\ProgramData\PlayGemConfig, Quarantined, [4962d5677c1d41f562d8834b2ad85ba5], Files: 8PUP.Optional.PlayGem, C:\Program Files (x86)\PlayGem\PlayGem.exe, Delete-on-Reboot, [7d2eba823d5cdc5a0f9e332108f8c33d], PUP.Optional.PlayGem, C:\Users\{username}\Desktop\PlayGem_Setup.exe, Quarantined, [377490ac4653d561eebf69eb16ea05fb], PUP.Optional.PlayGem, C:\Program Files (x86)\PlayGem\Compaign.dat, Quarantined, [7b301f1d8811c96d0e0e84786c97748c], PUP.Optional.PlayGem, C:\Program Files (x86)\PlayGem\Events.dat, Quarantined, [7b301f1d8811c96d0e0e84786c97748c], PUP.Optional.PlayGem, C:\Program Files (x86)\PlayGem\uninst.exe, Quarantined, [7b301f1d8811c96d0e0e84786c97748c], PUP.Optional.PlayGem, C:\Program Files (x86)\PlayGem\Version.dat, Quarantined, [7b301f1d8811c96d0e0e84786c97748c], PUP.Optional.PlayGem, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayGem\PlayGem.lnk, Quarantined, [4a6145f76831d85eca5329d39a690bf5], PUP.Optional.PlayGem, C:\ProgramData\PlayGemConfig\Sample.json, Quarantined, [4962d5677c1d41f562d8834b2ad85ba5], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.