Jump to content

Removal instructions for TopFlix


Recommended Posts

  • Staff
What is TopFlix?

The Malwarebytes research team has determined that TopFlix is adware. These adware applications display advertisements not originating from the sites you are browsing.
This one is a DNS hijacker.

How do I know if my computer is affected by TopFlix?

You may see this entry in your list of installed programs:

warning4.png

and this warning during install:

main.png

and this Scheduled Task:

warning3.png

How did TopFlix get on my computer?

Adware applications use different methods for distributing themselves. This particular one is offered as a mediaplayer.

How do I remove TopFlix?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of TopFlix?
  • No, Malwarebytes' Anti-Malware removes TopFlix completely.
  • This adware creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the TopFlix adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
 

protection1.png


and it blocks some of the outgoing connections:
 

protection2.png


Technical details for experts

You may see these signs in FRST logs:
 () C:\Program Files (x86)\TopFlix\dnskinsale.exe
 Tcpip\..\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}: [NameServer] 82.163.143.153,82.163.142.155
 C:\Windows\System32\Tasks\DNSKINSALE
 C:\Program Files (x86)\TopFlix

TopFlix version 1.4 (HKLM-x32\...\{B1D4623E-00B2-49EC-988B-14944EAA3D1C}_is1) (Version: 1.4 - www.TopFlix.info)
Task: {AD7405D0-297B-4AC5-A2E5-74BEB9127946} - System32\Tasks\DNSKINSALE => C:\Program Files (x86)\TopFlix\dnskinsale.exe [2016-02-25] ()
Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\TopFlix
       Adds the file config.ini"="2/25/2016 12:57 PM, 469 bytes, A
       Adds the file ConsoleApplication1.dll"="2/25/2016 12:57 PM, 210432 bytes, A
       Adds the file DNSKINSALE.cer"="2/25/2016 12:57 PM, 1021 bytes, A
       Adds the file dnskinsale.exe"="2/25/2016 12:57 PM, 677376 bytes, A
       Adds the file Info.rtf"="2/25/2016 12:57 PM, 1645 bytes, A
       Adds the file License.rtf"="2/25/2016 12:57 PM, 20594 bytes, A
       Adds the file LogoBlack.ico"="2/25/2016 12:57 PM, 38059 bytes, A
       Adds the file LogoGreen.ico"="2/25/2016 12:57 PM, 57754 bytes, A
       Adds the file LogoYellow.ico"="2/25/2016 12:57 PM, 58346 bytes, A
       Adds the file Microsoft.Win32.TaskScheduler.dll"="2/25/2016 12:57 PM, 237568 bytes, A
       Adds the file settings.ini"="3/16/2016 8:24 AM, 19 bytes, A
       Adds the file unins000.dat"="3/16/2016 8:24 AM, 29601 bytes, A
       Adds the file unins000.exe"="3/16/2016 8:23 AM, 719521 bytes, A
       Adds the file ZonaTools.XPlorerBar.dll"="2/25/2016 12:57 PM, 67072 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file DNSKINSALE"="3/16/2016 8:24 AM, 26332 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\7E745E7F7BAA4842A833716036DEBF6F]
       "DP"="REG_SZ", "40"
       "FX"="REG_SZ", "1"
       "SDP1"="REG_SZ", "00001"
       "SDP2"="REG_SZ", "00001"
       "status"="REG_SZ", "1"
       "UID"="REG_SZ", "d8d7ed0423ec4d71badfd3e412fbf036"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1D4623E-00B2-49EC-988B-14944EAA3D1C}_is1]
       "InstallDate"="REG_SZ", "20150915"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\7E745E7F7BAA4842A833716036DEBF6F]
       "DP"="REG_SZ", "40"
       "FX"="REG_SZ", "1"
       "SDP1"="REG_SZ", "00001"
       "SDP2"="REG_SZ", "00001"
       "UID"="REG_SZ", "d8d7ed0423ec4d71badfd3e412fbf036"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1D4623E-00B2-49EC-988B-14944EAA3D1C}_is1]
       "DisplayName"="REG_SZ", "TopFlix version 1.4"
       "DisplayVersion"="REG_SZ", "1.4"
       "EstimatedSize"="REG_DWORD", 2986
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\TopFlix"
       "Inno Setup: Icon Group"="REG_SZ", "TopFlix"
       "Inno Setup: Language"="REG_SZ", "english"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20150915"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\TopFlix\"
       "MajorVersion"="REG_DWORD", 1
       "MinorVersion"="REG_DWORD", 4
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "www.TopFlix.info"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\TopFlix\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\TopFlix\unins000.exe""
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/16/2016
Scan Time: 8:35 AM
Logfile: mbamTopFlix.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.16.01
Rootkit Database: v2016.03.12.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370641
Time Elapsed: 4 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 4
Adware.CloudGuard, C:\Program Files (x86)\TopFlix\dnskinsale.exe, 3472, Delete-on-Reboot, [e1906e1a18815bdbbeca9a4c6998ca36]
Adware.CloudGuard, C:\Program Files (x86)\TopFlix\dnskinsale.exe, 2308, Delete-on-Reboot, [e1906e1a18815bdbbeca9a4c6998ca36]
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\dnskinsale.exe, 3472, Delete-on-Reboot, [85ec83050a8f45f1f8941ff608fb27d9]
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\dnskinsale.exe, 2308, Delete-on-Reboot, [85ec83050a8f45f1f8941ff608fb27d9]

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.TopFlix, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B1D4623E-00B2-49EC-988B-14944EAA3D1C}_is1, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [cfa2a4e4badf63d31fda8fed47bdc43c], 
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AD7405D0-297B-4AC5-A2E5-74BEB9127946}, Delete-on-Reboot, [e190ec9ca2f705317f65a4e234d09a66], 
PUP.Optional.ClousdScout.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSKINSALE, Delete-on-Reboot, [c7aad0b82b6e3501c3c8ef31dd26837d], 
PUP.Optional.TopFlix, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B1D4623E-00B2-49EC-988B-14944EAA3D1C}_is1, Quarantined, [f57c2167a5f4b1858805fa1bad567789], 
PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [472a0484b7e2bd79a4558eeea262ee12], 

Registry Values: 2
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AD7405D0-297B-4AC5-A2E5-74BEB9127946}|Path, \DNSKINSALE, Delete-on-Reboot, [e190ec9ca2f705317f65a4e234d09a66]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|NameServer, 82.163.143.153,82.163.142.155, Quarantined, [7ff2771105941a1c4f55f983ef15fe02]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix, Delete-on-Reboot, [85ec83050a8f45f1f8941ff608fb27d9], 

Files: 17
Adware.CloudGuard, C:\Program Files (x86)\TopFlix\dnskinsale.exe, Delete-on-Reboot, [e1906e1a18815bdbbeca9a4c6998ca36], 
Adware.TopGuard, C:\Users\{username}\Desktop\topflix.exe, Quarantined, [442da3e5f8a1ef475363bf342ad759a7], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\unins000.dat, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\config.ini, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\ConsoleApplication1.dll, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\DNSKINSALE.cer, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\dnskinsale.exe, Delete-on-Reboot, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\Info.rtf, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\License.rtf, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\LogoBlack.ico, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\LogoGreen.ico, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\LogoYellow.ico, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\settings.ini, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\unins000.exe, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.TopFlix, C:\Program Files (x86)\TopFlix\ZonaTools.XPlorerBar.dll, Quarantined, [85ec83050a8f45f1f8941ff608fb27d9], 
PUP.Optional.ClousdScout.BrwsrFlsh, C:\Windows\System32\Tasks\DNSKINSALE, Quarantined, [81f06721a0f934026920190733d05ca4], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Edited by Metallica
Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.