Jump to content

Recommended Posts

  • Staff
What is VKontakte.DJ?

The Malwarebytes research team has determined that VKontakte.DJ is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
This one installs a new browseer and also displays advertisements.

How do I know if my computer is affected by VKontakte.DJ?

You may see these entries in your list of installed software:

warning4.png

and these warnings during install:

main.png

warning2.png

warning3.png

warning6.png

these browser add-ons:

warning5.png

warning9.png

this search engine:

warning8.png

and you will see these icons in your startmenu, taskbar, and on your desktop:

icons.png

How did VKontakte.DJ get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove VKontakte.DJ?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of VKontakte.DJ?
  • No, Malwarebytes' Anti-Malware removes VKontakte.DJ completely.
  • The Yandex entries can be safely uninstalled in your list of installed "Programs and Features".
  • Please visit our Restore Browser page. You can read there how to fix additional browser redirect methods.
  • If you are using Firefox or Chrome you can Disable and Remove the extensions safely in the corresponding menu's.
  • If you are using Opera, you can remove unwanted items from the Bookmarks bar by rightclicking them and then choose "Move to Trash".
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the VKontakte.DJ hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


 

protection1.png


Technical details for experts

Possible signs in FRST logs:


 
 (Yandex LLC) C:\Users\{username}\AppData\Local\Yandex\BrowserManager\BrowserManager.exe
 HKCU\...\Run: [VkontakteDJ] => C:\ProgramData\VkontakteDJ\VkontakteDJ.exe [5193216 2016-08-01] ()
 HKCU\...\Run: [Browser Manager] => C:\Users\{username}\AppData\Local\Yandex\BrowserManager\BrowserManager.exe [1712992 2016-01-18] (Yandex LLC)
 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=240&clid=2254770-169
 SearchScopes: HKCU -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=240&clid=2254771-169&text={searchTerms}
 SearchScopes: HKCU -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://yandex.ru/search/?win=240&clid=2254771-169&text={searchTerms}
 FF DefaultSearchEngine: Яндекс
 FF SelectedSearchEngine: Яндекс
 FF Homepage: hxxps://www.yandex.ru/?win=240&clid=2254770-169
 FF SearchPlugin: C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\searchplugins\yandex.ru-091151.xml [2016-08-01]
 FF Extension: Советник Яндекс.Маркета - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\sovetnik@metabar.ru.xpi [2016-08-01]
 CHR HomePage: Default -> yandex.ru/?__PARAM__from=chromehp
 CHR DefaultSearchURL: Default -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms}
 CHR DefaultSearchKeyword: Default -> yandex.ru
 CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
 CHR Extension: (Стартовая  Яндекс) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpegcopcfajiiibidlaelhjjblpefbjk [2016-08-01]
 CHR Extension: (Яндекс) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdljkkmghdkckhaogaemgbgdfophkfco [2016-08-01]
 CHR Extension: (Яндекс) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdnilodcpljomelbbnpgdogdbmclbni [2016-08-01]
 C:\Users\{username}\AppData\Roaming\VKDJ
 C:\Windows\System32\Tasks\Обновление Браузера Яндекс
 C:\Users\{username}\Desktop\Yandex.lnk
 C:\Windows\Tasks\Обновление Браузера Яндекс.job
 C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex
 C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс
 C:\Users\{username}\AppData\LocalLow\Yandex
 C:\Users\{username}\AppData\Local\Package Cache
 C:\Users\{username}\AppData\Local\Yandex
 C:\Users\{username}\Desktop\Vkontakte DJ.lnk
 C:\Users\{username}\AppData\Roaming\Yandex
 C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VkontakteDJ
 C:\Users\{username}\AppData\Local\Xpom
 C:\Users\{username}\AppData\Local\Nichrome
 C:\Users\{username}\AppData\Local\Chromium
 C:\ProgramData\VkontakteDJ

Vkontakte DJ (HKLM\...\VkontakteDJ) (Version:  - )
Yandex (HKCU\...\YandexBrowser) (Version: 16.7.0.3342 - ООО «ЯНДЕКС»)
Yandex taskbar button (HKCU\...\YaPinLancher) (Version: 2.0.1.2130 - Yandex)
Менеджер браузеров (HKCU\...\{a4e708c3-efaf-49b0-aa5a-394305338e7b}) (Version: 2.2.1.614 - Яндекс)
Менеджер браузеров (x32 Version: 2.2.1.614 - Яндекс) Hidden
Task: {0C560D32-7F84-42FB-8D3F-C71AF7E4F392} - System32\Tasks\Обновление Браузера Яндекс => C:\Users\{username}\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-07-22] (YANDEX LLC)
Task: C:\Windows\Tasks\Обновление Браузера Яндекс.job => C:\Users\{username}\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Malwarebytes Anti-Malware log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/1/2016
Scan Time: 9:38 AM
Logfile: mbamVKontakteDJ.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.01.03
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316293
Time Elapsed: 8 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.VkontakteDJ, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VkontakteDJ, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 

Registry Values: 1
PUP.Optional.VkontakteDJ, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VkontakteDJ, C:\ProgramData\VkontakteDJ\VkontakteDJ.exe /H, Quarantined, [b73081c43a60b284f595d1ed8e760bf5]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 
PUP.Optional.VkontakteDJ, C:\Users\{username}\AppData\Roaming\VKDJ, Quarantined, [ebfce1643565ef47cac2734bdd279070], 

Files: 15
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ\VKontakteDJ.exe, Quarantined, [b73081c43a60b284f595d1ed8e760bf5], 
PUP.Optional.VkontakteDJ, C:\Users\{username}\Desktop\VKontakte-DJ.exe, Quarantined, [1fc8e065544688ae3555d3ebf60e9868], 
PUP.Optional.VkontakteDJ, C:\Users\{username}\Desktop\Vkontakte DJ.lnk, Quarantined, [6384d372891171c51a716a54ef15ff01], 
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ\downloader.exe.e, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ\gdiplus.dll, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ\History.txt, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ\libeay32.dll, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ\ssleay32.dll, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ\uninstall.dat, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ\uninstall.exe, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 
PUP.Optional.VkontakteDJ, C:\ProgramData\VkontakteDJ\vkontaktedj.dat, Quarantined, [29be1b2a8119a88e27947d3e46bef808], 
PUP.Optional.VkontakteDJ, C:\Users\{username}\AppData\Roaming\VKDJ\Config.ini, Quarantined, [ebfce1643565ef47cac2734bdd279070], 
PUP.Optional.VkontakteDJ, C:\Users\{username}\AppData\Roaming\VKDJ\avkp2.swf, Quarantined, [ebfce1643565ef47cac2734bdd279070], 
PUP.Optional.VkontakteDJ, C:\Users\{username}\AppData\Roaming\VKDJ\vvkp2.swf, Quarantined, [ebfce1643565ef47cac2734bdd279070], 
PUP.Optional.VkontakteDJ, C:\Users\{username}\AppData\Roaming\VKDJ\working_20160801_0918.log, Quarantined, [ebfce1643565ef47cac2734bdd279070], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  •  
Edited by Metallica
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.