Jump to content

Recommended Posts

  • Staff
What is MarvelSound?

The Malwarebytes research team has determined that MarvelSound is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by MarvelSound?

You may see this entry in your list of installed programs:

warning4.png

How did MarvelSound get on my computer?

these icons in your startmenu and taskbar, and on your desktop:

icons.png

and this is the main screen of the program:

main.png

You may have seen these warnings during install:

warning1.png

warning2.png

warning3.png

Adware applications use different methods for distributing themselves. This particular one was downloaded from their site, but we have also seen it in bundlers.

How do I remove MarvelSound?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of MarvelSound?
  • No, Malwarebytes' Anti-Malware removes MarvelSound completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the MarvelSound adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late.
 

protection1.png


Technical details for experts

Possible signs in FRST logs:
 
 (MarvelSound) C:\Program Files (x86)\MarvelSound\splayer\marvelsound.exe
 (GitHub, Inc.) C:\Program Files (x86)\MarvelSound\splayer\node_modules\electron\dist\electron.exe
 (GitHub, Inc.) C:\Program Files (x86)\MarvelSound\splayer\node_modules\electron\dist\electron.exe
 C:\Users\{username}\AppData\Roaming\MarvelSound
 C:\Users\{username}\AppData\Local\MarvelSound
 C:\Users\{username}\Desktop\MarvelSound.lnk
 C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MarvelSound
 C:\Program Files (x86)\MarvelSound

MarvelSound 1.1 (HKLM-x32\...\MarvelSound) (Version: 1.1 - )
() C:\Program Files (x86)\MarvelSound\splayer\node_modules\electron\dist\ffmpeg.dll
An excerpt from the Malwarebytes Anti-Malware scan log:
(full log available on request)
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/29/2016
Scan Time: 2:30 PM
Logfile: mbamMarvelSound.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.29.06
Rootkit Database: v2016.11.20.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303245
Time Elapsed: 9 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\marvelsound.exe, 3248, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc]
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\node_modules\electron\dist\electron.exe, 2568, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc]
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\node_modules\electron\dist\electron.exe, 3208, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc]

Modules: 4
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\node_modules\electron\dist\ffmpeg.dll, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\node_modules\electron\dist\ffmpeg.dll, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\node_modules\electron\dist\node.dll, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\node_modules\electron\dist\node.dll, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc], 

Registry Keys: 7
PUP.Optional.MarvelSound, HKLM\SOFTWARE\CLASSES\APPLICATIONS\marvelsound.exe, Quarantined, [f6148640950567cf7211786bae551fe1], 
PUP.Optional.MarvelSound, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPLICATIONS\marvelsound.exe, Quarantined, [97731da9a8f29d99e0a328bba3602dd3], 
PUP.Optional.MarvelSound, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\marvelsound.exe, Quarantined, [66a444828e0c4de9fc86f2f10df61fe1], 
PUP.Optional.MarvelSound, HKLM\SOFTWARE\WOW6432NODE\MarvelSound, Quarantined, [c644be081c7e2e08fc8514cfd72c718f], 
PUP.Optional.MarvelSound, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPLICATIONS\marvelsound.exe, Quarantined, [ff0b369078228fa7b5ceedf6b350758b], 
PUP.Optional.MarvelSound, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\marvelsound.exe, Quarantined, [f71360664d4d8caa10724b9870936898], 
PUP.Optional.MarvelSound, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MARVELSOUND, Quarantined, [22e84086ff9bde58e9940bd800038977], 

Registry Values: 1
PUP.Optional.MarvelSound, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MARVELSOUND|URLInfoAbout, http://marvelsound.com, Quarantined, [22e84086ff9bde58e9940bd800038977]

Registry Data: 0
(No malicious items detected)

Folders: 409
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MarvelSound, Quarantined, [7d8d873f653537ff3d358f54c73cbf41], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Cache, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\databases, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\GPUCache, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\IndexedDB, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\IndexedDB\file__0.indexeddb.leveldb, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Local Storage, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 

Files: 3107
PUP.Optional.MarvelSound, C:\Users\{username}\Desktop\msound.exe, Quarantined, [fe0c794d9bffe6503722dc07aa596f91], 
PUP.Optional.MarvelSound, C:\Users\{username}\Desktop\MarvelSound.lnk, Quarantined, [808ae0e698020135385a459eaf549a66], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\uninst.exe, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\.jshintrc, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\.npmrc, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\app.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\download_electron.bi, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\favicon.ico, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\index.html, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\marvelsound.asm, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\marvelsound.bas, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\marvelsound.exe, Delete-on-Reboot, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\marvelsound.rc, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\package.json, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\rsrc.bi, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\settings.json, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\sPlayer.appcache, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\unzip.bin, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\video.html, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\xpmanifest.xml, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\.vscode\settings.json, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\build\config.gypi, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\dist\sconfig.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\dist\splayer.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\fonts\fonts.css, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\images\albumart-blank.jpg, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\node_modules\.bin\nugget.cmd, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\node_modules\yauzl\README.md, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\resources\app\marvelsound.bas, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\src\importmusic.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\src\main.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\src\other.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\src\strip.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\src\video.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\src\lib\jquery-2.1.4.min.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\src\lib\localforage-1.2.4.min.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\src\lib\localforage.nopromises.min.js, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\styles\albums.css, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\styles\genres.css, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\styles\style-responsive.css, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Program Files (x86)\MarvelSound\splayer\tpl\adbar.html, Quarantined, [5eac8046623887af401ff9eac14244bc], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MarvelSound\MarvelSound.lnk, Quarantined, [7d8d873f653537ff3d358f54c73cbf41], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Cookies, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Cookies-journal, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\lockfile, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\QuotaManager, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\QuotaManager-journal, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Cache\data_0, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Cache\data_1, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Cache\data_2, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Cache\data_3, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Cache\index, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\databases\Databases.db, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\databases\Databases.db-journal, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\GPUCache\data_0, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\GPUCache\data_1, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\GPUCache\data_2, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\GPUCache\data_3, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\GPUCache\index, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\IndexedDB\file__0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\IndexedDB\file__0.indexeddb.leveldb\CURRENT, Quarantined, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\IndexedDB\file__0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\IndexedDB\file__0.indexeddb.leveldb\LOG, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Local Storage\file__0.localstorage, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 
PUP.Optional.MarvelSound, C:\Users\{username}\AppData\Roaming\MarvelSound\Local Storage\file__0.localstorage-journal, Delete-on-Reboot, [af5bd0f6d1c9e3531d57b033d52ed927], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.