Sign in to follow this  
Followers 0
Metallica

Removal instructions for setupsk

1 post in this topic

What is setupsk?

The Malwarebytes research team has determined that setupsk is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
This one sets a proxy port on visits to certain domains and IPs.

How do I know if my computer is affected by setupsk?

You may see this entry in your list of installed software:

warning4.png

and these warnings during install:

warning1.png

warning2.png

these Scheduled Tasks:

warning3.png

How did setupsk get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove setupsk?

Our program Malwarebytes can detect and remove this potentially unwanted program.
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of setupsk?
  • No, Malwarebytes removes setupsk completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes would have protected you against the setupsk hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


 

protection1.png


Technical details for experts

Possible signs in FRST logs:


 
 () C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe
 HKCU\...\Run: [setupsk_upd] => C:\Users\{username}\AppData\Roaming\setupsk_upd\python\pythonw.exe [27136 2012-09-29] ()
 HKCU\...\Run: [setupsk] => C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe [27136 2012-09-29] ()
 C:\Windows\System32\Tasks\setupsk_upd
 C:\Windows\System32\Tasks\setupsk
 C:\Users\{username}\AppData\Roaming\setupsk
 C:\Users\{username}\AppData\Roaming\setupsk_upd

setupsk (HKCU\...\setupsk) (Version:  - )
Task: {2CD7F699-A883-44C4-900B-EA04AF7E4AF6} - System32\Tasks\setupsk => C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe [2012-09-29] ()
Task: {86E66202-596A-4E46-B15A-CE52C138B39C} - System32\Tasks\setupsk_upd => C:\Users\{username}\AppData\Roaming\setupsk_upd\python\pythonw.exe [2012-09-29] ()
Alterations made by the installer:
 
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk
       Adds the file httpfilter.bin"="4/19/2017 9:17 AM, 972800 bytes, A
       Adds the file httpfilter.bin.sha1"="4/19/2017 9:17 AM, 40 bytes, A
       Adds the file httpfilter.py"="4/19/2017 9:17 AM, 21778 bytes, A
       Adds the file httpfilter.py.sha1"="4/19/2017 9:17 AM, 40 bytes, A
       Adds the file id.txt"="4/19/2017 9:17 AM, 30 bytes, A
       Adds the file localconfig.json"="4/3/2017 5:21 PM, 55 bytes, A
       Adds the file ml.py"="4/19/2017 9:17 AM, 12861 bytes, A
       Adds the file ml.py.sha1"="4/19/2017 9:17 AM, 40 bytes, A
       Adds the file rules.ini"="4/19/2017 9:17 AM, 626 bytes, A
       Adds the file rules.ini.sha1"="4/19/2017 9:17 AM, 40 bytes, A
       Adds the file settings.ini"="4/19/2017 9:17 AM, 20369 bytes, A
       Adds the file settings.ini.sha1"="4/19/2017 9:17 AM, 40 bytes, A
       Adds the file subid.txt"="4/19/2017 9:16 AM, 0 bytes, A
       Adds the file uninstall.exe"="4/19/2017 9:16 AM, 60337 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\configs
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\js
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python
       Adds the file msvcr100.dll"="2/19/2011 8:40 AM, 773968 bytes, A
       Adds the file python.exe"="9/29/2012 9:56 AM, 26624 bytes, A
       Adds the file python.exe.sha1"="4/19/2017 9:17 AM, 40 bytes, A
       Adds the file python33.dll"="9/29/2012 9:55 AM, 2641408 bytes, A
       Adds the file pythonw.exe"="9/29/2012 9:56 AM, 27136 bytes, A
       Adds the file pythonw.exe.sha1"="4/19/2017 9:17 AM, 40 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\collections
       Adds the file __init__.py"="8/1/2012 10:05 AM, 43164 bytes, A
       Adds the file __main__.py"="8/1/2012 10:05 AM, 1313 bytes, A
       Adds the file abc.py"="8/1/2012 10:05 AM, 16686 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\collections\__pycache__
       Adds the file __init__.cpython-33.pyc"="2/17/2017 6:54 PM, 69719 bytes, A
       Adds the file abc.cpython-33.pyc"="2/17/2017 6:54 PM, 35937 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\ctypes
       Adds the file __init__.py"="8/1/2012 10:05 AM, 17574 bytes, A
       Adds the file _endian.py"="3/25/2012 9:48 PM, 2013 bytes, A
       Adds the file util.py"="8/1/2012 10:05 AM, 8238 bytes, A
       Adds the file wintypes.py"="3/25/2012 9:48 PM, 5830 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\ctypes\__pycache__
       Adds the file __init__.cpython-33.pyc"="2/17/2017 6:57 PM, 28719 bytes, A
       Adds the file _endian.cpython-33.pyc"="2/17/2017 6:57 PM, 3096 bytes, A
       Adds the file wintypes.cpython-33.pyc"="4/19/2017 9:17 AM, 8373 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\ctypes\macholib
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\ctypes\test
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\email
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\email\mime
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\encodings
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\encodings\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\http
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\json
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\logging
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\logging\__pycache__
       Adds the file __init__.cpython-33.pyc"="4/19/2017 9:16 AM, 82884 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages
       Adds the file README.txt"="5/7/2011 1:04 PM, 121 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\client
       Adds the file __init__.py"="2/17/2017 6:39 PM, 10460 bytes, A
       Adds the file _code_cache.py"="2/17/2017 6:39 PM, 5606 bytes, A
       Adds the file _events.py"="2/17/2017 6:39 PM, 11291 bytes, A
       Adds the file _generate.py"="2/17/2017 6:39 PM, 7298 bytes, A
       Adds the file dynamic.py"="2/17/2017 6:39 PM, 5927 bytes, A
       Adds the file lazybind.py"="2/17/2017 6:39 PM, 10188 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\client\__pycache__
       Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 10953 bytes, A
       Adds the file _code_cache.cpython-33.pyc"="4/19/2017 9:17 AM, 6327 bytes, A
       Adds the file _events.cpython-33.pyc"="4/19/2017 9:17 AM, 14040 bytes, A
       Adds the file _generate.cpython-33.pyc"="4/19/2017 9:17 AM, 6842 bytes, A
       Adds the file dynamic.cpython-33.pyc"="4/19/2017 9:17 AM, 9478 bytes, A
       Adds the file lazybind.cpython-33.pyc"="4/19/2017 9:17 AM, 11574 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\gen
       Adds the file __init__.py"="4/19/2017 9:17 AM, 56 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\gen\__pycache__
       Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 186 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\server
       Adds the file __init__.py"="2/17/2017 6:39 PM, 2390 bytes, A
       Adds the file automation.py"="2/17/2017 6:39 PM, 3006 bytes, A
       Adds the file connectionpoints.py"="2/17/2017 6:39 PM, 6201 bytes, A
       Adds the file inprocserver.py"="2/17/2017 6:39 PM, 4317 bytes, A
       Adds the file localserver.py"="2/17/2017 6:39 PM, 2392 bytes, A
       Adds the file register.py"="2/17/2017 6:39 PM, 14506 bytes, A
       Adds the file w_getopt.py"="2/17/2017 6:39 PM, 2701 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\server\__pycache__
       Adds the file __init__.cpython-33.pyc"="2/17/2017 6:39 PM, 2819 bytes, A
       Adds the file automation.cpython-33.pyc"="2/17/2017 6:39 PM, 4934 bytes, A
       Adds the file connectionpoints.cpython-33.pyc"="2/17/2017 6:39 PM, 8031 bytes, A
       Adds the file inprocserver.cpython-33.pyc"="2/17/2017 6:39 PM, 6035 bytes, A
       Adds the file localserver.cpython-33.pyc"="2/17/2017 6:39 PM, 4677 bytes, A
       Adds the file register.cpython-33.pyc"="2/17/2017 6:39 PM, 16218 bytes, A
       Adds the file w_getopt.cpython-33.pyc"="2/17/2017 6:39 PM, 4056 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\test
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\test\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\tools
       Adds the file __init__.py"="2/17/2017 6:39 PM, 29 bytes, A
       Adds the file codegenerator.py"="2/17/2017 6:39 PM, 41196 bytes, A
       Adds the file tlbparser.py"="2/17/2017 6:39 PM, 31825 bytes, A
       Adds the file typedesc.py"="2/17/2017 6:39 PM, 3896 bytes, A
       Adds the file typedesc_base.py"="2/17/2017 6:39 PM, 5414 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\comtypes\tools\__pycache__
       Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 188 bytes, A
       Adds the file codegenerator.cpython-33.pyc"="4/19/2017 9:17 AM, 42807 bytes, A
       Adds the file tlbparser.cpython-33.pyc"="2/17/2017 6:39 PM, 31017 bytes, A
       Adds the file typedesc.cpython-33.pyc"="4/19/2017 9:17 AM, 12748 bytes, A
       Adds the file typedesc_base.cpython-33.pyc"="4/19/2017 9:17 AM, 18960 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\ANY
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\IN
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\site-packages\dns\rdtypes\IN\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk\python\Lib\urllib
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections
       Adds the file __init__.py"="8/1/2012 10:05 AM, 43164 bytes, A
       Adds the file __main__.py"="8/1/2012 10:05 AM, 1313 bytes, A
       Adds the file abc.py"="8/1/2012 10:05 AM, 16686 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__pycache__
       Adds the file __init__.cpython-33.pyc"="2/17/2017 6:54 PM, 69719 bytes, A
       Adds the file abc.cpython-33.pyc"="2/17/2017 6:54 PM, 35937 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes
       Adds the file __init__.py"="8/1/2012 10:05 AM, 17574 bytes, A
       Adds the file _endian.py"="3/25/2012 9:48 PM, 2013 bytes, A
       Adds the file util.py"="8/1/2012 10:05 AM, 8238 bytes, A
       Adds the file wintypes.py"="3/25/2012 9:48 PM, 5830 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\__pycache__
       Adds the file __init__.cpython-33.pyc"="2/17/2017 6:57 PM, 28719 bytes, A
       Adds the file _endian.cpython-33.pyc"="2/17/2017 6:57 PM, 3096 bytes, A
       Adds the file wintypes.cpython-33.pyc"="4/19/2017 9:16 AM, 8386 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\test
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\email
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\email\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\email\mime
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\encodings
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\encodings\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\http
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\http\__pycache__
       Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 165 bytes, A
       Adds the file client.cpython-33.pyc"="4/19/2017 9:17 AM, 45039 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\json
       Adds the file __init__.py"="8/1/2012 10:05 AM, 13045 bytes, A
       Adds the file decoder.py"="8/1/2012 10:05 AM, 13467 bytes, A
       Adds the file encoder.py"="8/1/2012 10:05 AM, 15441 bytes, A
       Adds the file scanner.py"="3/25/2012 9:48 PM, 2479 bytes, A
       Adds the file tool.py"="8/1/2012 10:05 AM, 935 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\json\__pycache__
       Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 12976 bytes, A
       Adds the file decoder.cpython-33.pyc"="4/19/2017 9:17 AM, 12820 bytes, A
       Adds the file encoder.cpython-33.pyc"="4/19/2017 9:17 AM, 15207 bytes, A
       Adds the file scanner.cpython-33.pyc"="4/19/2017 9:17 AM, 3042 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\logging
       Adds the file __init__.py"="8/1/2012 10:05 AM, 68090 bytes, A
       Adds the file config.py"="8/1/2012 10:05 AM, 35502 bytes, A
       Adds the file handlers.py"="8/1/2012 10:05 AM, 56306 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\logging\__pycache__
       Adds the file __init__.cpython-33.pyc"="4/19/2017 9:16 AM, 83028 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages
       Adds the file README.txt"="5/7/2011 1:04 PM, 121 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\client
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\client\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\gen
       Adds the file __init__.py"="4/19/2017 9:17 AM, 56 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\gen\__pycache__
       Adds the file __init__.cpython-33.pyc"="4/19/2017 9:17 AM, 187 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\server
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\server\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\test
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\test\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\tools
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\comtypes\tools\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\ANY
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\IN
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site-packages\dns\rdtypes\IN\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\urllib
    Adds the folder C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\urllib\__pycache__
    In the existing folder C:\Windows\System32\Tasks
       Adds the file setupsk"="4/19/2017 9:17 AM, 3456 bytes, A
       Adds the file setupsk_upd"="4/19/2017 9:17 AM, 3470 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "setupsk"="REG_SZ", ""C:\Users\{username}1\AppData\Roaming\setupsk\python\pythonw.exe" "C:\Users\{username}1\AppData\Roaming\setupsk\ml.py" --APPNAME="setupsk""
       "setupsk_upd"="REG_SZ", ""C:\Users\{username}1\AppData\Roaming\SETUPS~1\python\pythonw.exe" "C:\Users\{username}1\AppData\Roaming\SETUPS~1\ml.py" --APPNAME="setupsk_upd""
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\setupsk]
       "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Roaming\setupsk\uninstall.exe"
       "DisplayName"="REG_SZ", "setupsk"
       "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Roaming\setupsk\uninstall.exe"
    [HKEY_CURRENT_USER\Software\setupsk]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\setupsk"
Most relevant part of Malwarebytes log (contact me for the full log):
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/19/17
Scan Time: 9:35 AM
Logfile: mbamProxyPup.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1758
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327671
Time Elapsed: 2 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 6
PUP.Optional.RussAd, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\setupsk, Delete-on-Reboot, [12], [387127],1.0.1758
Adware.StartPage, HKCU\SOFTWARE\setupsk, Delete-on-Reboot, [1154], [387357],1.0.1758
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\setupsk, Delete-on-Reboot, [57], [381377],1.0.1758
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\setupsk_upd, Delete-on-Reboot, [57], [381377],1.0.1758
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2CD7F699-A883-44C4-900B-EA04AF7E4AF6}, Delete-on-Reboot, [57], [381374],1.0.1758
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{86E66202-596A-4E46-B15A-CE52C138B39C}, Delete-on-Reboot, [57], [381374],1.0.1758

Registry Value: 4
PUP.Optional.StartPage, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|setupsk_upd, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|setupsk, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2CD7F699-A883-44C4-900B-EA04AF7E4AF6}|PATH, Delete-on-Reboot, [57], [381374],1.0.1758
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{86E66202-596A-4E46-B15A-CE52C138B39C}|PATH, Delete-on-Reboot, [57], [381374],1.0.1758

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 88
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\ROAMING\setupsk_upd, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\Lib, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\configs, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\ROAMING\SETUPSK, Delete-on-Reboot, [57], [381378],1.0.1758

File: 1510
PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\ROAMING\SETUPSK_UPD\PYTHON\PYTHONW.EXE, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\select.pyd, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\unicodedata.pyd, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\_ctypes.pyd, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\_socket.pyd, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\DLLs\_ssl.pyd, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__pycache__\abc.cpython-33.pyc, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__pycache__\__init__.cpython-33.pyc, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\abc.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__init__.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\collections\__main__.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\dyld.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\dylib.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\fetch_macholib, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\fetch_macholib.bat, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\framework.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\README.ctypes, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ctypes\macholib\__init__.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\quopri.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\abc.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\argparse.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\base64.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\bisect.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\calendar.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\codecs.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\contextlib.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\copy.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\copyreg.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\datetime.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\decimal.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\dummy_threading.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\fnmatch.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\functools.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\genericpath.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\hashlib.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\heapq.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\hmac.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\io.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\keyword.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\linecache.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\locale.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\mimetypes.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ntpath.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\nturl2path.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\numbers.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\optparse.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\os.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\pickle.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\posixpath.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\random.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\re.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\reprlib.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\shutil.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\site.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\socket.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\sre_compile.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\sre_constants.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\sre_parse.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\ssl.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\stat.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\string.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\stringprep.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\struct.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\subprocess.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\sysconfig.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\tarfile.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\tempfile.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\textwrap.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\threading.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\token.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\tokenize.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\traceback.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\types.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\uu.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\warnings.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\weakref.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\_compat_pickle.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\_dummy_thread.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\_weakrefset.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\Lib\__future__.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\msvcr100.dll, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\python.exe, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\python\python33.dll, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\app.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\ml.py, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\path.txt, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk_upd\time.txt, Delete-on-Reboot, [57], [387141],1.0.1758
PUP.Optional.RussAd, C:\USERS\{username}\APPDATA\ROAMING\SETUPSK\UNINSTALL.EXE, Delete-on-Reboot, [12], [387127],1.0.1758
PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\ROAMING\SETUPSK\ML.PY, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\configs\rules.ini, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\configs\settings.ini, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\common.js, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\common.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\meech.js, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\meech.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\orm.js, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\orm.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\vkopt.js, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\vkopt.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\vk_lib.js, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\js\vk_lib.js.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\select.pyd, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\unicodedata.pyd, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\_ctypes.pyd, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\_socket.pyd, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\DLLs\_ssl.pyd, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\msvcr100.dll, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\python.exe, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\python.exe.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\python33.dll, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\python\pythonw.exe.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\httpfilter.bin, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\httpfilter.bin.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\httpfilter.py, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\httpfilter.py.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\id.txt, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\localconfig.json, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\ml.py.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\rules.ini, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\rules.ini.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\settings.ini, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\settings.ini.sha1, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\subid.txt, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.StartPage, C:\Users\{username}\AppData\Roaming\setupsk\time.txt, Delete-on-Reboot, [57], [381378],1.0.1758
PUP.Optional.RussAd, C:\USERS\{username}\DESKTOP\PYTHONPROXY.EXE, Delete-on-Reboot, [12], [387127],1.0.1758
PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\setupsk, Delete-on-Reboot, [57], [381379],1.0.1758
PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\setupsk_upd, Delete-on-Reboot, [57], [381379],1.0.1758

Physical Sector: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  •  

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.