Jump to content

Recommended Posts

  • Staff
What is Fast approach TT?

The Malwarebytes research team has determined that Fast approach TT is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by Fast approach TT?

You may see this entry in your list of installed programs and features:

warning4.png

and these warnings during install:

warning1.png

warning2.png

You may see this entry in your list of installed programs:

warning4.png

and this task in your Task Scheduler:

warning3.png

This is the associated Chrome extension:

warning5.png

and the details about its permissions:

warning6.png

How did Fast approach TT get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Fast approach TT?

Our program Malwarebytes can detect and remove this potentially unwanted program.
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Fast approach TT?
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
  • If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the Fast approach TT entry.
How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this adware.

As you can see below the full version of Malwarebytes would have protected you against the Fast approach TT adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late.


 

protection1.png


Technical details for experts

Possible signs in FRST logs:

 
 () C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe
 HKCU\...\Run: [adpighggolpekomhljmodbklekkbebac] => C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe [27648 2015-12-21] ()
 C:\Windows\System32\Tasks\adpighggolpekomhljmodbklekkbebac
 C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac

adpighggolpekomhljmodbklekkbebac (HKCU\...\adpighggolpekomhljmodbklekkbebac) (Version:  - )
Task: {A2EF9CEE-6DD7-4A3F-BD2D-78C9199F86A9} - System32\Tasks\adpighggolpekomhljmodbklekkbebac => C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe [2015-12-21] ()
The most significant alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac
       Adds the file adpighggolpekomhljmodbklekkbebac.crx"="4/6/2017 11:14 PM, 28192 bytes, A
       Adds the file brplugin.bin"="4/6/2017 11:14 PM, 432128 bytes, A
       Adds the file brplugin.py"="4/6/2017 11:14 PM, 17199 bytes, A
       Adds the file hash.txt"="4/6/2017 11:14 PM, 344 bytes, A
       Adds the file id.txt"="4/6/2017 11:14 PM, 32 bytes, A
       Adds the file launchall.py"="4/6/2017 11:14 PM, 17521 bytes, A
       Adds the file ml.py"="4/6/2017 11:14 PM, 27553 bytes, A
       Adds the file subid.txt"="5/4/2017 12:13 PM, 0 bytes, A
       Adds the file uninstall.exe"="5/4/2017 12:13 PM, 63493 bytes, A
       Adds the file uuid.txt"="5/4/2017 12:13 PM, 36 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python
       Adds the file msvcr100.dll"="2/19/2011 8:40 AM, 773968 bytes, A
       Adds the file python.exe"="12/21/2015 3:28 AM, 27136 bytes, A
       Adds the file python34.dll"="12/21/2015 3:28 AM, 2744320 bytes, A
       Adds the file pythonw.exe"="12/21/2015 3:28 AM, 27648 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs
       Adds the file _ctypes.pyd"="12/21/2015 3:28 AM, 85504 bytes, A
       Adds the file _socket.pyd"="12/21/2015 3:28 AM, 47104 bytes, A
       Adds the file _ssl.pyd"="12/21/2015 3:29 AM, 1331200 bytes, A
       Adds the file select.pyd"="12/21/2015 3:28 AM, 9728 bytes, A
       Adds the file unicodedata.pyd"="12/21/2015 3:28 AM, 758784 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections
       Adds the file __init__.py"="12/7/2015 12:25 AM, 44543 bytes, A
       Adds the file __main__.py"="8/1/2012 7:05 PM, 1313 bytes, A
       Adds the file abc.py"="10/21/2013 3:16 AM, 70 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\__pycache__
       Adds the file __init__.cpython-34.pyc"="5/4/2017 12:13 PM, 45688 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes
       Adds the file __init__.py"="9/22/2014 5:03 AM, 17561 bytes, A
       Adds the file _endian.py"="3/26/2012 6:48 AM, 2013 bytes, A
       Adds the file util.py"="5/1/2014 10:21 PM, 9257 bytes, A
       Adds the file wintypes.py"="3/26/2012 6:48 AM, 5830 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\__pycache__
       Adds the file __init__.cpython-34.pyc"="11/25/2016 8:15 PM, 17756 bytes, A
       Adds the file _endian.cpython-34.pyc"="11/25/2016 8:15 PM, 2077 bytes, A
       Adds the file util.cpython-34.pyc"="5/4/2017 12:13 PM, 7121 bytes, A
       Adds the file wintypes.cpython-34.pyc"="11/25/2016 8:15 PM, 5780 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib
       Adds the file __init__.py"="3/26/2012 6:48 AM, 163 bytes, A
       Adds the file dyld.py"="3/26/2012 6:48 AM, 5065 bytes, A
       Adds the file dylib.py"="3/26/2012 6:48 AM, 1891 bytes, A
       Adds the file fetch_macholib"="5/7/2011 10:03 PM, 86 bytes, A
       Adds the file fetch_macholib.bat"="12/7/2015 12:25 AM, 75 bytes, A
       Adds the file framework.py"="3/26/2012 6:48 AM, 2266 bytes, A
       Adds the file README.ctypes"="5/7/2011 10:03 PM, 302 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime
       Adds the file __init__.py"="5/7/2011 10:04 PM, 0 bytes, A
       Adds the file application.py"="5/7/2011 10:04 PM, 1292 bytes, A
       Adds the file audio.py"="3/26/2012 6:48 AM, 2747 bytes, A
       Adds the file base.py"="5/7/2011 10:04 PM, 820 bytes, A
       Adds the file image.py"="5/7/2011 10:04 PM, 1810 bytes, A
       Adds the file message.py"="5/7/2011 10:04 PM, 1320 bytes, A
       Adds the file multipart.py"="5/7/2011 10:04 PM, 1620 bytes, A
       Adds the file nonmultipart.py"="2/8/2015 6:39 PM, 713 bytes, A
       Adds the file text.py"="5/1/2014 10:21 PM, 1408 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings\__pycache__
       Adds the file __init__.cpython-34.pyc"="11/25/2016 8:14 PM, 3912 bytes, A
       Adds the file aliases.cpython-34.pyc"="11/25/2016 8:14 PM, 7861 bytes, A
       Adds the file cp1251.cpython-34.pyc"="11/25/2016 8:14 PM, 2609 bytes, A
       Adds the file cp1252.cpython-34.pyc"="5/4/2017 12:13 PM, 2618 bytes, A
       Adds the file cp866.cpython-34.pyc"="11/25/2016 8:14 PM, 8038 bytes, A
       Adds the file idna.cpython-34.pyc"="5/4/2017 12:13 PM, 6579 bytes, A
       Adds the file latin_1.cpython-34.pyc"="11/25/2016 8:14 PM, 2060 bytes, A
       Adds the file mbcs.cpython-34.pyc"="11/25/2016 8:14 PM, 1829 bytes, A
       Adds the file utf_16.cpython-34.pyc"="5/4/2017 12:13 PM, 5292 bytes, A
       Adds the file utf_8.cpython-34.pyc"="11/25/2016 8:14 PM, 1748 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http
       Adds the file __init__.py"="3/26/2012 6:48 AM, 39 bytes, A
       Adds the file client.py"="12/7/2015 12:25 AM, 49238 bytes, A
       Adds the file cookiejar.py"="12/7/2015 12:25 AM, 78423 bytes, A
       Adds the file cookies.py"="12/7/2015 12:25 AM, 21667 bytes, A
       Adds the file server.py"="12/7/2015 12:25 AM, 47626 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http\__pycache__
       Adds the file __init__.cpython-34.pyc"="5/4/2017 12:13 PM, 178 bytes, A
       Adds the file client.cpython-34.pyc"="5/4/2017 12:13 PM, 33281 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json
       Adds the file __init__.py"="12/7/2015 12:25 AM, 13576 bytes, A
       Adds the file decoder.py"="1/2/2014 7:44 PM, 13125 bytes, A
       Adds the file encoder.py"="9/9/2013 3:35 AM, 16221 bytes, A
       Adds the file scanner.py"="8/4/2013 6:54 AM, 2489 bytes, A
       Adds the file tool.py"="6/23/2014 6:50 AM, 993 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes
       Adds the file __init__.py"="9/21/2016 4:14 AM, 895 bytes, A
       Adds the file dnskeybase.py"="9/21/2016 4:14 AM, 4387 bytes, A
       Adds the file dsbase.py"="9/21/2016 4:14 AM, 3081 bytes, A
       Adds the file euibase.py"="9/21/2016 4:14 AM, 2746 bytes, A
       Adds the file mxbase.py"="9/21/2016 4:14 AM, 3660 bytes, A
       Adds the file nsbase.py"="9/21/2016 4:14 AM, 2851 bytes, A
       Adds the file txtbase.py"="9/21/2016 4:14 AM, 3040 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN
       Adds the file __init__.py"="9/21/2016 4:14 AM, 965 bytes, A
       Adds the file A.py"="9/21/2016 4:14 AM, 1854 bytes, A
       Adds the file AAAA.py"="9/21/2016 4:14 AM, 1939 bytes, A
       Adds the file APL.py"="9/21/2016 4:14 AM, 5250 bytes, A
       Adds the file DHCID.py"="9/21/2016 4:14 AM, 2020 bytes, A
       Adds the file IPSECKEY.py"="9/21/2016 4:14 AM, 5682 bytes, A
       Adds the file KX.py"="9/21/2016 4:14 AM, 881 bytes, A
       Adds the file NAPTR.py"="9/21/2016 4:14 AM, 4470 bytes, A
       Adds the file NSAP.py"="9/21/2016 4:14 AM, 2080 bytes, A
       Adds the file NSAP_PTR.py"="9/21/2016 4:14 AM, 893 bytes, A
       Adds the file PX.py"="9/21/2016 4:14 AM, 3394 bytes, A
       Adds the file SRV.py"="9/21/2016 4:14 AM, 3054 bytes, A
       Adds the file WKS.py"="9/21/2016 4:14 AM, 3812 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN\__pycache__
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib
       Adds the file __init__.py"="3/26/2012 6:49 AM, 0 bytes, A
       Adds the file error.py"="3/19/2013 8:47 AM, 2743 bytes, A
       Adds the file parse.py"="2/8/2015 6:39 PM, 36221 bytes, A
       Adds the file request.py"="12/7/2015 12:25 AM, 95648 bytes, A
       Adds the file response.py"="12/7/2015 12:25 AM, 2379 bytes, A
       Adds the file robotparser.py"="6/23/2014 6:50 AM, 7176 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib\__pycache__
       Adds the file __init__.cpython-34.pyc"="5/4/2017 12:13 PM, 180 bytes, A
       Adds the file error.cpython-34.pyc"="5/4/2017 12:13 PM, 2728 bytes, A
       Adds the file parse.cpython-34.pyc"="5/4/2017 12:13 PM, 30851 bytes, A
       Adds the file request.cpython-34.pyc"="5/4/2017 12:13 PM, 74129 bytes, A
       Adds the file response.cpython-34.pyc"="5/4/2017 12:13 PM, 3446 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file adpighggolpekomhljmodbklekkbebac"="5/4/2017 12:14 PM, 3662 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\adpighggolpekomhljmodbklekkbebac]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "adpighggolpekomhljmodbklekkbebac"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe" "C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\ml.py" --APPNAME="adpighggolpekomhljmodbklekkbebac""
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\adpighggolpekomhljmodbklekkbebac]
       "DisplayName"="REG_SZ", "adpighggolpekomhljmodbklekkbebac"
       "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\uninstall.exe"
Malwarebytes log:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/4/17
Scan Time: 12:31 PM
Logfile: mbamPythonExtension.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1866
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329746
Time Elapsed: 2 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe, Quarantined, [1358], [389396],1.0.1866

Module: 7
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\unicodedata.pyd, Quarantined, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ctypes.pyd, Quarantined, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_socket.pyd, Quarantined, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ssl.pyd, Quarantined, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\msvcr100.dll, Quarantined, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\python34.dll, Quarantined, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe, Quarantined, [1358], [389396],1.0.1866

Registry Key: 1
Adware.Agent.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\adpighggolpekomhljmodbklekkbebac, Delete-on-Reboot, [1358], [389396],1.0.1866

Registry Value: 1
Adware.Agent.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|adpighggolpekomhljmodbklekkbebac, Delete-on-Reboot, [1358], [389396],1.0.1866

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 38
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_locales\en, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_metadata, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_locales, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC, Delete-on-Reboot, [58], [389392],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\USERS\{username}\APPDATA\ROAMING\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC, Delete-on-Reboot, [1358], [389396],1.0.1866

File: 474
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_locales\en\messages.json, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_metadata\computed_hashes.json, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_metadata\verified_contents.json, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\128x128.png, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\19x19.png, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\38x38.png, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\48x48.png, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\64x64.png, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\cs.js, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\manifest.json, Delete-on-Reboot, [58], [389392],1.0.1866
PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\popup.html, Delete-on-Reboot, [58], [389392],1.0.1866
Adware.Agent.Generic, C:\USERS\{username}\APPDATA\ROAMING\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC.CRX, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\select.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\unicodedata.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ctypes.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_socket.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ssl.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\__pycache__\__init__.cpython-34.pyc, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\abc.py, Delete-on-Reboot, [1358], [389396],1.0.1866

Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\_compat_pickle.py, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\_dummy_thread.py, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\_sitebuiltins.py, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\_weakrefset.py, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\__future__.py, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\msvcr100.dll, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\python.exe, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\python34.dll, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\brplugin.bin, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\brplugin.py, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\hash.txt, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\id.txt, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\launchall.py, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\ml.py, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\subid.txt, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\time.txt, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\uninstall.exe, Delete-on-Reboot, [1358], [389396],1.0.1866
Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\uuid.txt, Delete-on-Reboot, [1358], [389396],1.0.1866
Trojan.Agent.Python, C:\USERS\{username}\DESKTOP\B45BAF964E244E67E38A32C8E50A2E09.EXE, Delete-on-Reboot, [9112], [389379],1.0.1866
PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC, Delete-on-Reboot, [58], [391191],1.0.1866

Physical Sector: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.