Jump to content

Recommended Posts

What is Searchband?

The Malwarebytes research team has determined that Searchband is a swearch hijacker. These so-called "hijackers" manipulate your searches, for example to change your startpage or searchscopes.
This particular one creates a search box in your Windows taskbar.

How do I know if my computer is affected by Searchband?

You may see this entry in your list of installed software:

warning4.png

and this warning during install:

warning1.png

this Scheduled Task:

warning3.png

and you will see this search box in your taskbar:

main.png

How did Searchband get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Searchband?

Our program Malwarebytes can detect and remove this potentially unwanted program.

  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

Is there anything else I need to do to get rid of Searchband?

  • No, Malwarebytes removes Searchband completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes would have protected you against the Searchband hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
 

protection1.png


Technical details for experts

Possible signs in FRST logs:
 

(Yandex LLC) C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandapp64.exe
HKCU\...\Run: [YandexSearchBand] => C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandapp64.exe [3623928 2018-08-21] (Yandex LLC)
C:\Windows\System32\Tasks\Yandex.Stroka.User.S-1-5-21-{userid}
C:\Users\{username}\AppData\Roaming\Yandex
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Голосовой помощник Алиса
C:\Users\{username}\AppData\Local\Yandex
(Microsoft Corporation) C:\Users\{username}\Desktop\yandex-alice.exe

Голосовой помощник Алиса (HKLM-x32\...\{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}) (Version: 4.6.0.1790 - Яндекс)
Task: {2D4DC59B-C068-4924-B3EB-21740B8CA1FF} - System32\Tasks\Yandex.Stroka.User.S-1-5-21-{userid} => C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandapp64.exe [2018-08-21] (Yandex LLC)
() C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\speechkitlib64.dll

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand
       Adds the file crashreporter64.exe.log"="10/5/2018 9:01 AM, 356 bytes, A
       Adds the file searchband64.dll.log"="10/5/2018 9:01 AM, 570 bytes, A
       Adds the file searchbandapp.exe.log"="10/5/2018 9:01 AM, 1522 bytes, A
       Adds the file searchbandapp64.exe.log"="10/5/2018 9:03 AM, 1126 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790
       Adds the file crashreporter64.exe"="8/21/2018 1:22 PM, 1335800 bytes, A
       Adds the file searchband64.dll"="8/21/2018 1:22 PM, 6829048 bytes, A
       Adds the file searchbandapp64.exe"="8/21/2018 1:22 PM, 3623928 bytes, A
       Adds the file searchbandcf64.exe"="8/21/2018 1:22 PM, 1397752 bytes, A
       Adds the file speechkitlib64.dll"="8/21/2018 1:22 PM, 5839864 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about
       Adds the file config.json"="10/5/2018 9:01 AM, 1518 bytes, A
       Adds the file vendor-fallback.xml"="10/5/2018 9:01 AM, 227 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon
       Adds the file wakeup.json"="10/5/2018 9:01 AM, 83 bytes, A
       Adds the file wakeup1.json"="10/5/2018 9:01 AM, 828 bytes, A
       Adds the file wakeup2.json"="10/5/2018 9:01 AM, 849 bytes, A
       Adds the file wakeup3.json"="10/5/2018 9:01 AM, 902 bytes, A
       Adds the file wakeup4.json"="10/5/2018 9:01 AM, 842 bytes, A
       Adds the file wakeup5.json"="10/5/2018 9:01 AM, 896 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings
       Adds the file 1.json"="10/5/2018 9:01 AM, 526 bytes, A
       Adds the file 10.json"="10/5/2018 9:01 AM, 536 bytes, A
       Adds the file 11.json"="10/5/2018 9:01 AM, 529 bytes, A
       Adds the file 2.json"="10/5/2018 9:01 AM, 775 bytes, A
       Adds the file 3.json"="10/5/2018 9:01 AM, 524 bytes, A
       Adds the file 4.json"="10/5/2018 9:01 AM, 524 bytes, A
       Adds the file default.json"="10/5/2018 9:01 AM, 522 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software
       Adds the file answers.data"="10/5/2018 9:01 AM, 84506 bytes, A
       Adds the file description.data"="10/5/2018 9:01 AM, 1008 bytes, A
       Adds the file extrawords.data"="10/5/2018 9:01 AM, 23 bytes, A
       Adds the file inputs.data"="10/5/2018 9:01 AM, 396295 bytes, A
       Adds the file weights.data"="10/5/2018 9:01 AM, 104974 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo
       Adds the file defaultThumbs.json"="10/5/2018 9:01 AM, 3641 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voice
       Adds the file incomplete.txt"="10/5/2018 9:01 AM, 1818 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation
       Adds the file words.json"="10/5/2018 9:01 AM, 160 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice
       Adds the file acoustic_model.nnet"="10/5/2018 9:01 AM, 293311 bytes, A
       Adds the file flags.txt"="10/5/2018 9:01 AM, 406 bytes, A
       Adds the file words.txt"="10/5/2018 9:01 AM, 85 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex
       Adds the file acoustic_model.nnet"="10/5/2018 9:01 AM, 1057404 bytes, A
       Adds the file flags.txt"="10/5/2018 9:01 AM, 408 bytes, A
       Adds the file lda.mat"="10/5/2018 9:01 AM, 14575 bytes, A
       Adds the file words.txt"="10/5/2018 9:01 AM, 72 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple
       Adds the file acoustic_model.nnet"="10/5/2018 9:01 AM, 896370 bytes, A
       Adds the file flags.txt"="10/5/2018 9:01 AM, 436 bytes, A
       Adds the file words.txt"="10/5/2018 9:01 AM, 85 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data
       Adds the file balloon.css"="10/5/2018 9:01 AM, 44282 bytes, A
       Adds the file balloon.html"="10/5/2018 9:01 AM, 397 bytes, A
       Adds the file balloon.js"="10/5/2018 9:01 AM, 424974 bytes, A
       Adds the file main.css"="10/5/2018 9:01 AM, 110219 bytes, A
       Adds the file main.html"="10/5/2018 9:01 AM, 391 bytes, A
       Adds the file main.js"="10/5/2018 9:01 AM, 1004874 bytes, A
       Adds the file preview.css"="10/5/2018 9:01 AM, 18539 bytes, A
       Adds the file preview.html"="10/5/2018 9:01 AM, 397 bytes, A
       Adds the file preview.js"="10/5/2018 9:01 AM, 417589 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8
       Adds the file index.html"="10/5/2018 9:01 AM, 6305 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i
       Adds the file logo.png"="10/5/2018 9:01 AM, 7267 bytes, A
       Adds the file progress-tile.png"="10/5/2018 9:01 AM, 154 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Dumps
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Installer
       Adds the file branding.zip"="8/21/2018 1:22 PM, 2290919 bytes, A
       Adds the file crashreporter.exe"="8/21/2018 1:22 PM, 1130488 bytes, A
       Adds the file crashreporter64.exe"="8/21/2018 1:22 PM, 1335800 bytes, A
       Adds the file data.zip"="8/21/2018 1:22 PM, 752026 bytes, A
       Adds the file searchband.dll"="8/21/2018 1:22 PM, 5532152 bytes, A
       Adds the file searchband64.dll"="8/21/2018 1:22 PM, 6829048 bytes, A
       Adds the file searchbandapp.exe"="8/21/2018 1:22 PM, 2926072 bytes, A
       Adds the file searchbandapp64.exe"="8/21/2018 1:22 PM, 3623928 bytes, A
       Adds the file searchbandcf.exe"="8/21/2018 1:22 PM, 1097208 bytes, A
       Adds the file searchbandcf64.exe"="8/21/2018 1:22 PM, 1397752 bytes, A
       Adds the file speechkitlib.dll"="8/21/2018 1:22 PM, 4404216 bytes, A
       Adds the file speechkitlib64.dll"="8/21/2018 1:22 PM, 5839864 bytes, A
       Adds the file TBD7B5A.tmp"="8/21/2018 1:22 PM, 2926072 bytes, A
       Adds the file TBD9540.tmp"="8/21/2018 1:22 PM, 2926072 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Updater
       Adds the file SearchBand.json"="10/5/2018 9:01 AM, 225 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\Updater\Temporary-Files
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData
       Adds the file Thumbs.json"="10/5/2018 9:29 AM, 14294 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData\Browser
       Adds the file {0F349F5F-BFF3-403E-8C65-09F2109742DC}-shm"="10/5/2018 9:01 AM, 32768 bytes, A
       Adds the file {0F349F5F-BFF3-403E-8C65-09F2109742DC}-wal"="10/5/2018 9:01 AM, 0 bytes, A
       Adds the file {22988AC3-91BF-463C-8BB2-C9255F2BD3CE}-shm"="10/5/2018 9:29 AM, 32768 bytes, A
       Adds the file {22988AC3-91BF-463C-8BB2-C9255F2BD3CE}-wal"="10/5/2018 9:29 AM, 0 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData\Favicon
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData\JsonStore
    Adds the folder C:\Users\{username}\AppData\Local\Yandex\SearchBand\UserData\Logo
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Installer\{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}
       Adds the file searchband.ico"="10/5/2018 9:01 AM, 126160 bytes, RA
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Голосовой помощник Алиса
       Adds the file Голосовой помощник Алиса.lnk"="10/5/2018 9:01 AM, 1517 bytes, A
       Adds the file Помощь.url"="10/5/2018 9:01 AM, 140 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Yandex
       Adds the file clids-searchband.xml"="10/5/2018 9:01 AM, 223 bytes, A
       Adds the file ui"="10/5/2018 8:59 AM, 38 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file Yandex.Stroka.User.S-1-5-21-{userid}"="10/5/2018 9:01 AM, 3210 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}]
       "AuthorizedCDFPrefix"="REG_SZ", ""
       "Comments"="REG_SZ", ""
       "Contact"="REG_SZ", ""
       "DisplayName"="REG_SZ", "Голосовой помощник Алиса"
       "DisplayVersion"="REG_SZ", "4.6.0.1790"
       "EstimatedSize"="REG_DWORD", 36294
       "HelpLink"="REG_SZ", ""
       "HelpTelephone"="REG_SZ", ""
       "InstallDate"="REG_SZ", "20181005"
       "InstallLocation"="REG_SZ", ""
       "InstallSource"="REG_SZ", "C:\Users\{username}\AppData\Local\Temp\{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}\"
       "Language"="REG_DWORD", 1049
       "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}"
       "Publisher"="REG_SZ", "Яндекс"
       "Readme"="REG_SZ", ""
       "Size"="REG_SZ", ""
       "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{8F2A70BE-546D-47A9-BFF1-D4BC8472134B}"
       "URLInfoAbout"="REG_SZ", ""
       "URLUpdateInfo"="REG_SZ", ""
       "Version"="REG_DWORD", 67502080
       "VersionMajor"="REG_DWORD", 4
       "VersionMinor"="REG_DWORD", 6
       "WindowsInstaller"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\AppDataLow\Yandex]
       "UICreated_{username}"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "YandexSearchBand"="REG_SZ", ""C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandapp64.exe" /auto"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows Media Foundation\SchemeHandlers\yapp-searchband:]
       "{9EC4B4F9-3029-45AD-947B-344DE2A249E2}"="REG_SZ", "Urlmon Scheme Handler"
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand]
       "FirstRun"="REG_DWORD", 0
       "InstallSource"="REG_SZ", "Normal"
       "ProductCode"="REG_SZ", "{8f2a70be-546d-47a9-bff1-d4bc8472134b}"
       "SpeechUuid"="REG_SZ", "9B78D20045F048C8A48C42D08176CCBA"
       "Version"="REG_SZ", "4.6.0.1790"
       "WelcomeShown"="REG_DWORD", 1
       "YandexUid"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\AutoComplete]
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Cef]
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\External]
       "Enabled"="REG_DWORD", 1
       "PopupType"="REG_SZ", "TaskBar"
       "VoiceActivation"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\InstallerSettings]
       "BandMode"="REG_SZ", "Band"
       "BandPosition"="REG_SZ", "StartMenu"
       "ShowWelcome"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Settings]
       "BandIndex"="REG_DWORD", 0
       "CreateStartMenuItems"="REG_DWORD", 1
       "ExpandToEditBoxAfterClick"="REG_DWORD", 0
       "ExpandToEditBoxAfterHide"="REG_DWORD", 0
       "FileOpenMode"="REG_DWORD", 0
       "FullSpotterType"="REG_DWORD", 0
       "FullSuggest"="REG_DWORD", 0
       "IconMode"="REG_DWORD", 0
       "IndexExtensionMode"="REG_DWORD", 1
       "LangId"="REG_DWORD", 1049
       "Matrixnet.Enabled"="REG_DWORD", 1
       "Microphone"="REG_SZ", ""
       "SearchBandMode"="REG_DWORD", 0
       "SearchHotkey"="REG_DWORD", 131264
       "ShowTutorialOnFirstRun"="REG_DWORD", 1
       "SpeechHotkey"="REG_DWORD", 0
       "StartMenuFolder"="REG_SZ", "Голосовой помощник Алиса"
       "Vocalizer"="REG_DWORD", 1
       "VoiceActivation"="REG_DWORD", 0
       "VoiceActivation.Reason"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic]
       "UserId"="REG_SZ", "{62EAAD26-C0DC-445C-A03D-D5BACB2B53CC}"
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\BarNavig]
       "r1"="REG_SZ", "pgqxfikdthuxbvlrafjuqitfbjnxvvhvmasttmhkpxymynkpaeijvmuvafyxrfevexcbpchfcaoknkbthmsbeodnxqxynamogunvac1dff29110fff4bbb83ad953003bfb1"
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Batch]
       "LastSendTime"="REG_QWORD, ....
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Browser]
       "LastUpdateTime"="REG_QWORD, ....
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Clids]
       "clid1"="REG_SZ", "2309176"
       "clid100006"="REG_SZ", "2309179"
       "clid22"="REG_SZ", "2309177"
       "clid24"="REG_SZ", "2309178"
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Crashes]
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\DayUse]
       "FirstInstallTime"="REG_QWORD, ....
       "LastSendTimeKeyName"="REG_QWORD, ....
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Redir]
       "LastSendTimeKeyName"="REG_QWORD, ....
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Statistic\Usage]
       "LastActivation"="REG_QWORD, ....
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Tutorials\MicHint]
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Tutorials\Wakeup]
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Updater]
       "NextCheckTime"="REG_QWORD, ....
    [HKEY_CURRENT_USER\Software\Yandex\SearchBand\Updater\SearchBand]
    [HKEY_CURRENT_USER\Software\Yandex\YandexBrowser]

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/5/18
Scan Time: 9:55 AM
Log File: fc9152da-c873-11e8-9de5-00ffdcc6fdfc.json

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.441
Update Package Version: 1.0.7193
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 238865
Threats Detected: 154
Threats Quarantined: 154
Time Elapsed: 2 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION\4.6.0.1790\searchbandapp64.exe, Quarantined, [5092], [575166],1.0.7193

Module: 4
PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION\4.6.0.1790\searchbandapp64.exe, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchband64.dll, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchband64.dll, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\speechkitlib64.dll, Quarantined, [5092], [575166],1.0.7193

Registry Key: 6
PUP.Optional.SearchBand.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF}, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF}, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [-1],0.0.0
PUP.Optional.SearchBand.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF}, Quarantined, [5092], [-1],0.0.0
PUP.Optional.SearchBand.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D4DC59B-C068-4924-B3EB-21740B8CA1FF}, Quarantined, [5092], [-1],0.0.0

Registry Value: 1
PUP.Optional.SearchBand.TskLnk, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YandexSearchBand, Quarantined, [5092], [575166],1.0.7193

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 19
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voice, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION, Quarantined, [5092], [575166],1.0.7193

File: 123
PUP.Optional.SearchBand.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\USERS\{username}\APPDATA\LOCAL\YANDEX\SEARCHBAND\APPLICATION\4.6.0.1790\searchbandapp64.exe, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about\config.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\about\vendor-fallback.xml, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup1.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup2.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup3.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup4.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\balloon\wakeup5.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\1.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\10.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\11.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\2.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\3.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\4.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\settings\default.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\answers.data, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\description.data, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\extrawords.data, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\inputs.data, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\software\weights.data, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\afisha.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\auto.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\direct.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\disk.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\img.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\kinopoisk.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\mail.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\maps.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\market.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\metrika.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\money.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\morda.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\music.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\news.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\pogoda.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\radio.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\rasp.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\realty.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\taxi.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\translate.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\tv.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\Favicons\video.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\tablo\defaultThumbs.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voice\incomplete.txt, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice\acoustic_model.nnet, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice\flags.txt, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-alice\words.txt, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\acoustic_model.nnet, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\flags.txt, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\lda.mat, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\full-yandex\words.txt, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple\acoustic_model.nnet, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple\flags.txt, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\simple\words.txt, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\branding\voiceactivation\words.json, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i\logo.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\i\progress-tile.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\ie8\index.html, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\05ebde31d097a7cb947e941402987f88.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\09a67bdfb3d6315077ef5bd608586d41.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\0c1ca1fa4ee14fc7d189a6fcc0fee9a0.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\135f8b81c9fe10c0a0abdd714ad2bb88.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\16e2c4c4cae50612e5fed914b6f6bb11.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\18e12bbdd7a3716b43990ee2cb6ac9d1.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\1a402b4c9b17fa169ddbcee02ef3d298.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\354da2a21800375b9f68d0f03e4b7d55.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\365dd4aeeae5279d5cec696951169f4f.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\446208ea1da603f383d8216cd18b54ee.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\45e7c9e1692e4e6df8c2a0d643345732.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\5f6e4fac39fa157b058dfce66ea6d7fa.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\6610a8dc2cfe54de2b19ab4214ead921.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\6e9b93dde9718df37f4e6304b6014ab1.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\7029ca87143ab943537b5eefc95e3785.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\705e136143277c2986432b3617a90ea4.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\7665739267487d44c45b501fc28deffc.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\82914e6e48bde41be1820ae9f01725cb.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\83b9610648bb8e32cc2b3ff26c9fa655.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\843251ab9da9020210c44ec4b6115a57.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\84e614c36b5387bf6811f78cabf97511.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\8aab37c8cce590b49bf63c37ccb9f0d6.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\91c0a7601e9958fef7c3f05a1d5693ca.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\99065624d956ef8a61df41abc594dbb9.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\9d88e20f12a4df66cd3b8b3477c9de95.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\a5205d97098c6aef2da90a934d66c150.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\a7ea87c33b6715a005cc448f3f129244.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\a8c1c69dac3c019bd7016b58dc14ab0e.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\ac587ed0e8ea1139fa0704e707272f44.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\b1c1bfca7034c4201c272afab0794c32.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\b22a7f76af40da6ed9940bbf8c4658e1.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\c6bd8974ea95cd62a4427c3bb283a542.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\c7ebe7cb007f484cedbfb04665012d52.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\ca1c2de513123b9d989dafdb0151172b.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\cb24e221adff8604b5cafba027f67eb2.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\27da3903bb8f8292458cfd3ec9e13caf.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\89207d028c6f4f81b8dde2f26f7c05b9.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\cf982a1997e07c536b52c867148a038f.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d06f80b701405cb4db73c8745dd67190.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d34a00b16e3c44485da521109eb36d15.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d39cf5eced58c4c1c7b686e294282d98.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d536f62048a877be0c1ab666926a7577.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\d83248271354a95812977167fd606336.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\dc5f0131e9d900956d1c3655e719161c.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\de2a7ef02ba3694da6fffef0d30ae1e1.png, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\e8d9818135c3fe3b010b3036bd0f7cc5.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\f0e108732dad78b133924628871f6bba.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\f9fa33e3d4f5dc6080093b7826005cbb.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\resources\images\fa5d20b33de423cdb2aa0f865f00bd26.svg, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\balloon.css, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\balloon.html, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\balloon.js, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\main.css, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\main.html, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\main.js, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\preview.css, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\preview.html, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\data\preview.js, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\crashreporter64.exe, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchband64.dll, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\searchbandcf64.exe, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\Users\{username}\AppData\Local\Yandex\SearchBand\Application\4.6.0.1790\speechkitlib64.dll, Quarantined, [5092], [575166],1.0.7193
PUP.Optional.SearchBand.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Yandex.Stroka.User.S-1-5-21-{userid}, Quarantined, [5092], [-1],0.0.0

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected. 

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.