Jump to content

Recommended Posts

  • Staff

What is FolderSecure?

FolderSecure is a filesystem protector that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.

How do I know if I am affected by FolderSecure?

This is how the main screen of the filesystem protector looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this type of windows during install:

warning1.png

warning2.png

and this type of screens during operations:

warning5.png

warning6.png

You may see this entry in your list of installed programs:

warning4.png

How did FolderSecure get on my computer?

These so-called filesystem protectors use different methods of getting installed. This particular one was downloaded from their website.

website.png

How do I remove FolderSecure?

Our program Malwarebytes can detect and remove this PUP.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of FolderSecure?

  • No, Malwarebytes removes FolderSecure completely.

What if I want to keep FolderSecure?

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary files or folder(s) that belong to the software.

If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you in dealing with this filesystem protector.

As you can see below the full version of Malwarebytes would have warned you against the FolderSecure installer.
 

protection1.png

 

Technical details for experts

You may see these entries in FRST logs:


 

(Max Secure Software India Private Ltd. -> Max Secure Software) C:\Program Files\Folder Secure\FSecure_GUI.exe
(Max Secure Software India Private Ltd. -> Max Secure Software) C:\Program Files\Folder Secure\FSecure_PD.exe
(Max Secure Software India Private Ltd. -> Max Secure Software) C:\Program Files\Folder Secure\MSVistaService.exe
HKCU\...\Run: [MaxDownloadMgr] => C:\Users\{username}\Desktop\MaxfoldersecureDM.exe [577624 2021-05-11] (Max Secure Software India Pvt. Ltd. -> Max Secure Software)
R2 MSVistaSvc; C:\Program Files\Folder Secure\MSVistaService.exe [430872 2019-08-01] (Max Secure Software India Private Ltd. -> Max Secure Software)
S2 FolderSecure; C:\Windows\System32\drivers\FolderSecure.sys [36120 2019-08-01] (Max Secure Software India Private Ltd. -> )
C:\Users\Public\Desktop\FolderSecure.lnk
C:\ProgramData\Desktop\FolderSecure.lnk
C:\Windows\system32\FSecure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Secure
C:\ProgramData\Max Secure
C:\Program Files\Folder Secure
C:\Windows\system32\Drivers\FolderSecure.sys
(Max Secure Software ) C:\Users\{username}\Desktop\foldersecurex64.exe
C:\Users\{username}\AppData\Local\Max Secure Software
(Max Secure Software) C:\Users\{username}\Desktop\MaxfoldersecureDM.exe

FolderSecure (HKLM\...\{7D40F884-ACA2-4F81-974D-38EC1890A564}_is1) (Version: 2.4 - Max Secure Software)
ContextMenuHandlers1: [ShellExt] -> {CB90FAC3-D165-4AFC-92F0-365D11D1EE9C} => C:\Program Files\Folder Secure\MFG_ShellExt.dll [2019-08-01] (Max Secure Software India Private Ltd. -> Max Secure Software)
ContextMenuHandlers4: [ShellExt] -> {CB90FAC3-D165-4AFC-92F0-365D11D1EE9C} => C:\Program Files\Folder Secure\MFG_ShellExt.dll [2019-08-01] (Max Secure Software India Private Ltd. -> Max Secure Software)

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files\Folder Secure
       Adds the file CheckDll.dll"="8/1/2019 11:59 AM, 844056 bytes, A
       Adds the file FileGuardTips.dll"="8/1/2019 12:00 PM, 357656 bytes, A
       Adds the file FSecure_GUI.exe"="8/1/2019 12:00 PM, 1488152 bytes, A
       Adds the file FSecure_PD.exe"="8/1/2019 12:00 PM, 855320 bytes, A
       Adds the file FSecureHelp.chm"="5/23/2013 12:08 PM, 119517 bytes, A
       Adds the file HookNTQSI.dll"="8/1/2019 12:00 PM, 194840 bytes, A
       Adds the file logo.ico"="5/23/2013 12:08 PM, 7194 bytes, A
       Adds the file MFG_ShellExt.dll"="8/1/2019 12:00 PM, 323352 bytes, A
       Adds the file MSVistaService.exe"="8/1/2019 12:00 PM, 430872 bytes, A
       Adds the file Remove.dll"="8/1/2019 11:59 AM, 324376 bytes, A
       Adds the file unins000.dat"="5/11/2021 8:45 AM, 7328 bytes, A
       Adds the file unins000.exe"="5/11/2021 8:44 AM, 735000 bytes, A
       Adds the file unins000.msg"="5/11/2021 8:45 AM, 11401 bytes, A
       Adds the file VchRegX64.dll"="8/1/2019 10:54 AM, 1548056 bytes, A
       Adds the file VoucherLog.txt"="5/11/2021 8:46 AM, 4552 bytes, A
    Adds the folder C:\ProgramData\Max Secure\Max PC Secure
       Adds the file SysFS.dll"="5/11/2021 8:46 AM, 63 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Max Secure Software\MaxDownloadTemp
       Adds the file maxdownloader.log"="5/11/2021 8:47 AM, 23792 bytes, A
    In the existing folder C:\Users\{username}\Desktop
       Adds the file foldersecurex64.exe"="5/11/2021 8:43 AM, 2998536 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file FolderSecure.lnk"="5/11/2021 8:45 AM, 862 bytes, A
    In the existing folder C:\Windows
       Adds the file isRS-000.tmp"="5/11/2021 8:45 AM, 735000 bytes, A
       Adds the file system32RegistryCleaner.txt"="5/11/2021 8:45 AM, 120 bytes, A
    In the existing folder C:\Windows\system
       Adds the file SysFS.dll"="5/23/2013 12:08 PM, 0 bytes, A
    In the existing folder C:\Windows\System32
       Alters the file 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        5/11/2021 8:32 AM, 30880 bytes, HA ==> 5/11/2021 8:42 AM, 30880 bytes, HA
       Alters the file 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        5/11/2021 8:32 AM, 30880 bytes, HA ==> 5/11/2021 8:42 AM, 30880 bytes, HA
       Adds the file MFC71.dll"="5/23/2013 12:08 PM, 1060864 bytes, A
       Adds the file MSVCI70.DLL"="5/23/2013 12:08 PM, 54784 bytes, A
       Adds the file msvcp71.dll"="5/23/2013 12:08 PM, 499712 bytes, A
       Adds the file msvcr71.dll"="5/23/2013 12:08 PM, 348160 bytes, A
    In the existing folder C:\Windows\System32\drivers
       Adds the file FolderSecure.sys"="8/1/2019 12:06 PM, 36120 bytes, A
    Adds the folder C:\Windows\System32\FSecure
       Adds the file F_PD.ini"="5/23/2013 12:08 PM, 0 bytes, A
       Adds the file FiLeOCK.ini"="5/23/2013 12:08 PM, 0 bytes, A
       Adds the file FSecure_PD.ini"="5/23/2013 12:08 PM, 54 bytes, A
       Adds the file Tips.txt"="5/23/2013 12:08 PM, 582 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ShellExt]
       "(Default)"="REG_SZ", "{CB90FAC3-D165-4AFC-92F0-365D11D1EE9C}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{16C655EF-0B08-4789-8D3C-4FB15A79C5BA}]
       "(Default)"="REG_SZ", "MFG_ShellExt"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{18A66A06-1894-4813-8D35-587A185B0465}]
       "(Default)"="REG_SZ", "FileGuardTips"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\FileGuardTips.DLL]
       "AppID"="REG_SZ", "{18A66A06-1894-4813-8D35-587A185B0465}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MFG_ShellExt.DLL]
       "AppID"="REG_SZ", "{16C655EF-0B08-4789-8D3C-4FB15A79C5BA}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4D50831-BAAC-49A4-8E2D-A558973405B3}]
       "(Default)"="REG_SZ", "FGTips Class"
       "AppID"="REG_SZ", "{18A66A06-1894-4813-8D35-587A185B0465}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4D50831-BAAC-49A4-8E2D-A558973405B3}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\Folder Secure\FileGuardTips.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4D50831-BAAC-49A4-8E2D-A558973405B3}\ProgID]
       "(Default)"="REG_SZ", "FileGuardTips.FGTips.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB90FAC3-D165-4AFC-92F0-365D11D1EE9C}]
       "(Default)"="REG_SZ", "ShellExt Class"
       "AppID"="REG_SZ", "{16C655EF-0B08-4789-8D3C-4FB15A79C5BA}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB90FAC3-D165-4AFC-92F0-365D11D1EE9C}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\Folder Secure\MFG_ShellExt.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7238614-F8F8-49A2-A665-438F6DABCFB3}]
       "(Default)"="REG_SZ", "IFGTips"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCAE9ADB-7D3B-4407-9F10-BE47FF0D438F}]
       "(Default)"="REG_SZ", "IShellExt"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B7238614-F8F8-49A2-A665-438F6DABCFB3}\ProxyStubClsid32]
       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCAE9ADB-7D3B-4407-9F10-BE47FF0D438F}]
       "(Default)"="REG_SZ", "IShellExt"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\FOLDERSECURE]
       "A"="REG_SZ", "0"
       "B"="REG_SZ", ""
       "Size"="REG_DWORD", 2
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D40F884-ACA2-4F81-974D-38EC1890A564}_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files\Folder Secure\logo.ico"
       "DisplayName"="REG_SZ", "FolderSecure"
       "DisplayVersion"="REG_SZ", "2.4"
       "EstimatedSize"="REG_DWORD", 9012
       "HelpLink"="REG_SZ", "http://www.maxpcsecure.com"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Folder Secure"
       "Inno Setup: Deselected Tasks"="REG_SZ", ""
       "Inno Setup: Icon Group"="REG_SZ", "Folder Secure"
       "Inno Setup: Language"="REG_SZ", "default"
       "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon"
       "Inno Setup: Setup Version"="REG_SZ", "5.6.1 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20210511"
       "InstallLocation"="REG_SZ", "C:\Program Files\Folder Secure\"
       "MajorVersion"="REG_DWORD", 2
       "MinorVersion"="REG_DWORD", 4
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Max Secure Software"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files\Folder Secure\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files\Folder Secure\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://www.maxpcsecure.com"
       "URLUpdateInfo"="REG_SZ", "http://www.maxpcsecure.com"
       "VersionMajor"="REG_DWORD", 2
       "VersionMinor"="REG_DWORD", 4
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FolderSecure]
       "DependOnService"="REG_MULTI_SZ, "FltMgr "
       "DisplayName"="REG_SZ", "FolderSecure"
       "ErrorControl"="REG_DWORD", 1
       "Group"="REG_SZ", "FSFilter Anti-Virus"
       "ImagePath"="REG_EXPAND_SZ, "System32\drivers\FolderSecure.sys"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 2
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FolderSecure\Instances]
       "DefaultInstance"="REG_SZ", "FolderSecure Instance"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FolderSecure\Instances\FolderSecure Instance]
       "Altitude"="REG_SZ", "328114"
       "Flags"="REG_DWORD", 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSVistaSvc]
       "DisplayName"="REG_SZ", "MSVistaSvc"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\Folder Secure\MSVistaService.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "MaxDownloadMgr"="REG_SZ", ""C:\Users\{username}\Desktop\MaxfoldersecureDM.exe""

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/11/21
Scan Time: 10:04 AM
Log File: 94114ee2-b22f-11eb-bd4e-080027235d76.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1292
Update Package Version: 1.0.40318
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 234128
Threats Detected: 56
Threats Quarantined: 56
Time Elapsed: 3 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 2
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\MSVISTASERVICE.EXE, Quarantined, 765, 937530, , , , , DD63D190B2313D89BEBDB11CC3C04A86, FFB9C3D9D2D74D0B3ECA4589B9C6FCF21C49F000792E68BEDDD0B4601B49B713
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\FSECURE_PD.EXE, Quarantined, 765, 937530, , , , , 270661A6892FE042221CFE942F03CE6A, 03D2B6B111E483E586BC61B85C4350903DC065C0653F5A5CF0DC61501E67D71D

Module: 10
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\MSVISTASERVICE.EXE, Quarantined, 765, 937530, , , , , DD63D190B2313D89BEBDB11CC3C04A86, FFB9C3D9D2D74D0B3ECA4589B9C6FCF21C49F000792E68BEDDD0B4601B49B713
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\HOOKNTQSI.DLL, Quarantined, 765, 937530, , , , , 7DB9EB0B3878FE2C2ABC9ECF598F49D3, 757D069ACDA375ED253701A6837805127D78E9666B007451C44EC968D19B3228
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\HOOKNTQSI.DLL, Quarantined, 765, 937530, , , , , 7DB9EB0B3878FE2C2ABC9ECF598F49D3, 757D069ACDA375ED253701A6837805127D78E9666B007451C44EC968D19B3228
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\HOOKNTQSI.DLL, Quarantined, 765, 937530, , , , , 7DB9EB0B3878FE2C2ABC9ECF598F49D3, 757D069ACDA375ED253701A6837805127D78E9666B007451C44EC968D19B3228
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\HOOKNTQSI.DLL, Quarantined, 765, 937530, , , , , 7DB9EB0B3878FE2C2ABC9ECF598F49D3, 757D069ACDA375ED253701A6837805127D78E9666B007451C44EC968D19B3228
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\HOOKNTQSI.DLL, Quarantined, 765, 937530, , , , , 7DB9EB0B3878FE2C2ABC9ECF598F49D3, 757D069ACDA375ED253701A6837805127D78E9666B007451C44EC968D19B3228
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\HOOKNTQSI.DLL, Quarantined, 765, 937530, , , , , 7DB9EB0B3878FE2C2ABC9ECF598F49D3, 757D069ACDA375ED253701A6837805127D78E9666B007451C44EC968D19B3228
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\HOOKNTQSI.DLL, Quarantined, 765, 937530, , , , , 7DB9EB0B3878FE2C2ABC9ECF598F49D3, 757D069ACDA375ED253701A6837805127D78E9666B007451C44EC968D19B3228
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\FSECURE_PD.EXE, Quarantined, 765, 937530, , , , , 270661A6892FE042221CFE942F03CE6A, 03D2B6B111E483E586BC61B85C4350903DC065C0653F5A5CF0DC61501E67D71D
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\MFG_SHELLEXT.DLL, Quarantined, 765, 937530, , , , , D0EAD64C7BEDED0D84CBBC620F5B86B3, E0FB1AE9523CE3629A3287BEDD667C2E5041A8C4650497029F473EFEFAAB53B5

Registry Key: 23
PUP.Optional.MaxSecureSoftware, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MSVistaSvc, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{CB90FAC3-D165-4AFC-92F0-365D11D1EE9C}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\MFG_ShellExt.ShellExt, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\MFG_ShellExt.ShellExt.1, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\TYPELIB\{3ABA7A9C-2040-4113-AA29-EB21339BE860}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\INTERFACE\{BCAE9ADB-7D3B-4407-9F10-BE47FF0D438F}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BCAE9ADB-7D3B-4407-9F10-BE47FF0D438F}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BCAE9ADB-7D3B-4407-9F10-BE47FF0D438F}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3ABA7A9C-2040-4113-AA29-EB21339BE860}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3ABA7A9C-2040-4113-AA29-EB21339BE860}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{CB90FAC3-D165-4AFC-92F0-365D11D1EE9C}\InprocServer32, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FolderSecure, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{C4D50831-BAAC-49A4-8E2D-A558973405B3}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\FileGuardTips.FGTips, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\FileGuardTips.FGTips.1, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\TYPELIB\{761D3D39-F77F-4B91-A024-41EF7722B545}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\INTERFACE\{B7238614-F8F8-49A2-A665-438F6DABCFB3}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B7238614-F8F8-49A2-A665-438F6DABCFB3}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B7238614-F8F8-49A2-A665-438F6DABCFB3}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{761D3D39-F77F-4B91-A024-41EF7722B545}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{761D3D39-F77F-4B91-A024-41EF7722B545}, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\CLASSES\CLSID\{C4D50831-BAAC-49A4-8E2D-A558973405B3}\InprocServer32, Quarantined, 765, 937530, , , , , , 
PUP.Optional.MaxSecureSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7D40F884-ACA2-4F81-974D-38EC1890A564}_is1, Quarantined, 765, 937530, , , , , , 

Registry Value: 1
PUP.Optional.MaxSecureSoftware, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MaxDownloadMgr, Quarantined, 765, 937531, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.MaxSecureSoftware, C:\Users\{username}\AppData\Local\Max Secure Software\MaxDownloadTemp, Quarantined, 765, 393078, , , , , , 
PUP.Optional.MaxSecureSoftware, C:\USERS\{username}\APPDATA\LOCAL\MAX SECURE SOFTWARE, Quarantined, 765, 393078, 1.0.40318, , ame, , , 
PUP.Optional.MaxSecureSoftware, C:\PROGRAMDATA\MAX SECURE\MAX PC SECURE, Quarantined, 765, 393093, 1.0.40318, , ame, , , 

File: 17
PUP.Optional.MaxSecureSoftware, C:\Users\{username}\AppData\Local\Max Secure Software\MaxDownloadTemp\maxdownloader.log, Quarantined, 765, 393078, , , , , 709E49E7FCB892B8C9AC88C104E37198, 145A7FF8C57EEE40561E9D80E16F6A3E75965A76E892767F2CB131A437DAAEA3
PUP.Optional.MaxSecureSoftware, C:\ProgramData\Max Secure\Max PC Secure\SysFS.dll, Quarantined, 765, 393093, , , , , 8E28A146EC8758B6412BBF30763C81DB, B5F9942E6A9259A34DA8D8588C56CCA8BA9471B655FE805612E069D45639D969
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\MSVISTASERVICE.EXE, Quarantined, 765, 937530, 1.0.40318, , ame, , DD63D190B2313D89BEBDB11CC3C04A86, FFB9C3D9D2D74D0B3ECA4589B9C6FCF21C49F000792E68BEDDD0B4601B49B713
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\HOOKNTQSI.DLL, Quarantined, 765, 937530, 1.0.40318, , ame, , 7DB9EB0B3878FE2C2ABC9ECF598F49D3, 757D069ACDA375ED253701A6837805127D78E9666B007451C44EC968D19B3228
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\FSECURE_PD.EXE, Quarantined, 765, 937530, 1.0.40318, , ame, , 270661A6892FE042221CFE942F03CE6A, 03D2B6B111E483E586BC61B85C4350903DC065C0653F5A5CF0DC61501E67D71D
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\MFG_SHELLEXT.DLL, Quarantined, 765, 937530, 1.0.40318, , ame, , D0EAD64C7BEDED0D84CBBC620F5B86B3, E0FB1AE9523CE3629A3287BEDD667C2E5041A8C4650497029F473EFEFAAB53B5
PUP.Optional.MaxSecureSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\FOLDERSECURE.SYS, Quarantined, 765, 937530, 1.0.40318, , ame, , 2550AD9B21030FFB07233252BD681693, B61E2433C7F9370EE9A79248260A24EEDE88CADA6A9E9D5D3FD8A61E5EA01976
PUP.Optional.MaxSecureSoftware, C:\USERS\{username}\DESKTOP\MAXFOLDERSECUREDM.EXE, Quarantined, 765, 937531, 1.0.40318, , ame, , ABE3138C202B83350494AF2ECA725EBB, 1E23C5557FB5D96B60B9FDC8C2D7BC06E76ECB5B57DCFE7A8679292086BA2B5D
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\FILEGUARDTIPS.DLL, Quarantined, 765, 937530, 1.0.40318, , ame, , 33BEC57657F9A60911F7FE9FF88EAA2E, 90102E617D309D9D197F563EECCAE2836E3BDEF47A8546E1B98ECF91A102EBFE
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\UNINS000.EXE, Quarantined, 765, 937530, 1.0.40318, , ame, , 11C0B3CAF5B229333C2C510FFDEB6A33, 29807AFA729253567C50ED30B22899A9374765F378A7A1985AF4859B361AC2CA
PUP.Optional.MaxSecureSoftware, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\FolderSecure.lnk, Quarantined, 765, 937530, , , , , 8AB5D979A373438B370F3A13A55A6BEB, 8A101296CBFCC7CD351323B8425705418DF4082B21F068C2795395FD5604F92D
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\FSECURE_GUI.EXE, Quarantined, 765, 937530, 1.0.40318, , ame, , 0DA761A1150C2EB88AE2E351FEA9F14E, C5447C44806FF9AD8FC262778B08FD09B16D377FC23010210B093E9AE584C777
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\CHECKDLL.DLL, Quarantined, 765, 937530, 1.0.40318, , ame, , 7B2B2F84284A0B17B476EB603DECDAE2, CED29643A7DCA7E88CC8F59504DEC7F1C69F85E5C44786A9D5B24F569107DECA
PUP.Optional.MaxSecureSoftware, C:\PROGRAM FILES\FOLDER SECURE\REMOVE.DLL, Quarantined, 765, 937530, 1.0.40318, , ame, , 76175031B7A65611DD79FCE76FADE51D, 81D11DB5314509465E03443A52C15ECDF1CF731D03B412C8E467FA9DCFDEDDDF
PUP.Optional.MaxSecureSoftware, C:\USERS\{username}\DOWNLOADS\FOLDERSECUREX64.EXE, Quarantined, 765, 937530, 1.0.40318, , ame, , 2FC36778984A19422887FA3AF045931E, 39BE70C3ED712B28310DBC8AC46C6CE90A9C918BF79C4BCB3458C29644209844
PUP.Optional.MaxSecureSoftware, C:\USERS\{username}\DESKTOP\FOLDERSECUREX64.EXE, Quarantined, 765, 937530, 1.0.40318, , ame, , 2FC36778984A19422887FA3AF045931E, 39BE70C3ED712B28310DBC8AC46C6CE90A9C918BF79C4BCB3458C29644209844
PUP.Optional.MaxSecureSoftware, C:\WINDOWS\ISRS-000.TMP, Quarantined, 765, 937530, 1.0.40318, , ame, , 11C0B3CAF5B229333C2C510FFDEB6A33, 29807AFA729253567C50ED30B22899A9374765F378A7A1985AF4859B361AC2CA

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this potentially unwanted program.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.