Jump to content

Recommended Posts

  • Staff

What is Easy 2 Convert 4 Me?

The Malwarebytes research team has determined that Easy 2 Convert 4 Me is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
This particular one displays an icon and a prompt on certain websites.

How do I know if my computer is affected by Easy 2 Convert 4 Me?

You may see this entry in your list of installed Chrome extensions:

main.png

and these warnings during install:

warning1.png

warning2.png

and you will see this icon on certain websites:

icons.png

which produces this prompt:

warning5.png

How did Easy 2 Convert 4 Me get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:

webstore.png

after a redirect from their website:

website.png

How do I remove Easy 2 Convert 4 Me?

Our program Malwarebytes can detect and remove this potentially unwanted program.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of Easy 2 Convert 4 Me?

  • No, Malwarebytes removes Easy 2 Convert 4 Me completely.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes would have protected you against the Easy 2 Convert 4 Me hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
 

protection1.png


Technical details for experts

Possible signs in FRST logs:
 

CHR Extension: (Easy 2 Convert 4 Me) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnddilblgffaoehkggebpeiacfgmllgk [2021-05-17]

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnddilblgffaoehkggebpeiacfgmllgk\8.10102_0
       Adds the file 3c384c7a17e9cc1461fa.css"="3/23/2021 3:19 AM, 2414 bytes, A
       Adds the file background.js"="3/23/2021 3:19 AM, 405606 bytes, A
       Adds the file content.js"="3/23/2021 3:19 AM, 321590 bytes, A
       Adds the file manifest.json"="5/17/2021 11:08 AM, 1555 bytes, A
       Adds the file popup.html"="3/23/2021 3:19 AM, 1329 bytes, A
       Adds the file popup.js"="3/23/2021 3:19 AM, 141997 bytes, A
       Adds the file widget.config.json"="3/23/2021 3:19 AM, 11821 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnddilblgffaoehkggebpeiacfgmllgk\8.10102_0\_metadata
       Adds the file computed_hashes.json"="5/17/2021 11:08 AM, 22935 bytes, A
       Adds the file verified_contents.json"="3/23/2021 3:19 AM, 6215 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnddilblgffaoehkggebpeiacfgmllgk\8.10102_0\icons
       Adds the file 128.png"="5/17/2021 11:08 AM, 3670 bytes, A
       Adds the file 16.png"="5/17/2021 11:08 AM, 515 bytes, A
       Adds the file 19.png"="5/17/2021 11:08 AM, 683 bytes, A
       Adds the file 32.png"="5/17/2021 11:08 AM, 1017 bytes, A
       Adds the file 38.png"="5/17/2021 11:08 AM, 1656 bytes, A
       Adds the file 48.png"="5/17/2021 11:08 AM, 2054 bytes, A
       Adds the file 64.png"="5/17/2021 11:08 AM, 2029 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnddilblgffaoehkggebpeiacfgmllgk\8.10102_0\widget
       Adds the file asset-manifest.json"="3/23/2021 3:19 AM, 2049 bytes, A
       Adds the file index.html"="3/23/2021 3:19 AM, 938 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnddilblgffaoehkggebpeiacfgmllgk\8.10102_0\widget\static\css
       Adds the file main.2a96f3d8.chunk.css"="3/23/2021 3:19 AM, 12267 bytes, A
       Adds the file main.2a96f3d8.chunk.css.map"="3/23/2021 3:19 AM, 22893 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnddilblgffaoehkggebpeiacfgmllgk\8.10102_0\widget\static\js
       Adds the file 2.0b588ce7.chunk.js"="3/23/2021 3:19 AM, 156063 bytes, A
       Adds the file 2.0b588ce7.chunk.js.LICENSE.txt"="3/23/2021 3:19 AM, 1043 bytes, A
       Adds the file 2.0b588ce7.chunk.js.map"="3/23/2021 3:19 AM, 441232 bytes, A
       Adds the file 3.8cacd2f5.chunk.js"="3/23/2021 3:19 AM, 3582 bytes, A
       Adds the file 3.8cacd2f5.chunk.js.map"="3/23/2021 3:19 AM, 7690 bytes, A
       Adds the file main.b9eb73cd.chunk.js"="3/23/2021 3:19 AM, 47875 bytes, A
       Adds the file main.b9eb73cd.chunk.js.map"="3/23/2021 3:19 AM, 106340 bytes, A
       Adds the file runtime-main.7cd96f97.js"="3/23/2021 3:19 AM, 2400 bytes, A
       Adds the file runtime-main.7cd96f97.js.map"="3/23/2021 3:19 AM, 12512 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnddilblgffaoehkggebpeiacfgmllgk\8.10102_0\widget\static\media
       Adds the file archive.7cfb4c04.svg"="3/23/2021 3:19 AM, 852 bytes, A
       Adds the file audio.f753fc22.svg"="3/23/2021 3:19 AM, 991 bytes, A
       Adds the file back.b9bd320b.svg"="3/23/2021 3:19 AM, 249 bytes, A
       Adds the file docs.6a29fd7a.svg"="3/23/2021 3:19 AM, 1174 bytes, A
       Adds the file ebook.8d72c493.svg"="3/23/2021 3:19 AM, 763 bytes, A
       Adds the file failed.c75a6abd.svg"="3/23/2021 3:19 AM, 906 bytes, A
       Adds the file finished.64e21323.svg"="3/23/2021 3:19 AM, 546 bytes, A
       Adds the file image.1eaa51da.svg"="3/23/2021 3:19 AM, 1258 bytes, A
       Adds the file loader.f8f7e0c9.svg"="3/23/2021 3:19 AM, 6180 bytes, A
       Adds the file search.c8e5861f.svg"="3/23/2021 3:19 AM, 900 bytes, A
       Adds the file video.70e0c322.svg"="3/23/2021 3:19 AM, 1460 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnddilblgffaoehkggebpeiacfgmllgk
       Adds the file 000003.log"="5/17/2021 11:08 AM, 0 bytes, A
       Adds the file CURRENT"="5/17/2021 11:08 AM, 16 bytes, A
       Adds the file LOCK"="5/17/2021 11:08 AM, 0 bytes, A
       Adds the file LOG"="5/17/2021 11:08 AM, 0 bytes, A
       Adds the file MANIFEST-000001"="5/17/2021 11:08 AM, 41 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings]
       "nnddilblgffaoehkggebpeiacfgmllgk"="REG_SZ", "402BFC6B231C67C689502EF8B6D1B6A887A4D564DEAE953535023E8C30BA90E3"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/17/21
Scan Time: 11:33 AM
Log File: f2556c5a-b6f2-11eb-921e-080027235d76.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1292
Update Package Version: 1.0.40526
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 234181
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: 1 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.Easy2Convert4Me, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|nnddilblgffaoehkggebpeiacfgmllgk, Quarantined, 16372, 940046, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.Easy2Convert4Me, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\nnddilblgffaoehkggebpeiacfgmllgk, Quarantined, 16372, 940046, , , , , , 
PUP.Optional.Easy2Convert4Me, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NNDDILBLGFFAOEHKGGEBPEIACFGMLLGK, Quarantined, 16372, 940046, 1.0.40526, , ame, , , 

File: 8
PUP.Optional.Easy2Convert4Me, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 16372, 940046, , , , , D22766F4C570A659983B046E2009BB0D, 3855BB666D1BD055B07E6CD5DC4B2EAA781622A24E0BF3FD33307E34BE27FFA8
PUP.Optional.Easy2Convert4Me, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 16372, 940046, , , , , BF03771FA7A1F21B789E04DE487B5A03, 920D0337BB380E44EC2478B33990957238E93AC01097D100541D39D002A16A92
PUP.Optional.Easy2Convert4Me, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnddilblgffaoehkggebpeiacfgmllgk\000003.log, Quarantined, 16372, 940046, , , , , 23E6CFFF249A9D90C1C8AC5A6AF1319B, CA938F988938B2B834ED9E8981D0A05AC8FE6F87EDD6415E41FB0430D32FAB04
PUP.Optional.Easy2Convert4Me, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnddilblgffaoehkggebpeiacfgmllgk\CURRENT, Quarantined, 16372, 940046, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Easy2Convert4Me, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnddilblgffaoehkggebpeiacfgmllgk\LOCK, Quarantined, 16372, 940046, , , , , , 
PUP.Optional.Easy2Convert4Me, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnddilblgffaoehkggebpeiacfgmllgk\LOG, Quarantined, 16372, 940046, , , , , 216CF4F04090A50D2DC641885F38EC1F, 70B3C0E3F90969988F5255DEC445153E38098B79DE445AB65D81F23CB71B999B
PUP.Optional.Easy2Convert4Me, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnddilblgffaoehkggebpeiacfgmllgk\MANIFEST-000001, Quarantined, 16372, 940046, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.Easy2Convert4Me, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NNDDILBLGFFAOEHKGGEBPEIACFGMLLGK\8.10102_0\MANIFEST.JSON, Quarantined, 16372, 940046, 1.0.40526, , ame, , 57B22A9AE9515C9C66A75C6235434451, 6254D4C5305453DCCF1BABA88AA2300FC783ACFC4DC2BBEC420D8105F9111D00

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.