Jump to content

Recommended Posts

  • Staff

What is Clean Master?

The Malwarebytes research team has determined that Clean Master pushes notifications and qualifies as a forced Edge extension.

How do I know if my computer is affected by Clean Master?

You may see these warnings during install:

warning1.png

warning2.png

You may see this entry in your list of installed Edge extensions:

main.png

and this icon in the browser menu bar:

icons.png

This is the main screen of the application:

warning5.png

How did Clean Master get on my computer?

Forced extensions use misleading methods for distributing themselves. This particular one was pushed by a fake system popup:

website.png

that redirected the user to the webstore:

webstore.png

How do I remove Clean Master?

Our program Malwarebytes can detect and remove this unwanted program.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of Clean Master?

  • No, Malwarebytes removes Clean Master completely.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this forced extension.

We protect our customers from these extensions by blocking the sites that spread them:

protection1.png

Technical details for experts

Possible signs in FRST logs:


 

Edge Extension: (Clean Master) - C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe [2021-06-16]

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0
       Adds the file bg.js"="5/20/2021 4:21 PM, 8384 bytes, A
       Adds the file manifest.json"="6/16/2021 8:40 AM, 1039 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\_metadata
       Adds the file computed_hashes.json"="6/16/2021 8:40 AM, 4636 bytes, A
       Adds the file verified_contents.json"="5/20/2021 3:19 PM, 2572 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\fonts
       Adds the file Roboto-Bold.ttf"="1/8/2013 11:00 PM, 170348 bytes, A
       Adds the file Roboto-Regular.ttf"="1/8/2013 11:00 PM, 171272 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images
       Adds the file icon-128.png"="6/16/2021 8:40 AM, 3635 bytes, A
       Adds the file icon-16.png"="6/16/2021 8:40 AM, 418 bytes, A
       Adds the file icon-64.png"="6/16/2021 8:40 AM, 1911 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\main
       Adds the file popup.html"="1/23/2021 3:55 PM, 624 bytes, A
       Adds the file style.css"="1/23/2021 2:36 PM, 3655 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\scripts
       Adds the file index.js"="1/23/2021 3:04 PM, 388 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings]
       "fglppimedodihgiikeephjaepcflbeoe"="REG_SZ", "FF5337FD477876B5623DDBA67330355D2C1F7CEB4078DDF351BF6CF99E427DEB"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/16/21
Scan Time: 8:52 AM
Log File: 7677f636-ce6f-11eb-b224-080027235d76.json

-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41779
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 234722
Threats Detected: 19
Threats Quarantined: 19
Time Elapsed: 2 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\_metadata, Quarantined, 298, 949801, , , , , , 
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\scripts, Quarantined, 298, 949801, , , , , , 
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images, Quarantined, 298, 949801, , , , , , 
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\fonts, Quarantined, 298, 949801, , , , , , 
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\main, Quarantined, 298, 949801, , , , , , 
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0, Quarantined, 298, 949801, , , , , , 
PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\FGLPPIMEDODIHGIIKEEPHJAEPCFLBEOE, Quarantined, 298, 949801, 1.0.41779, , ame, , , 

File: 12
PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\FGLPPIMEDODIHGIIKEEPHJAEPCFLBEOE\1.4_0\BG.JS, Quarantined, 298, 949801, 1.0.41779, , ame, , C7455590E105B4A46DB70CE3F3E35410, 30395A9B395B46159308F273406AB95B27477614E2913E47F0533E9F860D8A9E
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\fonts\Roboto-Bold.ttf, Quarantined, 298, 949801, , , , , E07DF86CEF2E721115583D61D1FB68A6, C9CC991DEB5D27F267830A19F2301EB164D9E61EC08669C1A1A291C5620FF40A
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\fonts\Roboto-Regular.ttf, Quarantined, 298, 949801, , , , , 11EABCA2251325CFC5589C9C6FB57B46, 017C0BE9AAA6D0359737E1FA762AD304C0E0107927FAFF5A6C1F415C7F5244ED
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images\icon-128.png, Quarantined, 298, 949801, , , , , 893D03DBFF3BCBD2DB8A00524F69FB0E, 6C5602F649BBBA62D9B95D732E7437A9E551315C1F4D91985E317C17914689AF
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images\icon-16.png, Quarantined, 298, 949801, , , , , 90A76668D2A91BDA6B69055BB940B656, 9FA40205E7096A2CC42CD463A4583EE43AE0C4AACD678641A353A2D64FE74235
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\images\icon-64.png, Quarantined, 298, 949801, , , , , 952C643F7CD0C3A6DD2BF853DF6048FA, 84390A1F60338C0DDF7A06B0395FD3B51FE7BEE068A585EC63FE3EDDEFA2606B
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\main\popup.html, Quarantined, 298, 949801, , , , , 7F0A5966279F1800B26EA669BD5A60A8, 987E60FD8F1812271851D9AE8AD061D639D08A416639557824B92332E2B33722
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\main\style.css, Quarantined, 298, 949801, , , , , 43955E10538679C14D7DE6C2CDF94D0B, C648703A7702FB796339FF09B713BBEAD2D534C46BC89A4CB3C67CCBAFAF8137
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\scripts\index.js, Quarantined, 298, 949801, , , , , B24A46C6442F5A5579853ADAE3137D85, 864C132434910BBE06591D62838BE1706278B2264BBFAE5865EE161907EF9049
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\_metadata\computed_hashes.json, Quarantined, 298, 949801, , , , , 93D7BCC0000C13B2BE8E094337894321, 061A57272B2D8B8D26AAB486503EB1868A1AD87E962E3404189FF709D7BDA177
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\_metadata\verified_contents.json, Quarantined, 298, 949801, , , , , 35723EA8F03B4D18AA4509FB057232C8, 8ED7671A38C28565F9238DFD5EFB4E5D0D7B868AEF4B9A80A17FEABD4E95117A
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fglppimedodihgiikeephjaepcflbeoe\1.4_0\manifest.json, Quarantined, 298, 949801, , , , , 4C87FA10FDDF90E0849F0DFB32F49080, EC5444E091D92E0308B7275C8657BB77016DF9094587640880C81D0C8E3517BC

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.