Jump to content

Recommended Posts

  • Staff

What is Domain Quality?

The Malwarebytes research team has determined that Domain Quality is a browser hijacker and forced Edge extension.
This extension was available for Chrome and Firefox according tho their website, but those have been removed from the webstores.

How do I know if my computer is affected by Domain Quality?

You may see these warnings during install:

warning1.png

warning2.png

You may see this entry in your list of installed Edge extensions:

main.png

How did Domain Quality get on my computer?
Forced extensions use a typical method for distributing themselves. This particular one was also available in the webstore.

webstore.png

and is being promoted on their website:

website.png

How do I remove Domain Quality?

Our program Malwarebytes can detect and remove this unwanted program.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of Domain Quality?

  • No, Malwarebytes removes Domain Quality completely.

Technical details for experts

Possible signs in FRST logs:


 

Edge Extension: (Domain Quality) - C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll [2021-11-03]

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll\1.0_0
       Adds the file fundPas.js"="9/3/2021 12:34 PM, 8682 bytes, A
       Adds the file manifest.json"="11/3/2021 10:54 AM, 1013 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll\1.0_0\_metadata
       Adds the file computed_hashes.json"="11/3/2021 10:54 AM, 227 bytes, A
       Adds the file verified_contents.json"="9/3/2021 3:29 PM, 2109 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibdbcmijlhpfbghdpgecafbaimbihll\1.0_0\conesF
       Adds the file image128.png"="11/3/2021 10:54 AM, 6078 bytes, A
       Adds the file image16.png"="11/3/2021 10:54 AM, 727 bytes, A
       Adds the file image32.png"="11/3/2021 10:54 AM, 1611 bytes, A
       Adds the file image64.png"="11/3/2021 10:54 AM, 2842 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings]
       "mibdbcmijlhpfbghdpgecafbaimbihll"="REG_SZ", "C7DFADA31CA78AA91900A543871A060BDA90795836EECC8A86933D15E3C86A03"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/3/21
Scan Time: 11:14 AM
Log File: e297b5f8-3c8e-11ec-beef-080027235d76.json

-Software Information-
Version: 4.4.9.142
Components Version: 1.0.1486
Update Package Version: 1.0.46718
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 259683
Threats Detected: 10
Threats Quarantined: 10
Time Elapsed: 2 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.ForcedExtension, HKCU\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|mibdbcmijlhpfbghdpgecafbaimbihll, Quarantined, 298, 980942, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll, Quarantined, 298, 980942, , , , , , 
PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\MIBDBCMIJLHPFBGHDPGECAFBAIMBIHLL, Quarantined, 298, 980942, 1.0.46718, , ame, , , 

File: 7
PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 298, 980942, , , , , 89A9F853B5164E3CC514B36F1AD2CC4C, 17056E84BC27F3F42D8A8F432D59A452D2C66C1E80A349CA021C22589784C139
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\000003.log, Quarantined, 298, 980942, , , , , 04745E4090E6D2D6FCC2DD53D80F8CFD, 8D7DB095B372D95503CABD522A82B49EEE66678C2F13D5EE16CC678836B2D103
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\CURRENT, Quarantined, 298, 980942, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\LOCK, Quarantined, 298, 980942, , , , , , 
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\LOG, Quarantined, 298, 980942, , , , , 33033261C3A3EBB2DD072A322D6033EE, B749B33F8434E616F021485E5665F2FE4E518883CD9A02134BD4F35699DBC7E1
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mibdbcmijlhpfbghdpgecafbaimbihll\MANIFEST-000001, Quarantined, 298, 980942, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\MIBDBCMIJLHPFBGHDPGECAFBAIMBIHLL\1.0_0\FUNDPAS.JS, Quarantined, 298, 980942, 1.0.46718, , ame, , 1A123AD0900F3197034142AE00887421, C1759C6FC33983A3C021FE36636A812EF9D9A394DE94736833DB624C9BE6686D

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.