T
Taffythomas85
This free Music app I downloaded came with lots of add on's including advertising. My computer slowed down to a snails pace due to being bombarded with adverts, shortly after my first use I uninstalled all the programmes associated with this app. Unfortunately the adverts reappeared when I next searched on line, Amazon, Ebay etc. Searchawsome is the advertising medium which was downloaded with the music app and they are very helpful in describing how to remove their ads. Removal works only for the session the computer is switched on. Next time you start up and search the internet it reinstalls, and you are back to square one. Very frustrating. My son is more savvy than me with the computer and his initial attempts to remove all traces failed. He installed Malwarebytes and it detected 94 threats and Quarantined 93. This malware got past windows defender by hiding in all sorts of places, creating folders, "D" Drive, it even managed to get Defender to ignore certain folders and files.
What are Microsoft going to do prevent this occurring again.
Far too technical for me, here is a copy of what Malwarebytes found.
www.malwarebytes.com
-Log Details-
Scan Date: 10/02/18
Scan Time: 9:48 PM
Log File: *********ba.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7143
License: Trial
-System Information-
OS: Windows 10 (Build *******)
CPU: x64
File System: NTFS
User: DESKTOP-********\Admin
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 277772
Threats Detected: 94
Threats Quarantined: 92
Time Elapsed: 9 min, 26 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 20
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SoftUpgrade, Quarantined, [5513], [260472],1.0.7143
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{19EC5E1B-C56F-4B40-B7F6-44C3946991E6}, Quarantined, [5513], [260472],1.0.7143
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{19EC5E1B-C56F-4B40-B7F6-44C3946991E6}, Quarantined, [5513], [260472],1.0.7143
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\FASTDATAX TASK, Quarantined, [2085], [407191],1.0.7143
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A6B72370-F927-49E3-9E84-8E29A1F5337F}, Quarantined, [2085], [407191],1.0.7143
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A6B72370-F927-49E3-9E84-8E29A1F5337F}, Quarantined, [2085], [407191],1.0.7143
PUP.Optional.InterStat, HKU\S-1-5-21-767349833-3369627885-2450160680-1001_Classes\APPLICATIONS\interstatnogui.exe, Quarantined, [1088], [463411],1.0.7143
Adware.FastDataX, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\FastDataX, Quarantined, [3938], [484533],1.0.7143
PUP.Optional.InterStat, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\Interstatnogui, Quarantined, [1088], [333863],1.0.7143
PUP.Optional.Wajam, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\WajIEnhance, Quarantined, [207], [244670],1.0.7143
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [207], [-1],0.0.0
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\WebDiscoverBrowser, Quarantined, [1586], [253912],1.0.7143
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Quarantined, [7262], [509886],1.0.7143
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [1586], [253915],1.0.7143
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Quarantined, [7262], [509886],1.0.7143
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, Quarantined, [1586], [253915],1.0.7143
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NjEwZTZlZTh, Quarantined, [464], [556539],1.0.7143
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-18\SOFTWARE\WebDiscoverBrowser, Quarantined, [1586], [253912],1.0.7143
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OGUyNTJjY2ZiM, Quarantined, [4876], [530292],1.0.7143
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Yzk5YWQ4YjcwOGE2N, Quarantined, [464], [535778],1.0.7143
Registry Value: 8
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [207], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [207], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [207], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [207], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [207], [-1],0.0.0
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{19EC5E1B-C56F-4B40-B7F6-44C3946991E6}|PATH, Quarantined, [5513], [260475],1.0.7143
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A6B72370-F927-49E3-9E84-8E29A1F5337F}|PATH, Quarantined, [2085], [407189],1.0.7143
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OGUyNTJjY2ZiM|IMAGEPATH, Quarantined, [4876], [530292],1.0.7143
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 13
PUP.Optional.SoftUpgrade, C:\PROGRAM FILES (X86)\SOFTUPGRADE, Quarantined, [5513], [260472],1.0.7143
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL, Quarantined, [398], [479103],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\WEBDISCOVERBROWSER, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.InterStat, C:\USERS\ADMIN\APPDATA\ROAMING\INTERSTATNOGUI, Quarantined, [1088], [333846],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\Locales, Quarantined, [633], [348279],1.0.7143
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\f8dd40bc-2fb3-1, Quarantined, [701], [407181],1.0.7143
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\f8dd40bc-4051-0, Quarantined, [701], [407181],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\install_tmp2, Quarantined, [464], [450113],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\wjm5015.tmp, Quarantined, [464], [511084],1.0.7143
Adware.Wajam, C:\PROGRAM FILES\NjEwZTZlZTh, Quarantined, [464], [556539],1.0.7143
File: 53
PUP.Optional.SoftUpgrade, C:\WINDOWS\SYSTEM32\TASKS\SoftUpgrade, Quarantined, [5513], [260472],1.0.7143
PUP.Optional.SoftUpgrade, C:\PROGRAM FILES (X86)\SOFTUPGRADE\SOFTUP.EXE, Quarantined, [5513], [260472],1.0.7143
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\f8dd40bc-2fb3-1\BITF03A.tmp, Quarantined, [3744], [257931],1.0.7143
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\f8dd40bc-4051-0\BITF164.tmp, Quarantined, [3744], [257931],1.0.7143
Adware.FastDataX.EncJob, C:\WINDOWS\SYSTEM32\TASKS\FASTDATAX TASK, Quarantined, [2085], [407191],1.0.7143
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL\XV.DB, Quarantined, [398], [479103],1.0.7143
Trojan.Agent, C:\Windows\SysWOW64\SSL\cert.db, Quarantined, [398], [479103],1.0.7143
Trojan.Agent, C:\Windows\SysWOW64\SSL\NjgyMmUxMDl 2.cer, Quarantined, [398], [479103],1.0.7143
Trojan.Agent, C:\Windows\SysWOW64\SSL\xtls.db, Quarantined, [398], [479103],1.0.7143
PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Quarantined, [5361], [505085],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\metadata, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\settings.dat, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\Locales\en-US.pak, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\libEGL.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\browser.exe, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_100_percent.pak, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_200_percent.pak, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_child.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_elf.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\icudtl.dat, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\libGLESv2.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\resources.pak, Quarantined, [633], [348279],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\install_tmp2\s2s_install.exe, Quarantined, [464], [450113],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\wjm5015.tmp\update.exe, Quarantined, [464], [511084],1.0.7143
Adware.Wajam, C:\PROGRAM FILES\NjEwZTZlZTh\WBE_uninstall.dat, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\mozcrt19.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\NDcxMDNiO, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\nspr4.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\nss3.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\plc4.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\plds4.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\service.dat, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\service_64.dat, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\softokn3.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\YWY3ZDcwYmU1ZmV.exe, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\ZDBlM2QwNmYwNDY5OD.exe, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\ZjVkNmVjMzllODAxN2Nk.ico, Quarantined, [464], [556539],1.0.7143
MachineLearning/Anomalous.100%, C:\WINDOWS\MMI0M2J.EXE, Quarantined, [0], [392687],1.0.7143
Adware.Wajam.Generic, C:\WINDOWS\GUICZROYNJXOPCLY.GUI, Quarantined, [4876], [530292],1.0.7143
Adware.Wajam, C:\WINDOWS\SYSTEM32\DRIVERS\YZK5YWQ4YJCWOGE2N.SYS, Quarantined, [464], [535778],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\NSK8639.TMP\MVXPBDNIZMS.DLL, Quarantined, [464], [570613],1.0.7143
Adware.FileTour, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\J1JB0FAJ-UPD.EXE, Quarantined, [416], [440055],1.0.7143
Adware.FileTour, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\INSTALL_TMP3\INTER_SILENT.EXE, Quarantined, [416], [440055],1.0.7143
Adware.Adposhel, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\INSTALL_TMP4\SETUP.EXE, Quarantined, [476], [567965],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\NSZ9320.TMP\MVXPBDNIZMS.DLL, Quarantined, [464], [570613],1.0.7143
Adware.Agent, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\J1JB0FAJ-PROG.EXE, Quarantined, [103], [475129],1.0.7143
PUP.Optional.InstallCore, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\IS-RDL3K.TMP\MUSIC_DOWNLOADER_GURU.EXE, Quarantined, [402], [525623],1.0.7143
Adware.Wajam, C:\WINDOWS\TEMP\NSQE10B.TMP\MVXPBDNIZMS.DLL, Quarantined, [464], [570613],1.0.7143
PUP.Optional.BundleInstaller, C:\USERS\ADMIN\DOWNLOADS\FREEMUSICDOWNLOADER.EXE, Quarantined, [415], [570896],1.0.7143
Adware.Wajam, C:\WINDOWS\TEMP\NSE11E5.TMP\MVXPBDNIZMS.DLL, Quarantined, [464], [570613],1.0.7143
PUP.Optional.InstallCore, C:\USERS\ADMIN\DOWNLOADS\JAVASETUP_2921163428.EXE, Quarantined, [402], [571006],1.0.7143
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Continue reading...
What are Microsoft going to do prevent this occurring again.
Far too technical for me, here is a copy of what Malwarebytes found.
www.malwarebytes.com
-Log Details-
Scan Date: 10/02/18
Scan Time: 9:48 PM
Log File: *********ba.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7143
License: Trial
-System Information-
OS: Windows 10 (Build *******)
CPU: x64
File System: NTFS
User: DESKTOP-********\Admin
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 277772
Threats Detected: 94
Threats Quarantined: 92
Time Elapsed: 9 min, 26 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 20
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SoftUpgrade, Quarantined, [5513], [260472],1.0.7143
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{19EC5E1B-C56F-4B40-B7F6-44C3946991E6}, Quarantined, [5513], [260472],1.0.7143
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{19EC5E1B-C56F-4B40-B7F6-44C3946991E6}, Quarantined, [5513], [260472],1.0.7143
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\FASTDATAX TASK, Quarantined, [2085], [407191],1.0.7143
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A6B72370-F927-49E3-9E84-8E29A1F5337F}, Quarantined, [2085], [407191],1.0.7143
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A6B72370-F927-49E3-9E84-8E29A1F5337F}, Quarantined, [2085], [407191],1.0.7143
PUP.Optional.InterStat, HKU\S-1-5-21-767349833-3369627885-2450160680-1001_Classes\APPLICATIONS\interstatnogui.exe, Quarantined, [1088], [463411],1.0.7143
Adware.FastDataX, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\FastDataX, Quarantined, [3938], [484533],1.0.7143
PUP.Optional.InterStat, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\Interstatnogui, Quarantined, [1088], [333863],1.0.7143
PUP.Optional.Wajam, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\WajIEnhance, Quarantined, [207], [244670],1.0.7143
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [207], [-1],0.0.0
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\WebDiscoverBrowser, Quarantined, [1586], [253912],1.0.7143
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Quarantined, [7262], [509886],1.0.7143
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [1586], [253915],1.0.7143
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Quarantined, [7262], [509886],1.0.7143
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, Quarantined, [1586], [253915],1.0.7143
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NjEwZTZlZTh, Quarantined, [464], [556539],1.0.7143
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-18\SOFTWARE\WebDiscoverBrowser, Quarantined, [1586], [253912],1.0.7143
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OGUyNTJjY2ZiM, Quarantined, [4876], [530292],1.0.7143
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Yzk5YWQ4YjcwOGE2N, Quarantined, [464], [535778],1.0.7143
Registry Value: 8
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [207], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [207], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [207], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-767349833-3369627885-2450160680-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [207], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [207], [-1],0.0.0
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{19EC5E1B-C56F-4B40-B7F6-44C3946991E6}|PATH, Quarantined, [5513], [260475],1.0.7143
Adware.FastDataX.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A6B72370-F927-49E3-9E84-8E29A1F5337F}|PATH, Quarantined, [2085], [407189],1.0.7143
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OGUyNTJjY2ZiM|IMAGEPATH, Quarantined, [4876], [530292],1.0.7143
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 13
PUP.Optional.SoftUpgrade, C:\PROGRAM FILES (X86)\SOFTUPGRADE, Quarantined, [5513], [260472],1.0.7143
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL, Quarantined, [398], [479103],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\WEBDISCOVERBROWSER, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.InterStat, C:\USERS\ADMIN\APPDATA\ROAMING\INTERSTATNOGUI, Quarantined, [1088], [333846],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\Locales, Quarantined, [633], [348279],1.0.7143
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\f8dd40bc-2fb3-1, Quarantined, [701], [407181],1.0.7143
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\f8dd40bc-4051-0, Quarantined, [701], [407181],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\install_tmp2, Quarantined, [464], [450113],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\wjm5015.tmp, Quarantined, [464], [511084],1.0.7143
Adware.Wajam, C:\PROGRAM FILES\NjEwZTZlZTh, Quarantined, [464], [556539],1.0.7143
File: 53
PUP.Optional.SoftUpgrade, C:\WINDOWS\SYSTEM32\TASKS\SoftUpgrade, Quarantined, [5513], [260472],1.0.7143
PUP.Optional.SoftUpgrade, C:\PROGRAM FILES (X86)\SOFTUPGRADE\SOFTUP.EXE, Quarantined, [5513], [260472],1.0.7143
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\f8dd40bc-2fb3-1\BITF03A.tmp, Quarantined, [3744], [257931],1.0.7143
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\f8dd40bc-4051-0\BITF164.tmp, Quarantined, [3744], [257931],1.0.7143
Adware.FastDataX.EncJob, C:\WINDOWS\SYSTEM32\TASKS\FASTDATAX TASK, Quarantined, [2085], [407191],1.0.7143
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL\XV.DB, Quarantined, [398], [479103],1.0.7143
Trojan.Agent, C:\Windows\SysWOW64\SSL\cert.db, Quarantined, [398], [479103],1.0.7143
Trojan.Agent, C:\Windows\SysWOW64\SSL\NjgyMmUxMDl 2.cer, Quarantined, [398], [479103],1.0.7143
Trojan.Agent, C:\Windows\SysWOW64\SSL\xtls.db, Quarantined, [398], [479103],1.0.7143
PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Quarantined, [5361], [505085],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\metadata, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\settings.dat, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, Quarantined, [1586], [444086],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\Locales\en-US.pak, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\libEGL.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\browser.exe, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_100_percent.pak, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_200_percent.pak, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_child.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\chrome_elf.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\icudtl.dat, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\libGLESv2.dll, Quarantined, [633], [348279],1.0.7143
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\4.27.2\resources.pak, Quarantined, [633], [348279],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\install_tmp2\s2s_install.exe, Quarantined, [464], [450113],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\wjm5015.tmp\update.exe, Quarantined, [464], [511084],1.0.7143
Adware.Wajam, C:\PROGRAM FILES\NjEwZTZlZTh\WBE_uninstall.dat, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\mozcrt19.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\NDcxMDNiO, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\nspr4.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\nss3.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\plc4.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\plds4.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\service.dat, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\service_64.dat, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\softokn3.dll, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\YWY3ZDcwYmU1ZmV.exe, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\ZDBlM2QwNmYwNDY5OD.exe, Quarantined, [464], [556539],1.0.7143
Adware.Wajam, C:\Program Files\NjEwZTZlZTh\ZjVkNmVjMzllODAxN2Nk.ico, Quarantined, [464], [556539],1.0.7143
MachineLearning/Anomalous.100%, C:\WINDOWS\MMI0M2J.EXE, Quarantined, [0], [392687],1.0.7143
Adware.Wajam.Generic, C:\WINDOWS\GUICZROYNJXOPCLY.GUI, Quarantined, [4876], [530292],1.0.7143
Adware.Wajam, C:\WINDOWS\SYSTEM32\DRIVERS\YZK5YWQ4YJCWOGE2N.SYS, Quarantined, [464], [535778],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\NSK8639.TMP\MVXPBDNIZMS.DLL, Quarantined, [464], [570613],1.0.7143
Adware.FileTour, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\J1JB0FAJ-UPD.EXE, Quarantined, [416], [440055],1.0.7143
Adware.FileTour, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\INSTALL_TMP3\INTER_SILENT.EXE, Quarantined, [416], [440055],1.0.7143
Adware.Adposhel, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\INSTALL_TMP4\SETUP.EXE, Quarantined, [476], [567965],1.0.7143
Adware.Wajam, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\NSZ9320.TMP\MVXPBDNIZMS.DLL, Quarantined, [464], [570613],1.0.7143
Adware.Agent, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\J1JB0FAJ-PROG.EXE, Quarantined, [103], [475129],1.0.7143
PUP.Optional.InstallCore, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\IS-RDL3K.TMP\MUSIC_DOWNLOADER_GURU.EXE, Quarantined, [402], [525623],1.0.7143
Adware.Wajam, C:\WINDOWS\TEMP\NSQE10B.TMP\MVXPBDNIZMS.DLL, Quarantined, [464], [570613],1.0.7143
PUP.Optional.BundleInstaller, C:\USERS\ADMIN\DOWNLOADS\FREEMUSICDOWNLOADER.EXE, Quarantined, [415], [570896],1.0.7143
Adware.Wajam, C:\WINDOWS\TEMP\NSE11E5.TMP\MVXPBDNIZMS.DLL, Quarantined, [464], [570613],1.0.7143
PUP.Optional.InstallCore, C:\USERS\ADMIN\DOWNLOADS\JAVASETUP_2921163428.EXE, Quarantined, [402], [571006],1.0.7143
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Continue reading...