Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Quiknowledge

- - - - -
Started by Metallica , Mar 08 2014 07:20 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 08 March 2014 - 07:20 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Quiknowledge?

The Malwarebytes research team has determined that Quiknowledge is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is effected by Quiknowledge?

This is how the startpage looks:

Posted Image

And you may see these toolbars/add-ons:

Posted Image

Posted Image

Posted Image

or this warning:

Posted Image

How did Quiknowledge get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Quiknowledge?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:

    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.


Is there anything else I need to do to get rid of Quiknowledge?
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Quiknowledge 1.9.0.1 listing. Then confirm removal.

How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Quiknowledge hijacker. It would have warned you before the browser helper object could install itself, giving you a chance to stop it before it became too late.


Posted Image

Technical details for experts

Signs in a HijackThis log:
O2 - BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll
O23 - Service: Quiknowledge Client Service (qksvc) - Quiknowledge - C:\Program Files\Quiknowledge\Service\qksvc.exe

Alterations made by the installer:
File system details 
---------------------------------------------
    Adds the folder C:\Program Files\Mozilla Firefox\extensions\[email protected]
       Adds the file browser.js"="2/6/2014 12:13 AM, 799 bytes, A
       Adds the file browser.xul"="2/6/2014 12:13 AM, 252 bytes, A
       Adds the file chrome.manifest"="3/8/2014 1:33 PM, 135 bytes, A
       Adds the file icon-48.png"="7/13/2013 12:29 AM, 3537 bytes, A
       Adds the file icon-64.png"="7/13/2013 12:29 AM, 4690 bytes, A
       Adds the file install.rdf"="3/8/2014 1:33 PM, 823 bytes, A
       Adds the file vitruvian.bootstrap.js"="3/8/2014 1:33 PM, 1932 bytes, A
       Adds the file vitruvian.plugin-api.js"="2/6/2014 12:13 AM, 2556 bytes, A
    Adds the folder C:\Program Files\Quiknowledge
       Adds the file terms-of-service.rtf"="2/6/2014 12:08 AM, 24427 bytes, A
       Adds the file Uninstall.exe"="3/8/2014 1:33 PM, 338742 bytes, A
    Adds the folder C:\Program Files\Quiknowledge\3rd Party Licenses
       Adds the file buildcrx-license.txt"="7/13/2013 12:29 AM, 7074 bytes, A
       Adds the file Info-ZIP-license.txt"="7/13/2013 12:29 AM, 2944 bytes, A
       Adds the file nsJSON-license.txt"="7/13/2013 12:29 AM, 809 bytes, A
       Adds the file SimpleSC-license.txt"="9/6/2013 11:22 PM, 1293 bytes, A
       Adds the file UAC-license.txt"="7/13/2013 12:29 AM, 956 bytes, A
    Adds the folder C:\Program Files\Quiknowledge\Chrome
       Adds the file dfgikfbdnbkcddjkkcfjchpbgoeiecaj.crx"="3/8/2014 1:33 PM, 20875 bytes, A
    Adds the folder C:\Program Files\Quiknowledge\FireFox
       Adds the file [email protected]"="3/8/2014 1:33 PM, 12614 bytes, A
    Adds the folder C:\Program Files\Quiknowledge\IE
       Adds the file QuiknowledgeClientIE.dll"="2/6/2014 12:12 AM, 147560 bytes, A
    Adds the folder C:\Program Files\Quiknowledge\Service
       Adds the file qksvc.exe"="2/6/2014 12:13 AM, 273000 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0
       Adds the file background.html"="7/13/2013 12:29 AM, 37 bytes, A
       Adds the file background.js"="2/6/2014 12:13 AM, 2151 bytes, A
       Adds the file icon-128.png"="7/13/2013 12:29 AM, 9739 bytes, A
       Adds the file icon-16.png"="7/13/2013 12:29 AM, 1589 bytes, A
       Adds the file icon-48.png"="7/13/2013 12:29 AM, 3537 bytes, A
       Adds the file manifest.json"="3/8/2014 1:33 PM, 997 bytes, A
       Adds the file options.css"="2/6/2014 12:13 AM, 546 bytes, A
       Adds the file options.html"="3/8/2014 1:33 PM, 836 bytes, A
       Adds the file options.js"="2/6/2014 12:13 AM, 496 bytes, A
       Adds the file vitruvian.bootstrap.js"="3/8/2014 1:33 PM, 1908 bytes, A
       Adds the file vitruvian.plugin-api.js"="2/6/2014 12:13 AM, 1535 bytes, A
    In the existing folder C:\Windows\System32\drivers
       Adds the file qknfd.sys"="2/6/2014 12:13 AM, 52752 bytes, A

Registry details [View: All details] (All)
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}]
       "(Default)"="REG_SZ, "Quiknowledge"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\InprocServer32]
       "(Default)"="REG_SZ, "C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll"
       "ThreadingModel"="REG_SZ, "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\TypeLib]
       "(Default)"="REG_SZ, "{F213853A-D221-4C97-8A4B-7E0AC63F31A1}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\Version]
       "(Default)"="REG_SZ, "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}]
       "(Default)"="REG_SZ, "IBrowserHelperObject"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}\ProxyStubClsid]
       "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}\ProxyStubClsid32]
       "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}\TypeLib]
       "(Default)"="REG_SZ, "{F213853A-D221-4C97-8A4B-7E0AC63F31A1}"
       "Version"="REG_SZ, "1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}\1.0]
       "(Default)"="REG_SZ, "VitruvianClientIELib"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}\1.0\0\win32]
       "(Default)"="REG_SZ, "C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}\1.0\FLAGS]
       "(Default)"="REG_SZ, "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}\1.0\HELPDIR]
       "(Default)"="REG_SZ, "C:\Program Files\Quiknowledge\IE"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj]
       "path"="REG_SZ, "C:\Program Files\Quiknowledge\Chrome\dfgikfbdnbkcddjkkcfjchpbgoeiecaj.crx"
       "version"="REG_SZ, "1.9.0.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}]
       "(Default)"="REG_SZ, "Quiknowledge"
       "NoExplorer"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quiknowledge]
       "DisplayIcon"="REG_SZ, "C:\Program Files\Quiknowledge\Uninstall.exe"
       "DisplayName"="REG_SZ, "Quiknowledge"
       "DisplayVersion"="REG_SZ, "1.9.0.1"
       "NoModify"="REG_DWORD, 1"
       "NoRepair"="REG_DWORD, 1"
       "Publisher"="REG_SZ, "Quiknowledge"
       "UninstallString"="REG_SZ, "C:\Program Files\Quiknowledge\Uninstall.exe"
       "URLInfoAbout"="REG_SZ, "http://www.quiknowledge.com"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
       "[email protected]"="REG_SZ, "C:\Program Files\Mozilla Firefox\extensions\[email protected]"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Quiknowledge]
       "cr-at"="REG_SZ, "AF227EED-BBA9-23F0-4AD7-B6C9E7D1F4C7"
       "cr-pid"="REG_SZ, "A553B792-D94D-4A20-9B14-41B7CB442384"
       "cr-ver"="REG_SZ, "32.0.1700.107"
       "dbsr"="REG_SZ, "iexplore"
       "ff-at"="REG_SZ, "8BF4892D-9C21-9D43-2200-B251212DBEF6"
       "ff-pid"="REG_SZ, "BE377FD9-B4A2-4BE7-ADD6-C480E8F49A01"
       "ff-ver"="REG_SZ, "25.0 (en-US)"
       "hid"="REG_SZ, "EAB871D2-7CB3-316A-5E47-5DCF98DEC0A8"
       "ie-at"="REG_SZ, "F7C2D3CB-709B-43BA-A755-1E1820CCCE7F"
       "ie-pid"="REG_SZ, "78A1B117-878A-47DC-96F1-61C486B9CC17"
       "ie-ver"="REG_SZ, "11.0.9600.16428"
       "iid"="REG_SZ, "00000000-0000-0000-0000-000000000000"
       "itm"="REG_SZ, "2014-03-08T12:33:04Z"
       "nf-at"="REG_SZ, "6F65998F-2F66-D378-A25C-92159B247329"
       "nf-pid"="REG_SZ, "955B0E39-9BEC-4361-A303-E0BCEE4C5875"
       "nid"="REG_SZ, "8D41449E-BF91-4FFA-A606-498E2B5BF005"
       "osn"="REG_SZ, "Windows 7 Ultimate N"
       "ost"="REG_SZ, "x32"
       "osv"="REG_SZ, "6.1.7601"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qknfd]
       "DisplayName"="REG_SZ, "qknfd"
       "ErrorControl"="REG_DWORD, 1"
       "Group"="REG_SZ, "PNP_TDI"
       "ImagePath"="REG_EXPAND_SZ, "system32\drivers\qknfd.sys"
       "Start"="REG_DWORD, 1"
       "Tag"="REG_DWORD, 10"
       "Type"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qknfd\Enum]
       "0"="REG_SZ, "Root\LEGACY_QKNFD\0000"
       "Count"="REG_DWORD, 1"
       "NextInstance"="REG_DWORD, 1"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qksvc]
       "Description"="REG_SZ, "This service enables Quiknowledge on HTTP websites"
       "DisplayName"="REG_SZ, "Quiknowledge Client Service"
       "ErrorControl"="REG_DWORD, 1"
       "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files\Quiknowledge\Service\qksvc.exe""
       "ObjectName"="REG_SZ, "LocalSystem"
       "Start"="REG_DWORD, 2"
       "Type"="REG_DWORD, 16"

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/8/2014
Scan Time: 1:44:36 PM
Logfile: mbamQuiknowledge.txt
Administrator: Yes

Version: 2.00.0.0504
Malware Database: v2014.03.08.04
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 199400
Time Elapsed: 2 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\Service\qksvc.exe, 6668, Delete-on-Reboot, [2fa5c63a0675e650d7bb5253a55c8977]

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.Quiknowledge.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qksvc, Quarantined, [2fa5c63a0675e650d7bb5253a55c8977], 
PUP.Optional.Quiknowledge.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qknfd, Quarantined, [32a2fe025a2170c62c66f7ae4ab74db3], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [2ea655ab205bd95df89a52536c95f20e], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}, Quarantined, [2ea655ab205bd95df89a52536c95f20e], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}, Quarantined, [2ea655ab205bd95df89a52536c95f20e], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [2ea655ab205bd95df89a52536c95f20e], 
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [2ea655ab205bd95df89a52536c95f20e], 
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [2ea655ab205bd95df89a52536c95f20e], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [2ea655ab205bd95df89a52536c95f20e], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\INPROCSERVER32, Quarantined, [2ea655ab205bd95df89a52536c95f20e], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Quiknowledge, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [e0f4ab55b0cb3ff79c10eda7f40e5ba5], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dfgikfbdnbkcddjkkcfjchpbgoeiecaj, Quarantined, [9f3570906b1078befb5d256a8d75d729], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\QUIKNOWLEDGE, Quarantined, [43913bc5de9d04322d2de8a709f95fa1], 

Registry Values: 3
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files\Mozilla Firefox\extensions\[email protected], Quarantined, [468ec53b750666d00c4dd6b947bbf709]
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\QUIKNOWLEDGE|ie-ver, 11.0.9600.16428, Quarantined, [43913bc5de9d04322d2de8a709f95fa1]
PUP.Optional.Quiknowledge.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\QKSVC|ImagePath, "C:\Program Files\Quiknowledge\Service\qksvc.exe", Quarantined, [7064966ad3a8ec4af566cfc0f30f8080]

Registry Data: 0
(No malicious items detected)

Folders: 12
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge, Delete-on-Reboot, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\3rd Party Licenses, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\Chrome, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\FireFox, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\IE, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\Service, Delete-on-Reboot, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [ce062cd48fecfe38d9ef365e53afe31d], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Mozilla Firefox\extensions\[email protected], Quarantined, [1abab24e3a41d75fc565206fde248977], 

Files: 42
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\Service\qksvc.exe, Delete-on-Reboot, [2fa5c63a0675e650d7bb5253a55c8977], 
PUP.Optional.Quiknowledge.A, C:\Windows\System32\drivers\qknfd.sys, Quarantined, [32a2fe025a2170c62c66f7ae4ab74db3], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll, Quarantined, [2ea655ab205bd95df89a52536c95f20e], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\Desktop\quiknowledge-setup-1.9.0.1.exe, Quarantined, [d202e020e9921620e1b1822348b935cb], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\terms-of-service.rtf, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\Uninstall.exe, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\3rd Party Licenses\buildcrx-license.txt, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\3rd Party Licenses\nsJSON-license.txt, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\3rd Party Licenses\SimpleSC-license.txt, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\3rd Party Licenses\UAC-license.txt, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\Chrome\dfgikfbdnbkcddjkkcfjchpbgoeiecaj.crx, Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Quiknowledge\FireFox\[email protected], Quarantined, [33a1a0600477270fb1a697f816ec26da], 
PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [ce062cd48fecfe38d9ef365e53afe31d], 
PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [b222897789f257dfe85a4e47f30ff20e], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [963e2dd39ddeb0868014a1eb47bbcc34], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\background.html, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\background.js, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\icon-128.png, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\icon-16.png, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\icon-48.png, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\manifest.json, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\options.css, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\options.html, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\options.js, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\vitruvian.bootstrap.js, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfgikfbdnbkcddjkkcfjchpbgoeiecaj\1.9.0.1_0\vitruvian.plugin-api.js, Quarantined, [488c17e97902b28431f8d0bf12f0c838], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Mozilla Firefox\extensions\[email protected]\browser.js, Quarantined, [1abab24e3a41d75fc565206fde248977], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Mozilla Firefox\extensions\[email protected]\browser.xul, Quarantined, [1abab24e3a41d75fc565206fde248977], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Mozilla Firefox\extensions\[email protected]\chrome.manifest, Quarantined, [1abab24e3a41d75fc565206fde248977], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Mozilla Firefox\extensions\[email protected]\icon-48.png, Quarantined, [1abab24e3a41d75fc565206fde248977], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Mozilla Firefox\extensions\[email protected]\icon-64.png, Quarantined, [1abab24e3a41d75fc565206fde248977], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Mozilla Firefox\extensions\[email protected]\install.rdf, Quarantined, [1abab24e3a41d75fc565206fde248977], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Mozilla Firefox\extensions\[email protected]\vitruvian.bootstrap.js, Quarantined, [1abab24e3a41d75fc565206fde248977], 
PUP.Optional.Quiknowledge.A, C:\Program Files\Mozilla Firefox\extensions\[email protected]\vitruvian.plugin-api.js, Quarantined, [1abab24e3a41d75fc565206fde248977], 

Physical Sectors: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.