Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Adblocker-Bylekh

- - - - -
Started by Metallica , May 14 2015 02:02 AM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 14 May 2015 - 02:02 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Adblocker-Bylekh?

The Malwarebytes research team has determined that Adblocker-Bylekh is adware. These adware applications display advertisements not originating from the sites you are browsing.
Please note that there is also a legitimate program by the name of AdBlock Plus that this one is mimicking.

How do I know if my computer is affected by Adblocker-Bylekh?

You may see this entry in your list of installed programs:

warning4.png

despite of not having the legitimate AdBlock Plus installed.

How did Adblocker-Bylekh get on my computer?

Adware applications use different methods for distributing themselves. This particular one mimicks a legitimate program.

How do I remove Adblocker-Bylekh?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Make sure to enable the Scan for rootkits option under Settings > Detection and Protection
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • After the first reboot you will be prompted to reboot again so Malwarebytes Anti-Malware can restore your internet connection. This is done to repair any damages done during the removal of the LSP hijacker.
  • After this reboot, repeat the Threat scan to remove any rootkit elements that were invisible to Malwarebytes Anti-Malware during the first scan. It will probably find some registry keys that were left behind.
Is there anything else I need to do to get rid of Adblocker-Bylekh?
  • No, following the procedure outlined above, Malwarebytes' Anti-Malware removes Adblocker-Bylekh completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Adblocker-Bylekh adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.




protection1.png


Technical details for experts

You may see these signs in a HijackThis log:



O10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bylekh.dll
O23 - Service: Bylekh - Unknown owner - C:\ProgramData\adblocker\1.1.0.31\Bylekh.exe

VM:
O23 - Service: oqhjedlath - Unknown owner - C:\ProgramData\adblocker\1.1.0.31\hysagie.exe
Possible signs in FRST logs:
() C:\ProgramData\adblocker\1.1.0.31\Bylekh.EXE
() C:\ProgramData\adblocker\1.1.0.31\hyswgie.EXE
() C:\ProgramData\adblocker\1.1.0.31\hysagie.EXE
() C:\ProgramData\adblocker\1.1.0.31\CyeanDowmei.exe
() C:\ProgramData\adblocker\1.1.0.31\hysdgie.exe
Winsock: Catalog9 01 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()
Winsock: Catalog9 15 C:\Windows\SysWOW64\Bylekh.dll [328704 2015-05-15] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()
Winsock: Catalog9-x64 15 C:\Windows\system32\Bylekh64.dll [398336 2015-05-15] ()
Locked "kozitevc" service could not be unlocked. <===== ATTENTION
Locked "oqhjedlath" service could not be unlocked. <===== ATTENTION
Locked "tammgF120" service could not be unlocked. <===== ATTENTION
Locked "tammgR120" service could not be unlocked. <===== ATTENTION
Locked "XuippuLonfix" service could not be unlocked. <===== ATTENTION
R3 Bylekh; C:\ProgramData\adblocker\1.1.0.31\Bylekh.exe [0 ] () <==== ATTENTION (zero size file/folder)
R5 tammgF120; C:\Windows\System32\Drivers\tammgF120.sys [34952 2015-05-15] () [File not signed]
R5 tammgR120; C:\Windows\System32\Drivers\tammgR120.sys [36488 2015-05-15] () [File not signed]
R5 kozitevc;  <===== ATTENTION Locked Service
R5 oqhjedlath;  <===== ATTENTION Locked Service
R5 tammgF120;  <===== ATTENTION Locked Service
R5 tammgR120;  <===== ATTENTION Locked Service
R5 XuippuLonfix;  <===== ATTENTION Locked Service
 () C:\Windows\SysWOW64\Bylekh.ini
 () C:\Windows\SysWOW64\BylekhOff.ini
 () C:\Windows\system32\BylekhOff.ini
 () C:\Windows\system32\Drivers\tammgR120.sys
 () C:\Windows\system32\Drivers\tammgF120.sys
 () C:\ProgramData\adblocker
 () C:\Windows\system32\Bylekh64.dll
 () C:\Windows\SysWOW64\Bylekh.dll

adblocker (HKLM-x32\...\{67436C6F-CD49-45A7-8BF3-8FA8C6193C7A}) (Version: 1.1.0.31 - adblocker)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Bylekh => ""="service"
FirewallRules: [{DF955721-1862-4F11-806D-DF603B958BB8}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXE
FirewallRules: [{22CDEE43-97AF-430D-B466-EBA50878F211}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXE
FirewallRules: [{68555BCE-3B8C-4269-A73D-0F5BC8F28007}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXE
FirewallRules: [{807828B1-2CA0-46E9-83D8-1687E4B74C19}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXE
FirewallRules: [{D8A7E579-BE64-495D-85E7-1E5BEAE734E7}] => (Allow) C:\ProgramData\adblocker\1.1.0.31\hysagie.EXE
Malwarebytes Anti-Malware log (first scan):
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/15/2015
Scan Time: 1:45:29 PM
Logfile: mbamAdblockerBylekh.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.15.02
Rootkit Database: v2015.05.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324247
Time Elapsed: 4 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 6
PUP.Optional.Bylekh.A, c:\programdata\adblocker\1.1.0.31\bylekh.exe, 624, Delete-on-Reboot, [9d51563daae08caaab975914d134d42c]
Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\bylekh.exe, 624, Delete-on-Reboot, [be3099fa4d3d5fd74718501daa5b41bf]
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\cyeandowmei.exe, 3700, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e]
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysagie.exe, 3540, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e]
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysdgie.exe, 3924, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e]
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hyswgie.exe, 3336, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e]

Modules: 8
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nss3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\freebl3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysdgieu.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libnspr4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libplc4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libplds4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nssutil3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\smime3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 

Registry Keys: 113
PUP.Optional.Bylekh.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Bylekh, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [9d51563daae08caaab975914d134d42c], 
PUP.Optional.Bylekh.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [9d51563daae08caaab975914d134d42c], 
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tammgF120, Delete-on-Reboot, [27c7a0f3d9b1181e677dfb704cb9d32d], 
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tammgR120, Delete-on-Reboot, [ee00d4bf2763af872cb88fdc30d5a957], 
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BYLEKH, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1222D683-AB38-4AD9-86D0-8CA1DC394B9A}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1D506768-3568-4881-9517-1C3F90090226}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{43AA3F62-61C7-44B0-AAC7-7A0124042EEB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DFB9594-757F-4616-80FB-82A0CB16C53E}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{699BFD61-DB21-4DB1-8658-764276D648B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7667CD7C-F457-4E8D-99B1-1E96B74855F8}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9507717F-655A-4CE3-864D-9C77C600EDFA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9F85BA58-40A5-40DA-81E3-F32C20B63DEA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A1155131-F0D6-4957-86DA-364BB44085AA}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A14EC9ED-E36F-40C7-87A4-428CFE07D5B5}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B49688A3-86D3-4235-9063-A1F55CB30D3D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B4B3B7FA-2605-4DF6-8E8B-6C0E937256C6}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C7C27183-E9D6-4323-83C5-C6D14F41E9AB}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8D489CE-98E1-481A-8413-57B72A9E4450}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D9032491-7C18-4C8E-8E6E-FC6FD64C43C4}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DC1C5FCF-562C-4B9B-89CF-0FAD7A546F8D}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FF63FC4A-F329-4E4F-9B85-A5D66C0EC061}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
Rootkit.Agent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{87463A26-DDF2-405B-82F0-47CEB99C4F43}, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{67436C6F-CD49-45A7-8BF3-8FA8C6193C7A}, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], 

Registry Values: 1
Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Bylekh|ImagePath, C:\ProgramData\adblocker\1.1.0.31\Bylekh.exe, Quarantined, [be3099fa4d3d5fd74718501daa5b41bf]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.MultiPlug, c:\programdata\adblocker, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 

Files: 55
Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammg.sys, Delete-on-Reboot, [32bc692acbbf1125a560b6a370961ce4], 
Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgd.sys, Delete-on-Reboot, [cb23098a92f89d99ea1bd4859d69f709], 
Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgf.sys, Delete-on-Reboot, [4ea0dcb7583248ee7c8998c132d4bf41], 
Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgfd.sys, Delete-on-Reboot, [c12d5241acdec96df90cc8916e9828d8], 
Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgod.sys, Delete-on-Reboot, [fcf2f3a0315970c6966f3326bd494bb5], 
Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgr.sys, Delete-on-Reboot, [7579e6addab0f2449c693920e521bd43], 
Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\tammgrd.sys, Delete-on-Reboot, [ffefdcb7cdbd1a1c8a7b174256b0ad53], 
PUP.Optional.Adblocker.A, C:\Users\{username}\Desktop\AdBlocker-Bylekh installer.exe, Quarantined, [23cb95fe07833afc78369faecf34916f], 
Rootkit.Agent.A, c:\windows\system32\drivers\tammgf120.sys, Delete-on-Reboot, [2fbf2172becc6dc908fd66f3cb3b966a], 
Rootkit.Agent.A, c:\windows\system32\drivers\tammgr120.sys, Delete-on-Reboot, [836b7a191f6b15212bda5405e323c838], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\Bylekh.dll, Delete-on-Reboot, [608e0d863654af87005ba8c56a9b2dd3], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\Bylekh.ini, Quarantined, [717dc4cf4545df574814b2bb51b450b0], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\Bylekh64.dll, Delete-on-Reboot, [945a1e75e5a5c07691ccdd90e71eee12], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\BylekhOff.ini, Quarantined, [5a94e7acdeac41f5a3bbbab3b055d828], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\BylekhOff.ini, Quarantined, [f9f5c0d3bcce9e98d688333afb0a6997], 
PUP.Optional.Bylekh.A, c:\programdata\adblocker\1.1.0.31\bylekh.exe, Delete-on-Reboot, [9d51563daae08caaab975914d134d42c], 
Rootkit.Agent.A, c:\programdata\adblocker\1.1.0.31\bylekh.exe, Delete-on-Reboot, [be3099fa4d3d5fd74718501daa5b41bf], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nss3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\bylekh.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\bylekh64.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\cyeandowmei.exe, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\freebl3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysagie.exe, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysdgie.exe, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hysdgieu.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\hyswgie.exe, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\jebjoelc.dat, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\jebjoelcb.dat, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libnspr4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libplc4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\libplds4.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\logo.ico, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nssckbi.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nssdbm3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\nssutil3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\oukaqxurpi.exe, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\oukaqxurpi64.exe, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\smime3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\softokn3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\sqlite3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\ssl3.dll, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammg.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgd.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgf.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgfd.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgod.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgr.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\tammgrd.sys, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\uninstaller.exe, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\utils.exe, Quarantined, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\conagouvgi.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\jquery4toolbar.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\nazfauhuvu.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\neagnhsas.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 
PUP.Optional.MultiPlug, c:\programdata\adblocker\1.1.0.31\content\selloxjes.js, Delete-on-Reboot, [c628a3f0adddb5815a6bbc00867df20e], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.