What is SushiLeads?
The Malwarebytes research team has determined that SushiLeads is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by SushiLeads?
You may see this entry in your list of installed programs:
How did SushiLeads get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove SushiLeads?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes SushiLeads completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the SushiLeads adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O23 - Service: SushiLeads Update (sushileadsupd) - SushiLeads - C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe
You may see these signs in FRST logs:
(SushiLeads) C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:47574 R2 sushileadsupd; C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe [1092096 2015-06-03] (SushiLeads) [] R1 SushiLUpdd; C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushildrw.sys [61872 2015-06-03] () () C:\ProgramData\SushiLeadsAgent () C:\Program Files\Common Files\SushiLeads SushiLeads (HKLM-x32\...\SushiLeads Client) (Version: 1.0.0.21 - SushiLeads)
Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Common Files\SushiLeads\SushiLeads Client Adds the file sushildrw.sys"="03-Jun-15 12:06 AM, 61872 bytes, A Adds the file sushileadsa.exe"="03-Jun-15 12:04 AM, 219136 bytes, A Adds the file sushileadss.exe"="03-Jun-15 12:06 AM, 1092096 bytes, A Adds the file sushili32.dll"="03-Jun-15 12:04 AM, 676352 bytes, A Adds the file sushili64.dll"="03-Jun-15 12:05 AM, 843264 bytes, A Adds the file uninstall.exe"="12-Jun-15 10:08 AM, 150160 bytes, A Adds the folder C:\ProgramData\SushiLeadsAgent Adds the file startprocess.js"="12-Jun-15 10:08 AM, 414 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\SushiLeadsAgent\SushiLUpd] "Default1"="REG_BINARY, .................................................. "Default2"="REG_BINARY, .......................................................................................................... "DefTimeL"="REG_QWORD, .... [HKEY_LOCAL_MACHINE\SOFTWARE\SushiLeadsAgent\SushiLUpd\Users\Default] "Default3"="REG_BINARY, .................................... [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SushiLeads Client] "DisplayIcon"="REG_SZ", "C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe" "DisplayName"="REG_SZ", "SushiLeads" "DisplayVersion"="REG_SZ", "1.0.0.21" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "SushiLeads" "UninstallString"="REG_SZ", ""C:\Program Files\Common Files\SushiLeads\SushiLeads Client\uninstall.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SushiLeadsAgent\SushiLUpd] "Default1"="REG_BINARY, .................................................. "Default2"="REG_BINARY, ......................................................................................................................... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sushileadsupd] "Description"="REG_SZ", "Enables you to find the best service professionals in your area and compare offers." "DisplayName"="REG_SZ", "SushiLeads Update" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe /service" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SushiLUpdd] "DisplayName"="REG_SZ", "SushiLeadsD" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "\??\C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushildrw.sys" "Start"="REG_DWORD", 1 "Type"="REG_DWORD", 1 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable"="REG_DWORD", 1 "ProxyServer"="REG_SZ", "http=127.0.0.1:47574"Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12-Jun-15 Scan Time: 10:22:37 AM Logfile: mbamSushiLeads2.txt Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.06.12.01 Rootkit Database: v2015.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 346224 Time Elapsed: 29 min, 34 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe, 2932, Delete-on-Reboot, [5d747148e4a6da5cb787a1dae61a916f] Modules: 0 (No malicious items detected) Registry Keys: 5 PUP.Optional.SushiLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\sushileadsupd, Quarantined, [5d747148e4a6da5cb787a1dae61a916f], PUP.Optional.SushiLeads.A, HKLM\SOFTWARE\SushiLeadsAgent, Quarantined, [b61b3f7adfab072f3f4ca448689b4cb4], PUP.Optional.SushiLeads.A, HKLM\SOFTWARE\WOW6432NODE\SushiLeadsAgent, Quarantined, [69681a9f4743092d5b303bb1689b43bd], PUP.Optional.SushiLeads.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SushiLeads Client, Quarantined, [636e0bae06849c9af6944ba155ae2dd3], PUP.Optional.SushiLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SushiLUpdd, Quarantined, [d9f848716c1e7eb8860807e5b152a060], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.SushiLeads.A, C:\ProgramData\SushiLeadsAgent, Quarantined, [676a1d9ce2a8280e0017faf2659ef40c], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads, Delete-on-Reboot, [e6ebf9c06129a98d4fc96a822ed5de22], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client, Delete-on-Reboot, [e6ebf9c06129a98d4fc96a822ed5de22], Files: 8 PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe, Delete-on-Reboot, [5d747148e4a6da5cb787a1dae61a916f], PUP.Optional.SushiLeads.A, C:\Users\{username}\Desktop\SushiLeads2.exe, Quarantined, [c30ec1f8a7e343f34fefd7a4cf31f709], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushildrw.sys, Quarantined, [d9f848716c1e7eb8860807e5b152a060], PUP.Optional.SushiLeads.A, C:\ProgramData\SushiLeadsAgent\startprocess.js, Quarantined, [676a1d9ce2a8280e0017faf2659ef40c], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadsa.exe, Quarantined, [e6ebf9c06129a98d4fc96a822ed5de22], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushili32.dll, Delete-on-Reboot, [e6ebf9c06129a98d4fc96a822ed5de22], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushili64.dll, Delete-on-Reboot, [e6ebf9c06129a98d4fc96a822ed5de22], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\uninstall.exe, Quarantined, [e6ebf9c06129a98d4fc96a822ed5de22], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention