What is DLSecure Toolbar?
The Malwarebytes research team has determined that DLSecure Toolbar is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also installs a toolbar.
How do I know if my computer is affected by DLSecure Toolbar?
You may see this entry in your list of installed software:
this toolbar in your browser(s):
and these warnings during install:
and these browser add-ons:
How did DLSecure Toolbar get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove DLSecure Toolbar?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the Name of the rogue entry.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the DLSecure Toolbar hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Signs in a HijackThis log:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0
O2 - BHO: DLSecure Toolbar - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll
O3 - Toolbar: DLSecure Toolbar - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll
Possible signs in FRST logs: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0
SearchScopes: HKCU -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6277&q={searchTerms}
SearchScopes: HKCU -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6277&q={searchTerms}
BHO-x32: DLSecure Toolbar -> {7bcc228a-c730-4004-93f9-72cbb7033a62} -> C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll [2015-02-10] ()
Toolbar: HKLM - DLSecure Toolbar - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx64.dll [2015-02-10] ()
Toolbar: HKLM-x32 - DLSecure Toolbar - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll [2015-02-10] ()
FF SelectedSearchEngine: Search The Web
FF Homepage: hxxp://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dlsecuretb.xml [2015-07-20]
FF Extension: DLSecure Toolbar - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\Extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e} [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [dfachbhccemanebkkbeppgnnhkpicifp] - https://clients2.google.com/service/update2/crx
C:\ProgramData\EmailNotifier
C:\Program Files (x86)\dlsecuretb
DLSecure Toolbar (HKLM-x32\...\dlsecuretb) (Version: 1.0.4.1 - Visicom Media Inc.)
FirewallRules: [{D66FCA7D-464F-4CA6-8EFE-89390E33F1CC}] => (Allow) C:\Program Files (x86)\dlsecuretb\dtUser.exe
FirewallRules: [{A0C91D01-2886-49BB-9202-39FD5AEA4E71}] => (Allow) C:\Program Files (x86)\dlsecuretb\dtUser.exe
FirewallRules: [{8745CE0C-27C0-4D23-ABAA-380FF92176F8}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{BF579272-1FBC-46C3-BCFE-D1FE29BCAAA3}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exeAlterations made by the installer:File system details [View: All details] (Selection)
---------------------------------------------------
Adds the folder C:\Program Files (x86)\dlsecuretb
Adds the file dlsecureDx.dll"="10/02/2015 15:09, 115224 bytes, A
Adds the file dlsecureDx64.dll"="10/02/2015 15:09, 127512 bytes, A
Adds the file dlsecuretb.dll"="10/02/2015 15:09, 549912 bytes, A
Adds the file dlsecuretb64.dll"="10/02/2015 15:10, 826904 bytes, A
Adds the file dtUser.exe"="10/02/2015 15:10, 511512 bytes, A
Adds the file ffHelper.exe"="10/02/2015 15:10, 104984 bytes, A
Adds the file install.ico"="13/12/2013 21:31, 2238 bytes, A
Adds the file manifest.xml"="10/02/2015 15:02, 866 bytes, A
Adds the file search.ico"="10/02/2015 15:09, 1150 bytes, A
Adds the file uninstall.exe"="10/02/2015 15:10, 398552 bytes, A
Adds the folder C:\Program Files (x86)\dlsecuretb\chrome
Adds the folder C:\Program Files (x86)\dlsecuretb\components
Adds the file windowmediator.js"="12/12/2013 20:52, 2394 bytes, A
In the existing folder C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins
Adds the file dlsecuretb.xml"="20/07/2015 13:33, 2293 bytes, A
Adds the folder C:\ProgramData\EmailNotifier
Adds the file AOL.lnk"="20/07/2015 13:33, 1870 bytes, A
Adds the file EmailNotifier.exe"="10/10/2014 15:07, 1081096 bytes, A
Adds the file EmailNotifier.xml"="12/12/2013 20:52, 696 bytes, A
Adds the file EmailNotifierAPI.dll"="20/08/2010 19:48, 858584 bytes, A
Adds the file EmailNotifierEN.lng"="12/12/2013 20:52, 3497 bytes, A
Adds the file EmailNotifierFR.lng"="12/12/2013 20:52, 3698 bytes, A
Adds the file EmailNotifierHI.lng"="12/12/2013 20:52, 6092 bytes, A
Adds the file EmailNotifierPOL.lng"="12/12/2013 20:52, 3942 bytes, A
Adds the file EmailNotifierRO.lng"="12/12/2013 20:52, 4014 bytes, A
Adds the file EmailNotifierRU.lng"="12/12/2013 20:52, 5668 bytes, A
Adds the file EmailNotifierTHAI.lng"="12/12/2013 20:52, 5840 bytes, A
Adds the file EmailNotifierTUR.lng"="12/12/2013 20:52, 3790 bytes, A
Adds the file Gmail.lnk"="20/07/2015 13:33, 1870 bytes, A
Adds the file Hotmail.lnk"="20/07/2015 13:33, 1870 bytes, A
Adds the file libeay32.dll"="12/12/2013 20:52, 1276416 bytes, A
Adds the file RRTimeWarner.lnk"="20/07/2015 13:33, 1870 bytes, A
Adds the file ssleay32.dll"="12/12/2013 20:52, 335360 bytes, A
Adds the file Yahoo.lnk"="20/07/2015 13:33, 1870 bytes, A
Adds the folder C:\ProgramData\EmailNotifier\dtuser
Adds the folder C:\Users\{username}\AppData\LocalLow\dlsecuretb
Adds the file dtx.ini"="20/07/2015 13:33, 15 bytes, A
Adds the file geodata.xml"="20/07/2015 13:33, 202 bytes, A
Adds the file guid.dat"="20/07/2015 13:33, 32 bytes, A
Adds the file setupCfg.xml"="20/07/2015 13:33, 316 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb
Adds the file geodata.xml"="20/07/2015 13:33, 202 bytes, A
Adds the file guid.dat"="20/07/2015 13:33, 32 bytes, A
Adds the file setupCfg.xml"="20/07/2015 13:33, 390 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e}
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}]
"(Default)"="REG_SZ", "DLSecure Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\Implemented Categories]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\dlsecureDx64.dll"
"ThreadingModel"="REG_SZ", "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}]
"(Default)"="REG_SZ", "DLSecure Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\InprocServer32]
"(Default)"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll"
"ThreadingModel"="REG_SZ", "Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7bcc228a-c730-4004-93f9-72cbb7033a62}"="REG_SZ", "DLSecure Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\dlsecuretb]
"CampaignIdIE"="REG_SZ", "6277"
"MachineID"="REG_SZ", "00C935032CE899F1422AC555ACDC7498"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Email Notifier]
"UpdateUrl"="REG_SZ", "http://emailnotifier.vmn.net/upd/dlsecuretb/version.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dfachbhccemanebkkbeppgnnhkpicifp]
"update_url"="REG_SZ", "https://clients2.google.com/service/update2/crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7bcc228a-c730-4004-93f9-72cbb7033a62}"="REG_SZ", "DLSecure Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7bcc228a-c730-4004-93f9-72cbb7033a62}]
"(Default)"="REG_SZ", "DLSecure Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7BCC228A-C730-4004-93F9-72CBB7033A62}]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\dlsecuretb]
"DisplayIcon"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\install.ico"
"DisplayName"="REG_SZ", "DLSecure Toolbar"
"DisplayVersion"="REG_SZ", "1.0.4.1"
"EstimatedSize"="REG_DWORD", 0
"InstallLocation"="REG_SZ", "C:\Program Files (x86)\dlsecuretb"
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "Visicom Media Inc."
"UninstallString"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8745CE0C-27C0-4D23-ABAA-380FF92176F8}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier|"
"{A0C91D01-2886-49BB-9202-39FD5AEA4E71}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\dlsecuretb\dtUser.exe|Name=DLSecure Toolbar DTX Broker|"
"{BF579272-1FBC-46C3-BCFE-D1FE29BCAAA3}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier|"
"{D66FCA7D-464F-4CA6-8EFE-89390E33F1CC}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\dlsecuretb\dtUser.exe|Name=DLSecure Toolbar DTX Broker|"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page" = REG_SZ, "http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = REG_SZ, "{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
"DisplayName"="REG_SZ", "Search The Web"
"FaviconPath"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\search.ico"
"FaviconURLFallback"="REG_SZ", "http://search.yahoo.com/favicon.ico"
"ShowSearchSuggestions"="REG_DWORD", 1
"SuggestionsURLFallback"="REG_SZ", "http://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"
"URL"="REG_SZ", "http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6277&q={searchTerms}"
Excerpt of the Malwarebytes Anti-Malware log (full log available on request):Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 20/07/2015
Scan Time: 13:46
Logfile: mbamDLSecure.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.20.03
Rootkit Database: v2015.07.17.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326429
Time Elapsed: 4 min, 8 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 12
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\CLASSES\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\CLASSES\CLSID\{7BCC228A-C730-4004-93F9-72CBB7033A62}\INPROCSERVER32, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.DLSecure.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.DLSecure.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.MySearchTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}, Quarantined, [758ea242553588ae6e0e467daa58ee12],
PUP.Optional.MySearchTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}, Quarantined, [758ea242553588ae6e0e467daa58ee12],
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\dlsecuretb, Quarantined, [51b20ed6fa902610a46bb78b5da43fc1],
PUP.Optional.MyStart.A, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}, Quarantined, [ea193da73852f34395fff39774907a86],
Registry Values: 5
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7BCC228A-C730-4004-93F9-72CBB7033A62}, DLSecure Toolbar, Quarantined, [649f72725d2d93a3466ccef49969d030]
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7BCC228A-C730-4004-93F9-72CBB7033A62}, DLSecure Toolbar, Quarantined, [649f72725d2d93a3466ccef49969d030]
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7bcc228a-c730-4004-93f9-72cbb7033a62}, Quarantined, [b54e9e46b4d69e98d0e2af13cd350000],
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7bcc228a-c730-4004-93f9-72cbb7033a62}, Quarantined, [25de27bd94f62a0c2b8715ad6b974cb4],
PUP.Optional.MyStart.A, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}|URL, http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6277&q={searchTerms}, Quarantined, [ea193da73852f34395fff39774907a86]
Registry Data: 1
PUP.Optional.MyStart.A, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0, Good: (www.google.com), Bad: (http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0),Replaced,[45be776d66245ed8818049edfb0aee12]
Folders: 113
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb, Quarantined, [53b0cc183456cb6be4b5846b46bcb54b],
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb\coupons, Quarantined, [53b0cc183456cb6be4b5846b46bcb54b],
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb\weather, Quarantined, [53b0cc183456cb6be4b5846b46bcb54b],
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e}, Quarantined, [1be864805931e2544d4d925d7a88b64a],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\lib, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\modules, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\newtab, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\newtab\images, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.alexa, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.Coupons_v5, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.ebayshortcut, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.facebookshortcut, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.tunein, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.youtubeshortcut, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\data, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\skin, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\components, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
Files: 1546
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dlsecureDx64.dll, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll, Quarantined, [649f72725d2d93a3466ccef49969d030],
PUP.Optional.DLSecure.A, C:\Users\{username}\Desktop\dlsecureTb_1.0.4.1.exe, Quarantined, [be45459f8a00d264a96643ff88793dc3],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\uninstall.exe, Quarantined, [51b20ed6fa902610a46bb78b5da43fc1],
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb\geodata.xml, Quarantined, [53b0cc183456cb6be4b5846b46bcb54b],
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e}\chrome.manifest, Quarantined, [1be864805931e2544d4d925d7a88b64a],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dlsecuretb.dll, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dlsecuretb64.dll, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dtUser.exe, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\ffHelper.exe, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\install.ico, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\manifest.xml, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\search.ico, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\config.xml, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\data\rss\rss.xml, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\data\search\engines.xml, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\data\search\search.xsl, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\skin\blogger.png, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
UP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\components\windowmediator.js, Quarantined, [51b2cf15800af83e4855ba3538cae11f],
PUP.Optional.MyStartTB.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "Search The Web");), Replaced,[e81be7fd5f2bb482eb1b561733d258a8]
PUP.Optional.MyStartTB.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Search The Web");), Replaced,[1de606dea3e7310513f4d89530d514ec]
PUP.Optional.MyStartTB.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0");), Replaced,[b84b7a6a9febb284b45b77f828dd17e9]
PUP.Optional.MyStartTB.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://www.mystart.com/results.php?pr=jomedia&id=dlsecuretb&v=1_0&ent=bs____campaignID___&q=");), Replaced,[e41f20c4008a310593a570ff0ff652ae]
Physical Sectors: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
