Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for DLSecure Toolbar

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,369 posts
Content is republished with permission from Malwarebytes.

What is DLSecure Toolbar?

The Malwarebytes research team has determined that DLSecure Toolbar is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also installs a toolbar.

How do I know if my computer is affected by DLSecure Toolbar?

You may see this entry in your list of installed software:

warning4.png

this toolbar in your browser(s):

icons.png

and these warnings during install:

main.png

warning1.png

and these browser add-ons:

warning2.png

warning3.png

warning5.png

How did DLSecure Toolbar get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove DLSecure Toolbar?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of DLSecure Toolbar?
  • If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the Name of the rogue entry.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the DLSecure Toolbar hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png


Technical details for experts

Signs in a HijackThis log:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0
O2 - BHO: DLSecure Toolbar - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll
O3 - Toolbar: DLSecure Toolbar - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll
Possible signs in FRST logs:

 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0
 SearchScopes: HKCU -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6277&q={searchTerms}
 SearchScopes: HKCU -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6277&q={searchTerms}
 BHO-x32: DLSecure Toolbar -> {7bcc228a-c730-4004-93f9-72cbb7033a62} -> C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll [2015-02-10] ()
 Toolbar: HKLM - DLSecure Toolbar - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx64.dll [2015-02-10] ()
 Toolbar: HKLM-x32 - DLSecure Toolbar - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll [2015-02-10] ()
 FF SelectedSearchEngine: Search The Web
 FF Homepage: hxxp://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0
 FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dlsecuretb.xml [2015-07-20]
 FF Extension: DLSecure Toolbar - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\Extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e} [2015-07-20]
 CHR HKLM-x32\...\Chrome\Extension: [dfachbhccemanebkkbeppgnnhkpicifp] - https://clients2.google.com/service/update2/crx
 C:\ProgramData\EmailNotifier
 C:\Program Files (x86)\dlsecuretb

DLSecure Toolbar (HKLM-x32\...\dlsecuretb) (Version: 1.0.4.1 - Visicom Media Inc.)
FirewallRules: [{D66FCA7D-464F-4CA6-8EFE-89390E33F1CC}] => (Allow) C:\Program Files (x86)\dlsecuretb\dtUser.exe
FirewallRules: [{A0C91D01-2886-49BB-9202-39FD5AEA4E71}] => (Allow) C:\Program Files (x86)\dlsecuretb\dtUser.exe
FirewallRules: [{8745CE0C-27C0-4D23-ABAA-380FF92176F8}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{BF579272-1FBC-46C3-BCFE-D1FE29BCAAA3}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
Alterations made by the installer:

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\dlsecuretb
       Adds the file dlsecureDx.dll"="10/02/2015 15:09, 115224 bytes, A
       Adds the file dlsecureDx64.dll"="10/02/2015 15:09, 127512 bytes, A
       Adds the file dlsecuretb.dll"="10/02/2015 15:09, 549912 bytes, A
       Adds the file dlsecuretb64.dll"="10/02/2015 15:10, 826904 bytes, A
       Adds the file dtUser.exe"="10/02/2015 15:10, 511512 bytes, A
       Adds the file ffHelper.exe"="10/02/2015 15:10, 104984 bytes, A
       Adds the file install.ico"="13/12/2013 21:31, 2238 bytes, A
       Adds the file manifest.xml"="10/02/2015 15:02, 866 bytes, A
       Adds the file search.ico"="10/02/2015 15:09, 1150 bytes, A
       Adds the file uninstall.exe"="10/02/2015 15:10, 398552 bytes, A
    Adds the folder C:\Program Files (x86)\dlsecuretb\chrome
    Adds the folder C:\Program Files (x86)\dlsecuretb\components
       Adds the file windowmediator.js"="12/12/2013 20:52, 2394 bytes, A
    In the existing folder C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins
       Adds the file dlsecuretb.xml"="20/07/2015 13:33, 2293 bytes, A
    Adds the folder C:\ProgramData\EmailNotifier
       Adds the file AOL.lnk"="20/07/2015 13:33, 1870 bytes, A
       Adds the file EmailNotifier.exe"="10/10/2014 15:07, 1081096 bytes, A
       Adds the file EmailNotifier.xml"="12/12/2013 20:52, 696 bytes, A
       Adds the file EmailNotifierAPI.dll"="20/08/2010 19:48, 858584 bytes, A
       Adds the file EmailNotifierEN.lng"="12/12/2013 20:52, 3497 bytes, A
       Adds the file EmailNotifierFR.lng"="12/12/2013 20:52, 3698 bytes, A
       Adds the file EmailNotifierHI.lng"="12/12/2013 20:52, 6092 bytes, A
       Adds the file EmailNotifierPOL.lng"="12/12/2013 20:52, 3942 bytes, A
       Adds the file EmailNotifierRO.lng"="12/12/2013 20:52, 4014 bytes, A
       Adds the file EmailNotifierRU.lng"="12/12/2013 20:52, 5668 bytes, A
       Adds the file EmailNotifierTHAI.lng"="12/12/2013 20:52, 5840 bytes, A
       Adds the file EmailNotifierTUR.lng"="12/12/2013 20:52, 3790 bytes, A
       Adds the file Gmail.lnk"="20/07/2015 13:33, 1870 bytes, A
       Adds the file Hotmail.lnk"="20/07/2015 13:33, 1870 bytes, A
       Adds the file libeay32.dll"="12/12/2013 20:52, 1276416 bytes, A
       Adds the file RRTimeWarner.lnk"="20/07/2015 13:33, 1870 bytes, A
       Adds the file ssleay32.dll"="12/12/2013 20:52, 335360 bytes, A
       Adds the file Yahoo.lnk"="20/07/2015 13:33, 1870 bytes, A
    Adds the folder C:\ProgramData\EmailNotifier\dtuser
    Adds the folder C:\Users\{username}\AppData\LocalLow\dlsecuretb
       Adds the file dtx.ini"="20/07/2015 13:33, 15 bytes, A
       Adds the file geodata.xml"="20/07/2015 13:33, 202 bytes, A
       Adds the file guid.dat"="20/07/2015 13:33, 32 bytes, A
       Adds the file setupCfg.xml"="20/07/2015 13:33, 316 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb
       Adds the file geodata.xml"="20/07/2015 13:33, 202 bytes, A
       Adds the file guid.dat"="20/07/2015 13:33, 32 bytes, A
       Adds the file setupCfg.xml"="20/07/2015 13:33, 390 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e}

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}]
       "(Default)"="REG_SZ", "DLSecure Toolbar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\Implemented Categories]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\dlsecureDx64.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}]
       "(Default)"="REG_SZ", "DLSecure Toolbar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
       "{7bcc228a-c730-4004-93f9-72cbb7033a62}"="REG_SZ", "DLSecure Toolbar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\dlsecuretb]
       "CampaignIdIE"="REG_SZ", "6277"
       "MachineID"="REG_SZ", "00C935032CE899F1422AC555ACDC7498"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Email Notifier]
       "UpdateUrl"="REG_SZ", "http://emailnotifier.vmn.net/upd/dlsecuretb/version.xml"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dfachbhccemanebkkbeppgnnhkpicifp]
       "update_url"="REG_SZ", "https://clients2.google.com/service/update2/crx"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
       "{7bcc228a-c730-4004-93f9-72cbb7033a62}"="REG_SZ", "DLSecure Toolbar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7bcc228a-c730-4004-93f9-72cbb7033a62}]
       "(Default)"="REG_SZ", "DLSecure Toolbar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7BCC228A-C730-4004-93F9-72CBB7033A62}]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\dlsecuretb]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\install.ico"
       "DisplayName"="REG_SZ", "DLSecure Toolbar"
       "DisplayVersion"="REG_SZ", "1.0.4.1"
       "EstimatedSize"="REG_DWORD", 0
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\dlsecuretb"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Visicom Media Inc."
       "UninstallString"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\uninstall.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
       "{8745CE0C-27C0-4D23-ABAA-380FF92176F8}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier|"
       "{A0C91D01-2886-49BB-9202-39FD5AEA4E71}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\dlsecuretb\dtUser.exe|Name=DLSecure Toolbar DTX Broker|"
       "{BF579272-1FBC-46C3-BCFE-D1FE29BCAAA3}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier|"
       "{D66FCA7D-464F-4CA6-8EFE-89390E33F1CC}"="REG_SZ", "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\dlsecuretb\dtUser.exe|Name=DLSecure Toolbar DTX Broker|"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
       "Start Page" = REG_SZ, "http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
       "DefaultScope" = REG_SZ, "{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
       "DisplayName"="REG_SZ", "Search The Web"
       "FaviconPath"="REG_SZ", "C:\Program Files (x86)\dlsecuretb\search.ico"
       "FaviconURLFallback"="REG_SZ", "http://search.yahoo.com/favicon.ico"
       "ShowSearchSuggestions"="REG_DWORD", 1
       "SuggestionsURLFallback"="REG_SZ", "http://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"
       "URL"="REG_SZ", "http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6277&q={searchTerms}"
Excerpt of the Malwarebytes Anti-Malware log (full log available on request):

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/07/2015
Scan Time: 13:46
Logfile: mbamDLSecure.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.20.03
Rootkit Database: v2015.07.17.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326429
Time Elapsed: 4 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\CLASSES\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\CLASSES\CLSID\{7BCC228A-C730-4004-93F9-72CBB7033A62}\INPROCSERVER32, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62}, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.DLSecure.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.DLSecure.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7BCC228A-C730-4004-93F9-72CBB7033A62}, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.MySearchTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}, Quarantined, [758ea242553588ae6e0e467daa58ee12], 
PUP.Optional.MySearchTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}, Quarantined, [758ea242553588ae6e0e467daa58ee12], 
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\dlsecuretb, Quarantined, [51b20ed6fa902610a46bb78b5da43fc1], 
PUP.Optional.MyStart.A, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}, Quarantined, [ea193da73852f34395fff39774907a86], 

Registry Values: 5
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7BCC228A-C730-4004-93F9-72CBB7033A62}, DLSecure Toolbar, Quarantined, [649f72725d2d93a3466ccef49969d030]
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7BCC228A-C730-4004-93F9-72CBB7033A62}, DLSecure Toolbar, Quarantined, [649f72725d2d93a3466ccef49969d030]
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7bcc228a-c730-4004-93f9-72cbb7033a62}, Quarantined, [b54e9e46b4d69e98d0e2af13cd350000], 
PUP.Optional.DLSecure.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7bcc228a-c730-4004-93f9-72cbb7033a62}, Quarantined, [25de27bd94f62a0c2b8715ad6b974cb4], 
PUP.Optional.MyStart.A, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}|URL, http://www.mystart.com/results.php?gen=ms&pr=jomedia&id=dlsecuretb&v=1_0&ent=ch_6277&q={searchTerms}, Quarantined, [ea193da73852f34395fff39774907a86]

Registry Data: 1
PUP.Optional.MyStart.A, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0, Good: (www.google.com), Bad: (http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0),Replaced,[45be776d66245ed8818049edfb0aee12]

Folders: 113
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb, Quarantined, [53b0cc183456cb6be4b5846b46bcb54b], 
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb\coupons, Quarantined, [53b0cc183456cb6be4b5846b46bcb54b], 
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb\weather, Quarantined, [53b0cc183456cb6be4b5846b46bcb54b], 
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e}, Quarantined, [1be864805931e2544d4d925d7a88b64a], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\lib, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\modules, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\newtab, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\newtab\images, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.alexa, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.Coupons_v5, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.ebayshortcut, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.facebookshortcut, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.tunein, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\widgets\net.vmn.www.youtubeshortcut, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\data, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\skin, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\components, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 

Files: 1546
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dlsecureDx64.dll, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll, Quarantined, [649f72725d2d93a3466ccef49969d030], 
PUP.Optional.DLSecure.A, C:\Users\{username}\Desktop\dlsecureTb_1.0.4.1.exe, Quarantined, [be45459f8a00d264a96643ff88793dc3], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\uninstall.exe, Quarantined, [51b20ed6fa902610a46bb78b5da43fc1], 
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\dlsecuretb\geodata.xml, Quarantined, [53b0cc183456cb6be4b5846b46bcb54b], 
PUP.Optional.DLSecure.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e}\chrome.manifest, Quarantined, [1be864805931e2544d4d925d7a88b64a], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dlsecuretb.dll, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dlsecuretb64.dll, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\dtUser.exe, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\ffHelper.exe, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\install.ico, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\manifest.xml, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\search.ico, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\content\config.xml, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\data\rss\rss.xml, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\data\search\engines.xml, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\data\search\search.xsl, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\chrome\skin\blogger.png, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
UP.Optional.DLSecure.A, C:\Program Files (x86)\dlsecuretb\components\windowmediator.js, Quarantined, [51b2cf15800af83e4855ba3538cae11f], 
PUP.Optional.MyStartTB.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "Search The Web");), Replaced,[e81be7fd5f2bb482eb1b561733d258a8]
PUP.Optional.MyStartTB.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Search The Web");), Replaced,[1de606dea3e7310513f4d89530d514ec]
PUP.Optional.MyStartTB.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.mystart.com/?pr=jomedia&id=dlsecuretb&v=1_0");), Replaced,[b84b7a6a9febb284b45b77f828dd17e9]
PUP.Optional.MyStartTB.A, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\t59s5t8p.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://www.mystart.com/results.php?pr=jomedia&id=dlsecuretb&v=1_0&ent=bs____campaignID___&q=");), Replaced,[e41f20c4008a310593a570ff0ff652ae]

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.