Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for MediaUpdater

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,309 posts
Content is republished with permission from Malwarebytes.

What is MediaUpdater?

The Malwarebytes research team has determined that MediaUpdater is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by MediaUpdater?

You may see this entry in your list of installed programs:

warning4.png

How did MediaUpdater get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove MediaUpdater?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of MediaUpdater?
  • No, Malwarebytes' Anti-Malware removes MediaUpdater completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the MediaUpdater adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


protection1.png


Technical details for experts

You will see these signs in a HijackThis log:
O23 - Service: MediaUpdater - Unknown owner - C:\Program Files\MediaUpdater\MediaUpdater.exe
O23 - Service: MediaUpdater_updater_service - Unknown owner - C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe
You may see these signs in FRST logs:
 () C:\Program Files\MediaUpdater\MediaUpdater.exe
 () C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe
 R2 MediaUpdater; C:\Program Files\MediaUpdater\MediaUpdater.exe [16384 2015-04-09] () [File not signed]
 R2 MediaUpdater_updater_service; C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe [12288 2015-04-10] () [File not signed]
 R2 WinDivert64; C:\Windows\system32\drivers\WinDivert64.sys [35376 2013-12-02] (Basil Projects)
 C:\Program Files\MediaUpdater
 (Basil Projects) C:\Windows\system32\Drivers\WinDivert64.sys

MediaUpdater 1.2.0.0 (HKLM\...\{29007E8C-251B-4F61-A70E-635658418135384268}_is1) (Version: 1.2.0.0 - MediaUpdater)
Alterations made by the installer:
File system details 
---------------------------------------------------
    Adds the folder C:\Program Files\MediaUpdater
       Adds the file InstallationStatsUploder.exe"="09/04/2015 23:06, 12288 bytes, A
       Adds the file InstallUtil.exe"="16/08/2013 17:06, 24576 bytes, A
       Adds the file InstallUtil.InstallLog"="17/09/2015 13:00, 1333 bytes, A
       Adds the file MediaUpdater.exe"="09/04/2015 23:00, 16384 bytes, A
       Adds the file MediaUpdater.InstallLog"="17/09/2015 13:00, 657 bytes, A
       Adds the file MediaUpdater.InstallState"="17/09/2015 13:00, 5012 bytes, A
       Adds the file MediaUpdater_updater_service.exe"="10/04/2015 01:58, 12288 bytes, A
       Adds the file MediaUpdater_updater_service.InstallLog"="17/09/2015 13:00, 801 bytes, A
       Adds the file MediaUpdater_updater_service.InstallState"="17/09/2015 13:00, 5012 bytes, A
       Adds the file NetworkUtil.dll"="10/04/2015 01:58, 147456 bytes, A
       Adds the file Newtonsoft.Json.dll"="27/11/2014 03:45, 433664 bytes, A
       Adds the file unins000.dat"="17/09/2015 13:00, 11112 bytes, A
       Adds the file unins000.exe"="17/09/2015 13:00, 900769 bytes, A
       Adds the file Utils.dll"="17/09/2015 13:00, 40960 bytes, A
       Adds the file WinDivert.dll"="03/11/2014 22:40, 15872 bytes, A
    In the existing folder C:\Windows\System32\drivers
       Adds the file WinDivert64.sys"="02/12/2013 20:01, 35376 bytes, A

Registry details 
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\adwareROI]
       "block_http_requests"="REG_SZ", ""
       "debugmode"="REG_SZ", "0"
       "eif"="REG_SZ", "1"
       "macid"="REG_SZ", "080027B0CD0E"
       "subidtext"="REG_SZ", "<SUBID>"
       "useridtext"="REG_SZ", "<USERID>"
    [HKEY_LOCAL_MACHINE\SOFTWARE\adwareROI\MintcastNetworks]
       "BusinessID"="REG_SZ", ""
       "SUBID"="REG_SZ", "FF_UserbaseSLNT"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InstallationStatsUploder_RASAPI32]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InstallationStatsUploder_RASMANCS]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MediaUpdater_RASAPI32]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MediaUpdater_RASMANCS]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MediaUpdater_updater_service_RASAPI32]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MediaUpdater_updater_service_RASMANCS]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29007E8C-251B-4F61-A70E-635658418135384268}_is1]
       "DisplayName"="REG_SZ", "MediaUpdater 1.2.0.0"
       "DisplayVersion"="REG_SZ", "1.2.0.0"
       "EstimatedSize"="REG_DWORD", 1579
       "HelpLink"="REG_SZ", "http://www.mediaupdater2015.com"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files\MediaUpdater"
       "Inno Setup: Icon Group"="REG_SZ", "MediaUpdater"
       "Inno Setup: Language"="REG_SZ", "english"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20150917"
       "InstallLocation"="REG_SZ", "C:\Program Files\MediaUpdater\"
       "MajorVersion"="REG_DWORD", 1
       "MinorVersion"="REG_DWORD", 2
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "MediaUpdater"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files\MediaUpdater\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files\MediaUpdater\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://www.mediaupdater2015.com"
       "URLUpdateInfo"="REG_SZ", "http://www.mediaupdater2015.com"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MediaUpdater]
       "Description"="REG_SZ", "MediaUpdater"
       "DisplayName"="REG_SZ", "MediaUpdater"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files\MediaUpdater\MediaUpdater.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MediaUpdater_updater_service]
       "Description"="REG_SZ", "This service will update MediaUpdater"
       "DisplayName"="REG_SZ", "MediaUpdater_updater_service"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert64]
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, "\??\C:\Windows\system32\drivers\WinDivert64.sys"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 1
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert64\Enum]
       "0"="REG_SZ", "Root\LEGACY_WINDIVERT64\0000"
       "Count"="REG_DWORD", 1
       "NextInstance"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert64\Parameters\Wdf]
       "TimeOfLastSqmLog"="REG_QWORD, ....
       "WdfMajorVersion"="REG_DWORD", 1
       "WdfMinorVersion"="REG_DWORD", 9
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/09/2015
Scan Time: 13:26
Logfile: mbamMediaUpdater.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.17.02
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332801
Time Elapsed: 4 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater.exe, 1552, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c]
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe, 1624, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c]

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.MediaUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MediaUpdater, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MediaUpdater_updater_service, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{29007E8C-251B-4F61-A70E-635658418135384268}_is1, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MintCast, HKLM\SOFTWARE\ADWAREROI\MintcastNetworks, Quarantined, [41b560d0810a69cdcc2549840ef6b749], 

Registry Values: 1
PUP.Optional.MediaUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MEDIAUPDATER|ImagePath, "C:\Program Files\MediaUpdater\MediaUpdater.exe", Quarantined, [8f67e54b42497fb7df11329ba85cba46]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c], 

Files: 16
PUP.Optional.MediaUpdater, C:\Users\{username}\Desktop\MediaUpdater.exe, Quarantined, [d81ea58b8ffcf541e32fce12fb060ef2], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\Newtonsoft.Json.dll, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\InstallationStatsUploder.exe, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\InstallUtil.exe, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\InstallUtil.InstallLog, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater.exe, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater.InstallLog, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater.InstallState, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater_updater_service.InstallLog, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater_updater_service.InstallState, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\NetworkUtil.dll, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\unins000.dat, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\unins000.exe, Quarantined, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\Utils.dll, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c], 
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\WinDivert.dll, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.