What is MediaUpdater?
The Malwarebytes research team has determined that MediaUpdater is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by MediaUpdater?
You may see this entry in your list of installed programs:
How did MediaUpdater get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove MediaUpdater?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes MediaUpdater completely.
We hope our application and this guide have helped you eradicate this adware application.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the MediaUpdater adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O23 - Service: MediaUpdater - Unknown owner - C:\Program Files\MediaUpdater\MediaUpdater.exe O23 - Service: MediaUpdater_updater_service - Unknown owner - C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exeYou may see these signs in FRST logs:
() C:\Program Files\MediaUpdater\MediaUpdater.exe
() C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe
R2 MediaUpdater; C:\Program Files\MediaUpdater\MediaUpdater.exe [16384 2015-04-09] () [File not signed]
R2 MediaUpdater_updater_service; C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe [12288 2015-04-10] () [File not signed]
R2 WinDivert64; C:\Windows\system32\drivers\WinDivert64.sys [35376 2013-12-02] (Basil Projects)
C:\Program Files\MediaUpdater
(Basil Projects) C:\Windows\system32\Drivers\WinDivert64.sys
MediaUpdater 1.2.0.0 (HKLM\...\{29007E8C-251B-4F61-A70E-635658418135384268}_is1) (Version: 1.2.0.0 - MediaUpdater)Alterations made by the installer:File system details
---------------------------------------------------
Adds the folder C:\Program Files\MediaUpdater
Adds the file InstallationStatsUploder.exe"="09/04/2015 23:06, 12288 bytes, A
Adds the file InstallUtil.exe"="16/08/2013 17:06, 24576 bytes, A
Adds the file InstallUtil.InstallLog"="17/09/2015 13:00, 1333 bytes, A
Adds the file MediaUpdater.exe"="09/04/2015 23:00, 16384 bytes, A
Adds the file MediaUpdater.InstallLog"="17/09/2015 13:00, 657 bytes, A
Adds the file MediaUpdater.InstallState"="17/09/2015 13:00, 5012 bytes, A
Adds the file MediaUpdater_updater_service.exe"="10/04/2015 01:58, 12288 bytes, A
Adds the file MediaUpdater_updater_service.InstallLog"="17/09/2015 13:00, 801 bytes, A
Adds the file MediaUpdater_updater_service.InstallState"="17/09/2015 13:00, 5012 bytes, A
Adds the file NetworkUtil.dll"="10/04/2015 01:58, 147456 bytes, A
Adds the file Newtonsoft.Json.dll"="27/11/2014 03:45, 433664 bytes, A
Adds the file unins000.dat"="17/09/2015 13:00, 11112 bytes, A
Adds the file unins000.exe"="17/09/2015 13:00, 900769 bytes, A
Adds the file Utils.dll"="17/09/2015 13:00, 40960 bytes, A
Adds the file WinDivert.dll"="03/11/2014 22:40, 15872 bytes, A
In the existing folder C:\Windows\System32\drivers
Adds the file WinDivert64.sys"="02/12/2013 20:01, 35376 bytes, A
Registry details
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\adwareROI]
"block_http_requests"="REG_SZ", ""
"debugmode"="REG_SZ", "0"
"eif"="REG_SZ", "1"
"macid"="REG_SZ", "080027B0CD0E"
"subidtext"="REG_SZ", "<SUBID>"
"useridtext"="REG_SZ", "<USERID>"
[HKEY_LOCAL_MACHINE\SOFTWARE\adwareROI\MintcastNetworks]
"BusinessID"="REG_SZ", ""
"SUBID"="REG_SZ", "FF_UserbaseSLNT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InstallationStatsUploder_RASAPI32]
"ConsoleTracingMask"="REG_DWORD", -65536
"EnableConsoleTracing"="REG_DWORD", 0
"EnableFileTracing"="REG_DWORD", 0
"FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
"FileTracingMask"="REG_DWORD", -65536
"MaxFileSize"="REG_DWORD", 1048576
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InstallationStatsUploder_RASMANCS]
"ConsoleTracingMask"="REG_DWORD", -65536
"EnableConsoleTracing"="REG_DWORD", 0
"EnableFileTracing"="REG_DWORD", 0
"FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
"FileTracingMask"="REG_DWORD", -65536
"MaxFileSize"="REG_DWORD", 1048576
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MediaUpdater_RASAPI32]
"ConsoleTracingMask"="REG_DWORD", -65536
"EnableConsoleTracing"="REG_DWORD", 0
"EnableFileTracing"="REG_DWORD", 0
"FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
"FileTracingMask"="REG_DWORD", -65536
"MaxFileSize"="REG_DWORD", 1048576
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MediaUpdater_RASMANCS]
"ConsoleTracingMask"="REG_DWORD", -65536
"EnableConsoleTracing"="REG_DWORD", 0
"EnableFileTracing"="REG_DWORD", 0
"FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
"FileTracingMask"="REG_DWORD", -65536
"MaxFileSize"="REG_DWORD", 1048576
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MediaUpdater_updater_service_RASAPI32]
"ConsoleTracingMask"="REG_DWORD", -65536
"EnableConsoleTracing"="REG_DWORD", 0
"EnableFileTracing"="REG_DWORD", 0
"FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
"FileTracingMask"="REG_DWORD", -65536
"MaxFileSize"="REG_DWORD", 1048576
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MediaUpdater_updater_service_RASMANCS]
"ConsoleTracingMask"="REG_DWORD", -65536
"EnableConsoleTracing"="REG_DWORD", 0
"EnableFileTracing"="REG_DWORD", 0
"FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
"FileTracingMask"="REG_DWORD", -65536
"MaxFileSize"="REG_DWORD", 1048576
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29007E8C-251B-4F61-A70E-635658418135384268}_is1]
"DisplayName"="REG_SZ", "MediaUpdater 1.2.0.0"
"DisplayVersion"="REG_SZ", "1.2.0.0"
"EstimatedSize"="REG_DWORD", 1579
"HelpLink"="REG_SZ", "http://www.mediaupdater2015.com"
"Inno Setup: App Path"="REG_SZ", "C:\Program Files\MediaUpdater"
"Inno Setup: Icon Group"="REG_SZ", "MediaUpdater"
"Inno Setup: Language"="REG_SZ", "english"
"Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)"
"Inno Setup: User"="REG_SZ", "{username}"
"InstallDate"="REG_SZ", "20150917"
"InstallLocation"="REG_SZ", "C:\Program Files\MediaUpdater\"
"MajorVersion"="REG_DWORD", 1
"MinorVersion"="REG_DWORD", 2
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "MediaUpdater"
"QuietUninstallString"="REG_SZ", ""C:\Program Files\MediaUpdater\unins000.exe" /SILENT"
"UninstallString"="REG_SZ", ""C:\Program Files\MediaUpdater\unins000.exe""
"URLInfoAbout"="REG_SZ", "http://www.mediaupdater2015.com"
"URLUpdateInfo"="REG_SZ", "http://www.mediaupdater2015.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MediaUpdater]
"Description"="REG_SZ", "MediaUpdater"
"DisplayName"="REG_SZ", "MediaUpdater"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, ""C:\Program Files\MediaUpdater\MediaUpdater.exe""
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MediaUpdater_updater_service]
"Description"="REG_SZ", "This service will update MediaUpdater"
"DisplayName"="REG_SZ", "MediaUpdater_updater_service"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, ""C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe""
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert64]
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, "\??\C:\Windows\system32\drivers\WinDivert64.sys"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 1
"WOW64"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert64\Enum]
"0"="REG_SZ", "Root\LEGACY_WINDIVERT64\0000"
"Count"="REG_DWORD", 1
"NextInstance"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDivert64\Parameters\Wdf]
"TimeOfLastSqmLog"="REG_QWORD, ....
"WdfMajorVersion"="REG_DWORD", 1
"WdfMinorVersion"="REG_DWORD", 9
Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 17/09/2015
Scan Time: 13:26
Logfile: mbamMediaUpdater.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.09.17.02
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332801
Time Elapsed: 4 min, 14 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 2
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater.exe, 1552, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c]
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe, 1624, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c]
Modules: 0
(No malicious items detected)
Registry Keys: 4
PUP.Optional.MediaUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MediaUpdater, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MediaUpdater_updater_service, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{29007E8C-251B-4F61-A70E-635658418135384268}_is1, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MintCast, HKLM\SOFTWARE\ADWAREROI\MintcastNetworks, Quarantined, [41b560d0810a69cdcc2549840ef6b749],
Registry Values: 1
PUP.Optional.MediaUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MEDIAUPDATER|ImagePath, "C:\Program Files\MediaUpdater\MediaUpdater.exe", Quarantined, [8f67e54b42497fb7df11329ba85cba46]
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c],
Files: 16
PUP.Optional.MediaUpdater, C:\Users\{username}\Desktop\MediaUpdater.exe, Quarantined, [d81ea58b8ffcf541e32fce12fb060ef2],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\Newtonsoft.Json.dll, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\InstallationStatsUploder.exe, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\InstallUtil.exe, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\InstallUtil.InstallLog, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater.exe, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater.InstallLog, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater.InstallState, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater_updater_service.exe, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater_updater_service.InstallLog, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\MediaUpdater_updater_service.InstallState, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\NetworkUtil.dll, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\unins000.dat, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\unins000.exe, Quarantined, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\Utils.dll, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c],
PUP.Optional.MediaUpdater, C:\Program Files\MediaUpdater\WinDivert.dll, Delete-on-Reboot, [5f9787a9315ade58d915428b4db7e41c],
Physical Sectors: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
