Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for WinZip Malware Protector

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,371 posts
Content is republished with permission from Malwarebytes.

What is WinZip Malware Protector?

The Malwarebytes research team has determined that WinZip Malware Protector is a fake computer cleaner. These so-called scanners use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Unpacked blog.

How do I know if I am infected with WinZip Malware Protector?

This is how the main screen of the registry cleaning application looks:

main.png

You will find these icons in your taskbar and on your desktop:

icons.png

And see these warnings during install:

warning1.png

warning2.png

and these screens during "operations":

warning3.png

warning6.png

warning7.png

You may see this entry in your list of installed programs:

warning4.png

and this task in your Task Scheduler:

warning5.png

How did WinZip Malware Protector get on my computer?

These so-called fake scanners use different methods of getting installed. This particular one was offered as an anti-malware solution.

How do I remove WinZip Malware Protector?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of WinZip Malware Protector?
  • No, Malwarebytes' Anti-Malware removes WinZip Malware Protector completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this regfistry cleaner.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the WinZip Malware Protector installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png


Technical details for experts

You may see these entries in FRST logs:

 (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
 C:\Windows\System32\Tasks\WinZip Malware Protector_startup
 C:\Users\Public\Desktop\WinZip Malware Protector.lnk
 C:\Users\{username}\AppData\Roaming\Nico Mak Computing
 C:\ProgramData\Nico Mak Computing
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
 C:\Program Files (x86)\WinZip Malware Protector
 C:\Windows\system32\wsusnative64.exe

WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10740 - WinZip International LLC)
Task: {1D1867EE-1A82-4C41-8867-5A5615AE9698} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-03-26] (Nico Mak Computing)
 () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
 () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
 () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL
Alterations made by the installer:

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\WinZip Malware Protector
       Adds the file AppManager.exe"="3/26/2013 11:16 AM, 483192 bytes, A
       Adds the file AppResource.dll"="3/26/2013 11:16 AM, 3736440 bytes, A
       Adds the file asp.ico"="2/28/2013 11:03 AM, 32038 bytes, A
       Adds the file aspsys.dll"="3/26/2013 11:16 AM, 1718648 bytes, A
       Adds the file categories.ini"="2/28/2013 3:53 PM, 42405 bytes, A
       Adds the file Chinese_asp_ZH-CN.ini"="3/13/2013 3:10 PM, 53166 bytes, A
       Adds the file danish_asp_DA.ini"="3/14/2013 2:21 PM, 94408 bytes, A
       Adds the file dutch_asp_NL.ini"="3/13/2013 3:10 PM, 95078 bytes, A
       Adds the file eng_asp_en.ini"="3/14/2013 12:40 PM, 50928 bytes, A
       Adds the file filetypehelper.exe"="3/26/2013 11:16 AM, 343416 bytes, A
       Adds the file Finnish_asp_FI.ini"="3/14/2013 2:10 PM, 94900 bytes, A
       Adds the file french_asp_FR.ini"="3/13/2013 3:10 PM, 105602 bytes, A
       Adds the file german_asp_DE.ini"="3/13/2013 3:10 PM, 104242 bytes, A
       Adds the file Interop.IWshRuntimeLibrary.dll"="2/28/2013 3:53 PM, 49152 bytes, A
       Adds the file italian_asp_IT.ini"="3/13/2013 3:10 PM, 99818 bytes, A
       Adds the file japanese_asp_JA.ini"="3/13/2013 3:10 PM, 64432 bytes, A
       Adds the file loading_withWhiteBG.avi"="2/28/2013 3:53 PM, 103936 bytes, A
       Adds the file Microsoft.Win32.TaskScheduler.DLL"="2/28/2013 3:52 PM, 115200 bytes, A
       Adds the file norwegian_asp_NO.ini"="3/13/2013 3:10 PM, 90526 bytes, A
       Adds the file portuguese_asp_PT-BR.ini"="3/13/2013 3:10 PM, 96834 bytes, A
       Adds the file russian_asp_ru.ini"="3/13/2013 3:10 PM, 96964 bytes, A
       Adds the file scandll.dll"="3/26/2013 11:16 AM, 64888 bytes, A
       Adds the file spanish_asp_ES.ini"="3/13/2013 3:10 PM, 102018 bytes, A
       Adds the file swedish_asp_SV.ini"="3/13/2013 3:10 PM, 92034 bytes, A
       Adds the file System.Core.dll"="2/28/2013 3:53 PM, 667648 bytes, A
       Adds the file System.Data.SQLite.dll"="2/28/2013 3:53 PM, 886272 bytes, A
       Adds the file unins000.dat"="4/20/2016 10:10 AM, 87683 bytes, A
       Adds the file unins000.exe"="4/20/2016 10:10 AM, 1194360 bytes, A
       Adds the file unins000.msg"="4/20/2016 10:10 AM, 22357 bytes, A
       Adds the file unrar.dll"="2/28/2013 3:53 PM, 168448 bytes, A
       Adds the file WinZipMalwareProtector.exe"="3/26/2013 11:16 AM, 6390136 bytes, A
       Adds the file WinZipMalwareProtector.exe.config"="3/19/2013 12:44 PM, 4399 bytes, A
       Adds the file WMPUninstall.exe"="3/26/2013 11:16 AM, 1269624 bytes, A
       Adds the file Xceed.Compression.dll"="2/28/2013 3:53 PM, 102400 bytes, A
       Adds the file Xceed.Compression.Formats.dll"="2/28/2013 3:53 PM, 65536 bytes, A
       Adds the file Xceed.FileSystem.dll"="2/28/2013 3:53 PM, 122880 bytes, A
       Adds the file Xceed.Zip.dll"="2/28/2013 3:53 PM, 196608 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Malware Protector\clamunpack
       Adds the file clamscan.exe"="3/26/2013 11:16 AM, 15224 bytes, A
       Adds the file libclamav.dll"="3/26/2013 11:16 AM, 581496 bytes, A
       Adds the file readme.txt"="2/28/2013 3:53 PM, 535 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
       Adds the file Register WinZip Malware Protector.lnk"="4/20/2016 10:10 AM, 1233 bytes, A
       Adds the file Uninstall WinZip Malware Protector.lnk"="4/20/2016 10:10 AM, 1137 bytes, A
       Adds the file WinZip Malware Protector.lnk"="4/20/2016 10:10 AM, 1207 bytes, A
    Adds the folder C:\ProgramData\Nico Mak Computing\WinZip Malware Protector
       Adds the file AddonSafelist"="2/28/2013 3:52 PM, 13312 bytes, A
       Adds the file log.xslt"="2/28/2013 3:53 PM, 24753 bytes, A
    Adds the folder C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures
       Adds the file completedatabase.db"="4/20/2016 10:11 AM, 150905856 bytes, A
       Adds the file Cookies.bin"="4/20/2016 10:11 AM, 233960 bytes, A
       Adds the file DigSign.bin"="4/20/2016 10:12 AM, 66712 bytes, A
       Adds the file FilePaths.bin"="4/20/2016 10:11 AM, 5015384 bytes, A
       Adds the file FileSignature.bin"="4/20/2016 10:11 AM, 10296640 bytes, A
       Adds the file Folders.bin"="4/20/2016 10:11 AM, 1047600 bytes, A
       Adds the file Md5.bin"="4/20/2016 10:11 AM, 26277016 bytes, A
       Adds the file Registry.bin"="4/20/2016 10:12 AM, 38520536 bytes, A
       Adds the file SetupSign.bin"="4/20/2016 10:12 AM, 13504 bytes, A
       Adds the file StrSetupSign.bin"="4/20/2016 10:12 AM, 1824 bytes, A
    Adds the folder C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates
       Adds the file 2561completedatabase.zip"="4/20/2016 10:11 AM, 34764852 bytes, A
       Adds the file 2631mupdate.zip"="4/20/2016 10:11 AM, 4730667 bytes, A
       Adds the file 2632update.zip"="4/20/2016 10:11 AM, 1488 bytes, A
       Adds the file 2633update.zip"="4/20/2016 10:11 AM, 1486 bytes, A
       Adds the file 2634update.zip"="4/20/2016 10:11 AM, 129940 bytes, A
       Adds the file 2635update.zip"="4/20/2016 10:11 AM, 14680 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector
       Adds the file QDetail.db"="4/20/2016 10:10 AM, 4096 bytes, A
       Adds the file Settings.db"="4/20/2016 10:10 AM, 12288 bytes, A
       Adds the file Update.ini"="4/20/2016 10:11 AM, 2027 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\2.1.1000.10740
       Adds the file ASPLog.txt"="4/20/2016 10:12 AM, 2570 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file WinZip Malware Protector.lnk"="4/20/2016 10:10 AM, 1189 bytes, A
    In the existing folder C:\Windows\System32
       Adds the file wsusnative64.exe"="3/15/2013 4:10 PM, 20480 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file WinZip Malware Protector_startup"="4/20/2016 10:10 AM, 3116 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
       "(Default)" = REG_SZ, "C:\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe -scanunknown "%1""
       "WinZip Malware Protector.bak"="REG_SZ", "C:\Windows\SysWow64\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command]
       "(Default)" = REG_SZ, "C:\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe -scanunknown "%1""
       "WinZip Malware Protector.bak"="REG_SZ", "C:\Windows\SysWow64\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}]
       "(Default)"="REG_SZ", "Constructor for Scriptlet Event Handler"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Windows\SysWOW64\scrobj.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}\ProgID]
       "(Default)"="REG_SZ", "ScriptletHandler.Event"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WinZipMalwareProtector_RASAPI32]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WinZipMalwareProtector_RASMANCS]
       "ConsoleTracingMask"="REG_DWORD", -65536
       "EnableConsoleTracing"="REG_DWORD", 0
       "EnableFileTracing"="REG_DWORD", 0
       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"
       "FileTracingMask"="REG_DWORD", -65536
       "MaxFileSize"="REG_DWORD", 1048576
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe"
       "DisplayName"="REG_SZ", "WinZip Malware Protector"
       "DisplayVersion"="REG_SZ", "2.1.1000.10740"
       "EstimatedSize"="REG_DWORD", 19173
       "HelpLink"="REG_SZ", "http://www.winzip.com/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\WinZip Malware Protector"
       "Inno Setup: Icon Group"="REG_SZ", "WinZip Malware Protector"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.1 (u)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20160420"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\WinZip Malware Protector\"
       "MajorVersion"="REG_DWORD", 2
       "MinorVersion"="REG_DWORD", 1
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "WinZip International LLC"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\WinZip Malware Protector\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\WinZip Malware Protector\unins000.exe" /silent"
       "URLInfoAbout"="REG_SZ", "http://www.winzip.com/"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Malware Protector]
       "affiliateid"="REG_SZ", ""
       "BuyNowURL"="REG_SZ", "https://store.winzip.com/852/purl-wzmp?"
       "BuyNowURLADU"="REG_SZ", ""
       "BuyNowURLASP"="REG_SZ", ""
       "BuyNowURLPB"="REG_SZ", ""
       "BuyNowURLRCP"="REG_SZ", ""
       "Expired"="REG_DWORD", 0
       "InstalledPath"="REG_SZ", "C:\Program Files (x86)\WinZip Malware Protector"
       "isphone"="REG_SZ", "1"
       "issilent"="REG_DWORD", 1
       "Key"="REG_SZ", ""
       "MaxFixLimit"="REG_DWORD", 0
       "REGVER"="REG_DWORD", 0
       "REGVER-UNINSTALL"="REG_DWORD", 0
       "RenewNowURL"="REG_SZ", "https://store.WinZip.com/852/purl-wzmp_sub?"
       "RenewNowURLADU"="REG_SZ", ""
       "RenewNowURLASP"="REG_SZ", ""
       "RenewNowURLPB"="REG_SZ", ""
       "RenewNowURLRCP"="REG_SZ", ""
       "showbc"="REG_DWORD", 1
       "showfth"="REG_DWORD", 1
       "showfthsetting"="REG_DWORD", 1
       "showpb"="REG_DWORD", 0
       "showsm"="REG_DWORD", 1
       "TELNO"="REG_SZ", "(800) 872-0241"
       "utm_campaign"="REG_SZ", "default"
       "utm_medium"="REG_SZ", "newbuild"
       "utm_source"="REG_SZ", "winzip"
       "x-at"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Malware Protector\2.1.1000.10740]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Malware Protector\LANG]
       "LangCode"="REG_SZ", "en"
       "LangID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Malware Protector]
       "affiliateid"="REG_SZ", ""
       "Expired"="REG_DWORD", 0
       "InstalledPath"="REG_SZ", "C:\Program Files (x86)\WinZip Malware Protector"
       "Key"="REG_SZ", ""
       "MaxFixLimit"="REG_DWORD", 0
       "REGVER"="REG_DWORD", 0
       "REGVER-UNINSTALL"="REG_DWORD", 0
       "TELNO"="REG_SZ", "(800) 872-0241"
       "utm_campaign"="REG_SZ", "default"
       "utm_medium"="REG_SZ", "newbuild"
       "utm_source"="REG_SZ", "winzip"
       "x-at"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Malware Protector\2.1.1000.10740]
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Malware Protector\LANG]
       "LangCode"="REG_SZ", "en"
       "LangID"="REG_DWORD", 0

Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/20/2016
Scan Time: 10:20 AM
Logfile: mbamWinZipMalwareProtector.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.20.02
Rootkit Database: v2016.04.17.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364133
Time Elapsed: 8 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe, 940, Delete-on-Reboot, [0e04f0c10e8b8aacb92520f899695fa1]

Modules: 9
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\scandll.dll, Delete-on-Reboot, [fe149b16e5b43df98955e6328e74cf31], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Microsoft.Win32.TaskScheduler.DLL, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\unrar.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Xceed.Compression.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Xceed.FileSystem.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Xceed.Zip.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 

Registry Keys: 6
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WinZip Malware Protector_is1, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinZip Malware Protector_startup, Delete-on-Reboot, [ad656f42f0a9f83e3adf77200afab848], 
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WinZipMalwareProtector_RASAPI32, Quarantined, [22f0a0119bfe270fb886eaad57ad9d63], 
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WinZipMalwareProtector_RASMANCS, Quarantined, [060c8f22abee55e1b48a5e3915efb24e], 
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR, Quarantined, [31e1e1d0efaaca6cb0909bfcc93b42be], 
PUP.Optional.WinZipMalwareProtector, HKCU\SOFTWARE\NICO MAK COMPUTING\WinZip Malware Protector, Quarantined, [4ec4b2ff8910a78f7cc1484f1ce85aa6], 

Registry Values: 5
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BuyNowURL, https://store.winzip.com/852/purl-wzmp?, Quarantined, [31e1e1d0efaaca6cb0909bfcc93b42be]
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BuyNowURLADU, Quarantined, [5db5555c2d6c64d25ce4d5c2857f44bc], 
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BuyNowURLRCP, Quarantined, [f1216c45cbce1026c17fe9aed52f33cd], 
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BuyNowURLASP, Quarantined, [2ee46d44c9d0b97d75cb5b3c9d678d73], 
PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR|BuyNowURLPB, Quarantined, [6fa3b3feeaafad89f9474354a361ec14], 

Registry Data: 0
(No malicious items detected)

Folders: 9
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\clamunpack, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\2.1.1000.10740, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Logs, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector, Quarantined, [070b80319dfc9d9941ab64cd8e752ed2], 

Files: 71
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe, Delete-on-Reboot, [0e04f0c10e8b8aacb92520f899695fa1], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\scandll.dll, Delete-on-Reboot, [fe149b16e5b43df98955e6328e74cf31], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\Desktop\wzmalwareprotector_1.exe, Quarantined, [e82acae75a3f350119c523f5cf3321df], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\AppManager.exe, Quarantined, [0e043e730e8b94a2b02eae6a9d65e11f], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe, Quarantined, [eb27ad042c6d81b5805e021609f950b0], 
PUP.Optional.WinZipMalwareProtector, C:\Users\Public\Desktop\WinZip Malware Protector.lnk, Quarantined, [848e436e0a8fac8ab65f2e69927220e0], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\unins000.dat, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\russian_asp_ru.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\AppResource.dll, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\asp.ico, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\categories.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Chinese_asp_ZH-CN.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\danish_asp_DA.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\dutch_asp_NL.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\eng_asp_en.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Finnish_asp_FI.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\french_asp_FR.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\german_asp_DE.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\italian_asp_IT.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\japanese_asp_JA.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\loading_withWhiteBG.avi, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Microsoft.Win32.TaskScheduler.DLL, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\norwegian_asp_NO.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\portuguese_asp_PT-BR.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\spanish_asp_ES.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\swedish_asp_SV.ini, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\System.Core.dll, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\unins000.exe, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\unins000.msg, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\unrar.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe.config, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\WMPUninstall.exe, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Xceed.Compression.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Xceed.Compression.Formats.dll, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Xceed.FileSystem.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\Xceed.Zip.dll, Delete-on-Reboot, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\clamunpack\clamscan.exe, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\clamunpack\libclamav.dll, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\clamunpack\readme.txt, Quarantined, [9181179a9801b6805cba8e096a9af20e], 
PUP.Optional.WinZipMalwareProtector, C:\Windows\System32\Tasks\WinZip Malware Protector_startup, Quarantined, [2de501b05544bb7b7b9c9bfc46bec040], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\AddonSafelist, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\log.xslt, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\completedatabase.db, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\Cookies.bin, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\DigSign.bin, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\FilePaths.bin, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\FileSignature.bin, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\Folders.bin, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\Md5.bin, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\Registry.bin, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\SetupSign.bin, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\signatures\StrSetupSign.bin, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\2561completedatabase.zip, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\2631mupdate.zip, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\2632update.zip, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\2633update.zip, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\2634update.zip, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\2635update.zip, Quarantined, [749e9e13c7d214226e7d022fd33020e0], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\ASPStartupManagerErrorLog.txt, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\QDetail.db, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Settings.db, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Update.ini, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\2.1.1000.10740\ASPLog.txt, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Logs\log_20-04-16_10-13-49.xml, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\Users\{username}\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Logs\SMLog.xml, Quarantined, [d43eeec3e7b22d0913d86bc6b152c937], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector\Register WinZip Malware Protector.lnk, Quarantined, [070b80319dfc9d9941ab64cd8e752ed2], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector\Uninstall WinZip Malware Protector.lnk, Quarantined, [070b80319dfc9d9941ab64cd8e752ed2], 
PUP.Optional.WinZipMalwareProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector\WinZip Malware Protector.lnk, Quarantined, [070b80319dfc9d9941ab64cd8e752ed2], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.