Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account

Removal instructions for Pakistani Girls Mobile Data

- - - - -

  • Please log in to reply
No replies to this topic



    Spyware Veteran

  • GeekU Moderator
  • 32,026 posts
Content is republished with permission from Malwarebytes.

What is Pakistani Girls Mobile Data?

The Malwarebytes research team has determined that Pakistani Girls Mobile Data is a Trojan.HostHijack. These trojans are designed to redirect your internet traffic.
This particular one installs an altered version of the legitimate MVPS hosts file.

The hijackers changed the IPs intended as a way of blocking, to their own IP to hijack the traffic to their own target site.

How do I know if my computer is affected by Pakistani Girls Mobile Data?

You may see this entry in your list of installed programs:


You may also see some alarms or reports regarding failed connections to the domain pakistangirls[.]info.

How did Pakistani Girls Mobile Data get on my computer?

Trojans use different methods for distributing themselves. This particular one was offered as a database of girls' mobile data.

How do I remove Pakistani Girls Mobile Data?

Our program Malwarebytes Anti-Malware can detect and remove this trojan.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Pakistani Girls Mobile Data?
  • Pakistani Girls Mobile Data replaces your hosts file, so you may have to restore the old one. You can find third-party hosts file alternatives at hpHosts or at mvps.org or you can simply reset the default hosts file as outlined here by Microsoft.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this trojan.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Pakistani Girls Mobile Data trojan. It would have warned you before the trojan could install itself, giving you a chance to stop it before it became too late.


and it would block some of the connections made by this trojan and the consequential redirects.


Technical details for experts

Possible signs in FRST logs:

  Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 (Pakistani Girls Mobile Data ) C:\Users\{username}\Desktop\Pakistani-Girls-Mobile-Data.exe

Pakistani Girls Mobile Data 1.5.8 (HKLM-x32\...\Pakistani Girls Mobile Data 1.5.8) (Version: 1.5.8 - Pakistani Girls Mobile Data) localhost m.fr.a2dfp.net mfr.a2dfp.net ad.a8.net asy.a8ww.net static.a-ads.com abcstats.com a.abv.bg adserver.abv.bg adv.abv.bg bimg.abv.bg ca.abv.bg track.acclaimnetwork.com accuserveadsystem.com www.accuserveadsystem.com achmedia.com csh.actiondesk.com ads.activepower.net app.activetrail.com stat.active24stats.nl #[Tracking.Cookie] traffic.acwebconnecting.com office.ad1.ru cms.ad2click.nl ad2games.com ads.ad2games.com content.ad20.net core.ad20.net banner.ad.nu adadvisor.net tag1.adaptiveads.com

There are 11878 more lines.
Alterations made by the installer:
File system details [View: All details] (Selection)
    In the existing folder C:\Windows\System32\drivers\etc
       Alters the file hosts
        6/10/2009 11:00 PM, 824 bytes, A ==> 8/28/2016 2:15 PM, 594944 bytes, RHA
    In the existing folder C:\Windows\SysWOW64
       Adds the file link.bat"="1/11/2016 11:49 PM, 43 bytes, RHA

Registry details [View: All details] (Selection)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pakistani Girls Mobile Data 1.5.8]
       "DisplayIcon"="REG_SZ", "C:\Windows\System32\drivers\etc\Uninstall.exe"
       "DisplayName"="REG_SZ", "Pakistani Girls Mobile Data 1.5.8"
       "DisplayVersion"="REG_SZ", "1.5.8"
       "EstimatedSize"="REG_DWORD", 581
       "InstallDate"="REG_SZ", "20160912"
       "InstallLocation"="REG_SZ", "C:\Windows\System32\drivers\etc\"
       "InstallSource"="REG_SZ", "C:\Users\{username}\Desktop\"
       "Language"="REG_DWORD", 1033
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Pakistani Girls Mobile Data"
       "UninstallString"="REG_SZ", "C:\Windows\System32\drivers\etc\Uninstall.exe"
       "VersionMajor"="REG_DWORD", 1
       "VersionMinor"="REG_DWORD", 5
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware

Scan Date: 9/12/2016
Scan Time: 3:54 PM
Logfile: mbamPakistanGirls.txt
Administrator: Yes

Malware Database: v2016.09.12.05
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320291
Time Elapsed: 10 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.HostsHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Pakistani Girls Mobile Data 1.5.8, Quarantined, [d471e889564471c555b1d81343c1ad53], 

Registry Values: 0
(No malicious items detected)

Registry Data[b]:[/b] 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.HostsHijack, C:\Users\{username}\Desktop\Pakistani-Girls-Mobile-Data.exe, Quarantined, [59ec224fa4f6c86e259dfded689c6e92], 
Trojan.DNSChanger, C:\Windows\SysWOW64\link.bat, Quarantined, [e65f9fd29ffbbb7b2d36c9f7e81bf50b], 

Physical Sectors: 0
(No malicious items detected)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.