Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Pakistani Girls Mobile Data

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Pakistani Girls Mobile Data?

The Malwarebytes research team has determined that Pakistani Girls Mobile Data is a Trojan.HostHijack. These trojans are designed to redirect your internet traffic.
This particular one installs an altered version of the legitimate MVPS hosts file.

comparehosts.png
The hijackers changed the 0.0.0.0 IPs intended as a way of blocking, to their own IP to hijack the traffic to their own target site.

How do I know if my computer is affected by Pakistani Girls Mobile Data?

You may see this entry in your list of installed programs:

warning4.png

You may also see some alarms or reports regarding failed connections to the domain pakistangirls[.]info.

How did Pakistani Girls Mobile Data get on my computer?

Trojans use different methods for distributing themselves. This particular one was offered as a database of girls' mobile data.

How do I remove Pakistani Girls Mobile Data?

Our program Malwarebytes Anti-Malware can detect and remove this trojan.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Pakistani Girls Mobile Data?
  • Pakistani Girls Mobile Data replaces your hosts file, so you may have to restore the old one. You can find third-party hosts file alternatives at hpHosts or at mvps.org or you can simply reset the default hosts file as outlined here by Microsoft.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this trojan.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Pakistani Girls Mobile Data trojan. It would have warned you before the trojan could install itself, giving you a chance to stop it before it became too late.


protection1.png


and it would block some of the connections made by this trojan and the consequential redirects.
 

protection2.png


Technical details for experts

Possible signs in FRST logs:

  Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 (Pakistani Girls Mobile Data ) C:\Users\{username}\Desktop\Pakistani-Girls-Mobile-Data.exe

Pakistani Girls Mobile Data 1.5.8 (HKLM-x32\...\Pakistani Girls Mobile Data 1.5.8) (Version: 1.5.8 - Pakistani Girls Mobile Data)
127.0.0.1 localhost
188.138.17.135 m.fr.a2dfp.net
188.138.17.135 mfr.a2dfp.net
188.138.17.135 ad.a8.net
188.138.17.135 asy.a8ww.net
188.138.17.135 static.a-ads.com
188.138.17.135 abcstats.com
188.138.17.135 a.abv.bg
188.138.17.135 adserver.abv.bg
188.138.17.135 adv.abv.bg
188.138.17.135 bimg.abv.bg
188.138.17.135 ca.abv.bg
188.138.17.135 track.acclaimnetwork.com
188.138.17.135 accuserveadsystem.com
188.138.17.135 www.accuserveadsystem.com
188.138.17.135 achmedia.com
188.138.17.135 csh.actiondesk.com
188.138.17.135 ads.activepower.net
188.138.17.135 app.activetrail.com
188.138.17.135 stat.active24stats.nl #[Tracking.Cookie]
188.138.17.135 traffic.acwebconnecting.com
188.138.17.135 office.ad1.ru
188.138.17.135 cms.ad2click.nl
188.138.17.135 ad2games.com
188.138.17.135 ads.ad2games.com
188.138.17.135 content.ad20.net
188.138.17.135 core.ad20.net
188.138.17.135 banner.ad.nu
188.138.17.135 adadvisor.net
188.138.17.135 tag1.adaptiveads.com

There are 11878 more lines.
Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    In the existing folder C:\Windows\System32\drivers\etc
       Alters the file hosts
        6/10/2009 11:00 PM, 824 bytes, A ==> 8/28/2016 2:15 PM, 594944 bytes, RHA
    In the existing folder C:\Windows\SysWOW64
       Adds the file link.bat"="1/11/2016 11:49 PM, 43 bytes, RHA

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pakistani Girls Mobile Data 1.5.8]
       "DisplayIcon"="REG_SZ", "C:\Windows\System32\drivers\etc\Uninstall.exe"
       "DisplayName"="REG_SZ", "Pakistani Girls Mobile Data 1.5.8"
       "DisplayVersion"="REG_SZ", "1.5.8"
       "EstimatedSize"="REG_DWORD", 581
       "InstallDate"="REG_SZ", "20160912"
       "InstallLocation"="REG_SZ", "C:\Windows\System32\drivers\etc\"
       "InstallSource"="REG_SZ", "C:\Users\{username}\Desktop\"
       "Language"="REG_DWORD", 1033
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Pakistani Girls Mobile Data"
       "UninstallString"="REG_SZ", "C:\Windows\System32\drivers\etc\Uninstall.exe"
       "VersionMajor"="REG_DWORD", 1
       "VersionMinor"="REG_DWORD", 5
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/12/2016
Scan Time: 3:54 PM
Logfile: mbamPakistanGirls.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.12.05
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320291
Time Elapsed: 10 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.HostsHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Pakistani Girls Mobile Data 1.5.8, Quarantined, [d471e889564471c555b1d81343c1ad53], 

Registry Values: 0
(No malicious items detected)

Registry Data[b]:[/b] 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.HostsHijack, C:\Users\{username}\Desktop\Pakistani-Girls-Mobile-Data.exe, Quarantined, [59ec224fa4f6c86e259dfded689c6e92], 
Trojan.DNSChanger, C:\Windows\SysWOW64\link.bat, Quarantined, [e65f9fd29ffbbb7b2d36c9f7e81bf50b], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.