Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Malware Crusher

- - - - - (855)-332-0124

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,206 posts
Content is republished with permission from Malwarebytes.

What is Malware Crusher?

The Malwarebytes research team has determined that Malware Crusher is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.

How do I know if I am infected with Malware Crusher?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this warning during install:

warning1.png

and this screen when you decide to fix the "problems":

warning5.png

You may see this entry in your list of installed programs:

warning4.png

and these tasks in your list of Scheduled Tasks:

warning3.png

How did Malware Crusher get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:

website.png

but it also gets included in bundlers that are advertised as cracks:

trick.png

How do I remove Malware Crusher?

Our program Malwarebytes can detect and remove this potentially unwanted application.
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Malware Crusher?
  • No, Malwarebytes removes Malware Crusher completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the Malware Crusher installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png


and we block access to their domain:

protection2.png


Technical details for experts

You may see these entries in FRST logs:

 (MalwareCrusher.com) C:\Program Files\Malware Crusher\mcr.exe
 C:\Users\Public\Desktop\Malware Crusher.lnk
 C:\Windows\System32\Tasks\Malware Crusher
 C:\Windows\System32\Tasks\Malware Crusher_Logon
 C:\Users\{username}\AppData\Roaming\MalwareCrusher.com
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Crusher
 C:\ProgramData\MalwareCrusher.com
 C:\Program Files\Malware Crusher

Malware Crusher (HKLM\...\FA2268FD-F787-4DD3-B6F1-CA4F706F481E_is1) (Version: 1.0.0.44602 - malwarecrusher.com)
Task: {0CDA9845-9797-47D2-9EE2-CF82A77C06C0} - System32\Tasks\Malware Crusher_Logon => C:\Program Files\Malware Crusher\mcr.exe [2017-12-27] (MalwareCrusher.com)
Task: {1575C6A7-75E1-4238-9E8F-9C102A66A42E} - System32\Tasks\Malware Crusher => C:\Program Files\Malware Crusher\mcr.exe [2017-12-27] (MalwareCrusher.com)
Alterations made by the installer:

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files\Malware Crusher
       Adds the file 7z.dll"="12/18/2017 6:47 PM, 1081192 bytes, A
       Adds the file 7z.exe"="12/18/2017 6:47 PM, 272744 bytes, A
       Adds the file Application_icon.png"="4/17/2017 11:55 AM, 7719 bytes, A
       Adds the file danish_iss.ini"="6/29/2017 6:16 PM, 2404 bytes, A
       Adds the file Dutch_iss.ini"="6/29/2017 6:16 PM, 2602 bytes, A
       Adds the file english_iss.ini"="6/29/2017 6:16 PM, 2258 bytes, A
       Adds the file finish_iss.ini"="6/29/2017 6:15 PM, 2370 bytes, A
       Adds the file French_iss.ini"="6/29/2017 6:15 PM, 2794 bytes, A
       Adds the file german_iss.ini"="6/29/2017 6:15 PM, 2660 bytes, A
       Adds the file ICSharpCode.SharpZipLib.dll"="12/18/2017 6:47 PM, 200040 bytes, A
       Adds the file Interop.IWshRuntimeLibrary.dll"="12/18/2017 6:47 PM, 56680 bytes, A
       Adds the file italian_iss.ini"="6/29/2017 6:15 PM, 2534 bytes, A
       Adds the file japanese_iss.ini"="6/29/2017 6:15 PM, 1846 bytes, A
       Adds the file langs.db"="12/18/2017 6:31 PM, 670720 bytes, A
       Adds the file mclog.xsl"="12/6/2017 3:08 PM, 45236 bytes, A
       Adds the file MCPro.ttf"="6/9/2017 6:12 PM, 31208 bytes, A
       Adds the file mcr.exe"="12/27/2017 6:04 PM, 3876200 bytes, A
       Adds the file mcr.exe.config"="11/24/2017 12:51 PM, 2742 bytes, A
       Adds the file Microsoft.Win32.TaskScheduler.dll"="12/18/2017 6:47 PM, 178536 bytes, A
       Adds the file Microsoft.WindowsAPICodePack.dll"="12/18/2017 6:47 PM, 105832 bytes, A
       Adds the file Microsoft.WindowsAPICodePack.Shell.dll"="12/18/2017 6:47 PM, 549736 bytes, A
       Adds the file Newtonsoft.Json.dll"="12/18/2017 6:47 PM, 472936 bytes, A
       Adds the file norwegian_iss.ini"="6/29/2017 6:15 PM, 2360 bytes, A
       Adds the file portuguese_iss.ini"="6/29/2017 6:15 PM, 2426 bytes, A
       Adds the file PresentationCore.dll"="11/9/2017 4:31 PM, 1420648 bytes, A
       Adds the file russian_iss.ini"="6/29/2017 6:15 PM, 2496 bytes, A
       Adds the file spanish_iss.ini"="6/29/2017 6:15 PM, 2550 bytes, A
       Adds the file swedish_iss.ini"="6/29/2017 6:16 PM, 2272 bytes, A
       Adds the file System.Data.SQLite.DLL"="12/18/2017 6:47 PM, 298344 bytes, A
       Adds the file System.Windows.Controls.Input.Toolkit.dll"="11/9/2017 4:31 PM, 110952 bytes, A
       Adds the file System.Windows.Controls.Layout.Toolkit.dll"="11/9/2017 4:31 PM, 96616 bytes, A
       Adds the file TAFactory.IconPack.dll"="12/18/2017 6:47 PM, 44392 bytes, A
       Adds the file unins000.dat"="3/14/2018 8:21 AM, 59451 bytes, A
       Adds the file unins000.exe"="3/14/2018 8:20 AM, 1358184 bytes, A
       Adds the file unins000.msg"="3/14/2018 8:21 AM, 22701 bytes, A
       Adds the file WpfAnimatedGif.dll"="12/27/2017 6:04 PM, 48488 bytes, A
       Adds the file WPFToolkit.dll"="11/9/2017 4:32 PM, 468840 bytes, A
    Adds the folder C:\Program Files\Malware Crusher\x64
       Adds the file SQLite.Interop.dll"="12/18/2017 6:47 PM, 1183080 bytes, A
    Adds the folder C:\Program Files\Malware Crusher\x86
       Adds the file SQLite.Interop.dll"="12/18/2017 6:47 PM, 862056 bytes, A
    Adds the folder C:\ProgramData\MalwareCrusher.com\Malware Crusher
       Adds the file QTine.cb"="3/14/2018 8:21 AM, 3072 bytes, A
    Adds the folder C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition
       Adds the file Browsers.cb"="3/14/2018 8:22 AM, 736 bytes, A
       Adds the file ChromeExtentions.cb"="3/14/2018 8:21 AM, 133456 bytes, A
       Adds the file ChromeFiles.cb"="3/14/2018 8:21 AM, 225296 bytes, A
       Adds the file ChromeSearch.cb"="3/14/2018 8:21 AM, 26296 bytes, A
       Adds the file CLSID.cb"="3/14/2018 8:21 AM, 487464 bytes, A
       Adds the file CompleteDatabase.db"="3/14/2018 8:21 AM, 42926080 bytes, A
       Adds the file FileNames.cb"="3/14/2018 8:21 AM, 77792 bytes, A
       Adds the file FilesPath.cb"="3/14/2018 8:21 AM, 3414304 bytes, A
       Adds the file FirefoxExtentions.cb"="3/14/2018 8:21 AM, 103144 bytes, A
       Adds the file FirefoxFiles.cb"="3/14/2018 8:21 AM, 62912 bytes, A
       Adds the file FirefoxSearch.cb"="3/14/2018 8:21 AM, 25560 bytes, A
       Adds the file FolderNames.cb"="3/14/2018 8:21 AM, 163608 bytes, A
       Adds the file FoldersPath.cb"="3/14/2018 8:21 AM, 688568 bytes, A
       Adds the file IEExtension.cb"="3/14/2018 8:21 AM, 720 bytes, A
       Adds the file IESearch.cb"="3/14/2018 8:21 AM, 3488 bytes, A
       Adds the file MalwareDetails.cb"="3/14/2018 8:21 AM, 1585896 bytes, A
       Adds the file Md5Hash.cb"="3/14/2018 8:21 AM, 20461616 bytes, A
       Adds the file Plugins.cb"="3/14/2018 8:21 AM, 11528 bytes, A
       Adds the file Registry.cb"="3/14/2018 8:21 AM, 5659328 bytes, A
       Adds the file RegistrySetting.cb"="3/14/2018 8:22 AM, 1513360 bytes, A
       Adds the file Services.cb"="3/14/2018 8:21 AM, 41184 bytes, A
       Adds the file StartupTask.cb"="3/14/2018 8:21 AM, 49528 bytes, A
       Adds the file URLS.cb"="3/14/2018 8:21 AM, 30608 bytes, A
    Adds the folder C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update
       Adds the file 261completedatabase.zip"="3/14/2018 8:21 AM, 16141842 bytes, A
       Adds the file 262update.db"="3/1/2018 1:10 PM, 196608 bytes, A
       Adds the file 262update.zip"="3/14/2018 8:21 AM, 2268 bytes, A
       Adds the file 263update.db"="3/5/2018 5:41 PM, 1155072 bytes, A
       Adds the file 263update.zip"="3/14/2018 8:21 AM, 689669 bytes, A
       Adds the file 264update.db"="3/6/2018 5:04 PM, 385024 bytes, A
       Adds the file 264update.zip"="3/14/2018 8:21 AM, 90324 bytes, A
       Adds the file 265update.db"="3/8/2018 12:24 PM, 618496 bytes, A
       Adds the file 265update.zip"="3/14/2018 8:21 AM, 326624 bytes, A
       Adds the file 266update.db"="3/9/2018 3:38 PM, 204800 bytes, A
       Adds the file 266update.zip"="3/14/2018 8:21 AM, 3969 bytes, A
       Adds the file 267update.db"="3/13/2018 1:17 PM, 196608 bytes, A
       Adds the file 267update.zip"="3/14/2018 8:21 AM, 2160 bytes, A
       Adds the file 268update.db"="3/13/2018 6:31 PM, 536576 bytes, A
       Adds the file 268update.zip"="3/14/2018 8:21 AM, 308474 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Crusher
       Adds the file Buy Malware Crusher.lnk"="3/14/2018 8:21 AM, 860 bytes, A
       Adds the file Malware Crusher.lnk"="3/14/2018 8:21 AM, 848 bytes, A
       Adds the file Uninstall Malware Crusher.lnk"="3/14/2018 8:21 AM, 895 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher
       Adds the file common_desktop.gif"="3/14/2018 8:21 AM, 0 bytes, A
       Adds the file DatabaseUpdate.xml"="3/14/2018 8:21 AM, 5176 bytes, A
       Adds the file Errorlog.txt"="3/14/2018 8:22 AM, 12350 bytes, A
       Adds the file logbkp.xml"="3/14/2018 8:22 AM, 560 bytes, A
       Adds the file Result.cb"="3/14/2018 8:22 AM, 46048 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\icon
       Adds the file 082242.ico"="3/14/2018 8:22 AM, 48014 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\LogBackups
       Adds the file mcbackup_14032018_082241.bin"="3/14/2018 8:22 AM, 71130 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\smico
    Adds the folder C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\Temp
    In the existing folder C:\Users\Public\Desktop
       Adds the file Malware Crusher.lnk"="3/14/2018 8:22 AM, 1877 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file Malware Crusher"="3/14/2018 8:21 AM, 3370 bytes, A
       Adds the file Malware Crusher_Logon"="3/14/2018 8:21 AM, 3038 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\malwarecrusher.com\Malware Crusher]
       "affid"="REG_SZ", ""
       "affired"="REG_DWORD", 1
       "afterInstallUrl"="REG_SZ", "http://malwarecrusher.com/mcr/afterinstall.asp?"
       "cbkpoff"="REG_DWORD", 1
       "country"="REG_SZ", "nl"
       "delay"="REG_DWORD", 0
       "EmailURL"="REG_SZ", ""
       "expired"="REG_DWORD", 0
       "hdata"="REG_BINARY, .....................................................................................................................................................................................................................................................................................................................................................................................................
       "Installstring"="REG_SZ", "C:\Program Files\Malware Crusher"
       "isinstfont"="REG_DWORD", 1
       "issilent"="REG_DWORD", 1
       "ISTELNO"="REG_DWORD", 1
       "LangCode"="REG_SZ", "en"
       "lstscnsett"="REG_BINARY, ............................................................................................................................................................................................................................................................................................................................................................................................................................................
       "prereg"="REG_DWORD", 0
       "PurchaseURL"="REG_SZ", "http://malwarecrusher.esecureshoppe.com/price.asp?"
       "pxl"="REG_SZ", "mcr2169_mcr2124_mcr1120"
       "reg"="REG_DWORD", 0
       "RenewURL"="REG_SZ", "http://malwarecrusher.esecureshoppe.com/renewal.asp?"
       "schdelay"="REG_DWORD", 0
       "showballoontip"="REG_DWORD", 0
       "showphone"="REG_DWORD", 0
       "showseal"="REG_DWORD", 0
       "showtn"="REG_DWORD", 1
       "showunins"="REG_DWORD", 1
       "showwfo"="REG_DWORD", 1
       "supporturl"="REG_SZ", "http://malwarecrusher.com/support/"
       "TELNO"="REG_SZ", "+31-08-58882839"
       "TELNO_ar"="REG_SZ", "+54 11 5236 0324"
       "TELNO_at"="REG_SZ", "+43 (0)720 902 309"
       "TELNO_au"="REG_SZ", "(61)280-733403"
       "TELNO_br"="REG_SZ", "+55 21 2391 4319"
       "TELNO_ch"="REG_SZ", "+41 (0)44 508 70 37"
       "TELNO_de"="REG_SZ", "(800)-180-0926"
       "TELNO_dk"="REG_SZ", "+45 78 73 09 26"
       "TELNO_es"="REG_SZ", "+34 951 203 537"
       "TELNO_fi"="REG_SZ", "+358 (0)9 4270 4911"
       "TELNO_fr"="REG_SZ", "(334)-88627945"
       "TELNO_gb"="REG_SZ", "0800-031-5066"
       "TELNO_it"="REG_SZ", "+39 069 4802886"
       "TELNO_ja"="REG_SZ", "0120-993-506"
       "TELNO_jp"="REG_SZ", "0120-993-506"
       "TELNO_lu"="REG_SZ", "(800)-180-0926"
       "TELNO_nl"="REG_SZ", "+31-08-58882839"
       "TELNO_no"="REG_SZ", "+47 21 95 01 97"
       "TELNO_pt"="REG_SZ", "+351 70 750 2094"
       "TELNO_se"="REG_SZ", "+46-08124-10298"
       "TELNO_uk"="REG_SZ", "0800-031-5066"
       "TELNO_us"="REG_SZ", "(855)-332-0124"
       "utm_campaign"="REG_SZ", "mcrmainsite"
       "utm_medium"="REG_SZ", "mcrmainsite"
       "utm_pubid"="REG_SZ", ""
       "utm_source"="REG_SZ", "mcrmainsite"
       "vendorLogo"="REG_SZ", "common_logo.jpg"
       "vendorMachineAvi"="REG_SZ", "common_desktop.gif"
       "WebURL"="REG_SZ", "http://malwarecrusher.com/"
       "wfoset"="REG_DWORD", 1
       "x-base"="REG_SZ", ""
       "x-ccode"="REG_SZ", "nl"
    [HKEY_LOCAL_MACHINE\SOFTWARE\mc-pr]
       "affid"="REG_SZ", ""
       "country"="REG_SZ", "nl"
       "LangCode"="REG_SZ", "en"
       "phone"="REG_SZ", ""
       "pxl"="REG_SZ", "mcr2169_mcr2124_mcr1120"
       "utm_campaign"="REG_SZ", "mcrmainsite"
       "utm_medium"="REG_SZ", "mcrmainsite"
       "utm_pubid"="REG_SZ", ""
       "utm_source"="REG_SZ", "mcrmainsite"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FA2268FD-F787-4DD3-B6F1-CA4F706F481E_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files\Malware Crusher\mcr.exe"
       "DisplayName"="REG_SZ", "Malware Crusher"
       "DisplayVersion"="REG_SZ", "1.0.0.44602"
       "EstimatedSize"="REG_DWORD", 13158
       "HelpLink"="REG_SZ", "http://malwarecrusher.com/support/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Malware Crusher"
       "Inno Setup: Icon Group"="REG_SZ", "Malware Crusher"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (u)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20180314"
       "InstallLocation"="REG_SZ", "C:\Program Files\Malware Crusher\"
       "MajorVersion"="REG_DWORD", 1
       "MinorVersion"="REG_DWORD", 0
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "malwarecrusher.com"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files\Malware Crusher\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files\Malware Crusher\unins000.exe" /SILENT"
       "URLInfoAbout"="REG_SZ", "http://malwarecrusher.com/"
    [HKEY_LOCAL_MACHINE\SOFTWARE\TWFsd2FyZUNydXNoZXIuY29t\TWFsd2FyZSBDcnVzaGVy\ACT]
       "data"="REG_BINARY, ........................................................................................................................................................................................................................................................................................_.......................
    [HKEY_CURRENT_USER\Software\malwarecrusher.com\Malware Crusher]
       "affid"="REG_SZ", ""
       "Installstring"="REG_SZ", "C:\Program Files\Malware Crusher"
       "LangCode"="REG_SZ", "en"
       "pxl"="REG_SZ", "mcr2169_mcr2124_mcr1120"
       "utm_campaign"="REG_SZ", "mcrmainsite"
       "utm_medium"="REG_SZ", "mcrmainsite"
       "utm_pubid"="REG_SZ", ""
       "utm_source"="REG_SZ", "mcrmainsite"
    [HKEY_CURRENT_USER\Software\malwarecrusher.com\Malware Crusher\1.0.0.44602]

Malwarebytes log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/14/18
Scan Time: 8:36 AM
Log File: 5f4f9758-275a-11e8-826b-080027235d76.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4348
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 243716
Threats Detected: 128
Threats Quarantined: 128
Time Elapsed: 2 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\mcr.exe, Quarantined, [14673], [500145],1.0.4348

Module: 9
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\x64\SQLite.Interop.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Interop.IWshRuntimeLibrary.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\System.Data.SQLite.DLL, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\TAFactory.IconPack.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\WpfAnimatedGif.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\WPFToolkit.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\mcr.exe, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Microsoft.Win32.TaskScheduler.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Newtonsoft.Json.dll, Quarantined, [14673], [500145],1.0.4348

Registry Key: 9
PUP.Optional.MalwareCrusher, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FA2268FD-F787-4DD3-B6F1-CA4F706F481E_is1, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Malware Crusher, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1575C6A7-75E1-4238-9E8F-9C102A66A42E}, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{1575C6A7-75E1-4238-9E8F-9C102A66A42E}, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Malware Crusher_Logon, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0CDA9845-9797-47D2-9EE2-CF82A77C06C0}, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0CDA9845-9797-47D2-9EE2-CF82A77C06C0}, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, HKCU\SOFTWARE\malwarecrusher.com, Quarantined, [14673], [500149],1.0.4348
PUP.Optional.MalwareCrusher, HKLM\SOFTWARE\malwarecrusher.com, Quarantined, [14673], [500151],1.0.4348

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 14
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\x64, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\x86, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\PROGRAM FILES\MALWARE CRUSHER, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MALWARE CRUSHER, Quarantined, [14673], [500147],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\PROGRAMDATA\MALWARECRUSHER.COM, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\LogBackups, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\smico, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\icon, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\Temp, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\USERS\{username}\APPDATA\ROAMING\MALWARECRUSHER.COM, Quarantined, [14673], [500146],1.0.4348

File: 95
PUP.Optional.MalwareCrusher, C:\PROGRAM FILES\MALWARE CRUSHER\UNINS000.DAT, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\x64\SQLite.Interop.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\x86\SQLite.Interop.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\italian_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\7z.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\7z.exe, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Application_icon.png, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\danish_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Dutch_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\english_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\finish_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\French_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\german_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\ICSharpCode.SharpZipLib.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Interop.IWshRuntimeLibrary.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\norwegian_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\portuguese_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\PresentationCore.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\russian_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\spanish_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\swedish_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\System.Data.SQLite.DLL, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\System.Windows.Controls.Input.Toolkit.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\System.Windows.Controls.Layout.Toolkit.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\TAFactory.IconPack.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\unins000.exe, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\unins000.msg, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\WpfAnimatedGif.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\WPFToolkit.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\japanese_iss.ini, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\langs.db, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\mclog.xsl, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\MCPro.ttf, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\mcr.exe, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\mcr.exe.config, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Microsoft.Win32.TaskScheduler.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Microsoft.WindowsAPICodePack.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Microsoft.WindowsAPICodePack.Shell.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\Program Files\Malware Crusher\Newtonsoft.Json.dll, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\WINDOWS\SYSTEM32\TASKS\Malware Crusher, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\WINDOWS\SYSTEM32\TASKS\Malware Crusher_Logon, Quarantined, [14673], [500145],1.0.4348
PUP.Optional.MalwareCrusher, C:\USERS\PUBLIC\DESKTOP\MALWARE CRUSHER.LNK, Quarantined, [14673], [500148],1.0.4348
PUP.Optional.MalwareCrusher, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MALWARE CRUSHER\MALWARE CRUSHER.LNK, Quarantined, [14673], [500147],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Crusher\Buy Malware Crusher.lnk, Quarantined, [14673], [500147],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Crusher\Uninstall Malware Crusher.lnk, Quarantined, [14673], [500147],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\261completedatabase.zip, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\262update.db, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\262update.zip, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\263update.db, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\263update.zip, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\264update.db, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\264update.zip, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\265update.db, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\265update.zip, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\266update.db, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\266update.zip, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\267update.db, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\267update.zip, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\268update.db, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Update\268update.zip, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Browsers.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\ChromeExtentions.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\ChromeFiles.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\ChromeSearch.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\CLSID.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\CompleteDatabase.db, Delete-on-Reboot, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\FileNames.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\FilesPath.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\FirefoxExtentions.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\FirefoxFiles.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\FirefoxSearch.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\FolderNames.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\FoldersPath.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\IEExtension.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\IESearch.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\MalwareDetails.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Md5Hash.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Plugins.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Registry.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\RegistrySetting.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\Services.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\StartupTask.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\Definition\URLS.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\ProgramData\MalwareCrusher.com\Malware Crusher\QTine.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\icon\082242.ico, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\LogBackups\mcbackup_14032018_082241.bin, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\common_desktop.gif, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\DatabaseUpdate.xml, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\Errorlog.txt, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\logbkp.xml, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.MalwareCrusher, C:\Users\{username}\AppData\Roaming\MalwareCrusher.com\Malware Crusher\Result.cb, Quarantined, [14673], [500146],1.0.4348
PUP.Optional.Bundler, C:\USERS\{username}\DESKTOP\MYCOMP.EXE, Quarantined, [134], [500315],1.0.4348
Generic.Malware/Suspicious, C:\USERS\{username}\APPDATA\LOCAL\TEMP\1129656\KMS.EXE, Quarantined, [0], [392686],1.0.4348
Generic.Malware/Suspicious, C:\USERS\{username}\APPDATA\LOCAL\TEMP\1161765\KMS.EXE, Quarantined, [0], [392686],1.0.4348
Generic.Malware/Suspicious, C:\USERS\{username}\APPDATA\LOCAL\TEMP\1080046\KMS.EXE, Quarantined, [0], [392686],1.0.4348

Physical Sector: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements






Also tagged with one or more of these keywords: (855)-332-0124

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.