Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for MapsTrek

- - - - -
Started by Metallica , Jun 29 2018 08:05 AM
AdvertisingExt

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 29 June 2018 - 08:05 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is MapsTrek?

The Malwarebytes research team has determined that MapsTrek is potentially unwanted adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by MapsTrek?

You may see these browser extensions:

main.png

warning1.png

warning2.png

these warnings during install:

warning5.png

warning6.png

and this entry in your list of installed Programs and Features:

warning4.png

How did MapsTrek get on my computer?

Adware applications use different methods for distributing themselves. This particular one was downloaded from their website:

website.png

but the Chrome extension was also available in the webstore:

webstore.png

How do I remove MapsTrek?

Our program Malwarebytes can detect and remove this potentially unwanted program.
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of MapsTrek?
  • No, Malwarebytes removes MapsTrek completely.
  • If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods.
How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this adware.

As you can see below the full version of Malwarebytes would have protected you against the MapsTrek adware. It would have blocked the installer before it became too late.

protection1.png


Technical details for experts

Possible signs in FRST logs:
BHO-x32: MapsTrek -> {0140D199-90CB-43AD-96B5-FCC4EBEA3C5C} -> C:\Users\{username}\AppData\Local\MapsTrek\mastrk.dll [2017-11-28] (MapsTrek)
FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\{e3eb4df8-0cfb-4380-a7c0-856d4deda887}.xpi [2018-06-29]
CHR Extension: (MapsTrek) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj [2018-06-29]
Significant changes made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0
       Adds the file listmutex.js"="6/21/2018 10:10 AM, 3725 bytes, A
       Adds the file manifest.json"="6/29/2018 8:39 AM, 2514 bytes, A
       Adds the file segmentsignal.js"="6/21/2018 10:10 AM, 9912 bytes, A
       Adds the file shredpoint.js"="6/21/2018 10:10 AM, 908 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\_metadata
       Adds the file computed_hashes.json"="6/29/2018 8:39 AM, 13153 bytes, A
       Adds the file verified_contents.json"="6/21/2018 10:10 AM, 5981 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code
       Adds the file adaptmodel.js"="6/21/2018 10:10 AM, 4915 bytes, A
       Adds the file calcandreturnlist.js"="6/21/2018 10:10 AM, 30188 bytes, A
       Adds the file copylist.js"="6/21/2018 10:10 AM, 10982 bytes, A
       Adds the file existaccountant.js"="6/21/2018 10:10 AM, 26662 bytes, A
       Adds the file helpaccount.js"="6/21/2018 10:10 AM, 38561 bytes, A
       Adds the file iterateaccount.js"="6/21/2018 10:10 AM, 12401 bytes, A
       Adds the file leavebroker.js"="6/21/2018 10:10 AM, 6920 bytes, A
       Adds the file makerange.js"="6/21/2018 10:10 AM, 102655 bytes, A
       Adds the file repairmaterial.js"="6/21/2018 10:10 AM, 52386 bytes, A
       Adds the file returnvalues.js"="6/21/2018 10:10 AM, 18867 bytes, A
       Adds the file throwbackquery.js"="6/21/2018 10:10 AM, 2857 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core
       Adds the file abolishmoduo.js"="6/21/2018 10:10 AM, 34271 bytes, A
       Adds the file abolishmoduoA.js"="6/21/2018 10:10 AM, 1008 bytes, A
       Adds the file abolishmoduoB.js"="6/21/2018 10:10 AM, 95621 bytes, A
       Adds the file abolishmoduoC.js"="6/21/2018 10:10 AM, 23278 bytes, A
       Adds the file cyclelogic.js"="6/21/2018 10:10 AM, 879 bytes, A
       Adds the file readclock.js"="6/21/2018 10:10 AM, 23246 bytes, A
       Adds the file readclockA.js"="6/21/2018 10:10 AM, 8041 bytes, A
       Adds the file readclockB.js"="6/21/2018 10:10 AM, 7465 bytes, A
       Adds the file substractpoint.js"="6/21/2018 10:10 AM, 7921 bytes, A
       Adds the file substracttheme.js"="6/21/2018 10:10 AM, 1560 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\css
       Adds the file backcomp.css"="6/21/2018 10:10 AM, 1798 bytes, A
       Adds the file style.css"="6/21/2018 10:10 AM, 6052 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\html
       Adds the file background.html"="6/21/2018 10:10 AM, 302 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons
       Adds the file 128.png"="6/29/2018 8:39 AM, 3559 bytes, A
       Adds the file 16.png"="6/29/2018 8:39 AM, 525 bytes, A
       Adds the file 19.png"="6/29/2018 8:39 AM, 861 bytes, A
       Adds the file 32.png"="6/29/2018 8:39 AM, 943 bytes, A
       Adds the file 38.png"="6/29/2018 8:39 AM, 1375 bytes, A
       Adds the file 48.png"="6/29/2018 8:39 AM, 2370 bytes, A
       Adds the file 64.png"="6/21/2018 10:10 AM, 2844 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\js
       Adds the file vast.js"="6/21/2018 10:10 AM, 44016 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\lib
       Adds the file require.js"="6/21/2018 10:10 AM, 86328 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main
       Adds the file mountgate.js"="6/21/2018 10:10 AM, 71956 bytes, A
       Adds the file putparameters.js"="6/21/2018 10:10 AM, 22388 bytes, A
       Adds the file repairserver.js"="6/21/2018 10:10 AM, 78490 bytes, A
       Adds the file showqueue.js"="6/21/2018 10:10 AM, 40935 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj
       Adds the file 000003.log"="6/29/2018 8:45 AM, 6801 bytes, A
       Adds the file CURRENT"="6/29/2018 8:39 AM, 16 bytes, A
       Adds the file LOCK"="6/29/2018 8:39 AM, 0 bytes, A
       Adds the file LOG"="6/29/2018 8:45 AM, 412 bytes, A
       Adds the file LOG.old"="6/29/2018 8:39 AM, 185 bytes, A
       Adds the file MANIFEST-000001"="6/29/2018 8:39 AM, 41 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\MapsTrek
       Adds the file mastrk.dll"="11/28/2017 1:41 PM, 677232 bytes, A
       Adds the file mastrk.exe"="11/28/2017 1:40 PM, 232304 bytes, A
       Adds the file unmastrk.exe"="11/28/2017 1:41 PM, 114712 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\{e3eb4df8-0cfb-4380-a7c0-856d4deda887}
       Adds the file storage.js"="6/29/2018 8:41 AM, 397 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions
       Adds the file {e3eb4df8-0cfb-4380-a7c0-856d4deda887}.xpi"="6/29/2018 8:41 AM, 17836 bytes, A
    In the existing folder C:\Users\{username}\Desktop
       Adds the file MapsTrek.exe"="6/29/2018 8:43 AM, 429368 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}]
       "(Default)"="REG_SZ", "MapsTrek"
       "NoExplorer"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\9CFD33853782489EA5282D5DAD887BAB]
       "Ticket"="REG_SZ", "y9BsA114SPykduzJRCBX"
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\mastrk]
       "53b4CHa0gt"="REG_BINARY, ....
       "kAfFt7TX2P"="REG_BINARY, ....
       "LLRJVICeKY"="REG_BINARY, 
       "OqjEHqg7WD"="REG_BINARY, ..............................................................................................................
       "OX9HDv6ilb"="REG_BINARY, ...............
       "ppEwOXWLbn"="REG_BINARY, ................................................................................................................................
    [HKEY_CURRENT_USER\Software\Classes\MapsTrek.Control]
       "(Default)"="REG_SZ", "MapsTrek"
       "CurVer"="REG_SZ", "MapsTrek.Control.1"
       "Software\Classes\CLSID"="REG_SZ", "{4F092454-7375-4357-B997-21EE5F915EAB}"
    [HKEY_CURRENT_USER\Software\Classes\MapsTrek.Control.1]
       "(Default)"="REG_SZ", "MapsTrek"
       "Software\Classes\CLSID"="REG_SZ", "{4F092454-7375-4357-B997-21EE5F915EAB}"
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}]
       "(Default)"="REG_SZ", "MapsTrek"
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}\Implemented Categories]
       "(Default)"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
       "(Default)"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}\InProcServer32]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\MapsTrek\mastrk.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4F092454-7375-4357-B997-21EE5F915EAB}]
       "(Default)"="REG_SZ", "MapsTrek Control"
       "ProgID"="REG_SZ", "MapsTrek.Control.1"
       "VersionIndependentProgID"="REG_SZ", "MapsTrek.Control"
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4F092454-7375-4357-B997-21EE5F915EAB}\InProcServer32]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\MapsTrek\mastrk.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings]
       "gdnkjjhpffldmfljpbfemliidkeeecdj"="REG_SZ", "1D272EB48CF1865AE596521B48415BDA65A4296278AC9C0929B5D7C0135A6738"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]
       "{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}"="REG_BINARY, ............
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MapsTrek]
       "DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Local\MapsTrek\unmastrk.exe""
       "DisplayName"="REG_SZ", "MapsTrek"
       "DisplayVersion"="REG_SZ", "1.0.0"
       "HelpLink"="REG_SZ", "http://www.mapstrek.com"
       "SupportLink"="REG_SZ", "http://www.mapstrek.com"
       "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Local\MapsTrek\unmastrk.exe""
Malwarebytes log:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/29/18
Scan Time: 3:48 PM
Log File: 0b7ac2c2-7ba3-11e8-8ba1-00ffdcc6fdfc.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5683
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 251850
Threats Detected: 74
Threats Quarantined: 74
Time Elapsed: 3 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
PUP.Optional.MapsTrek, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MapsTrek, Quarantined, [1688], [522771],1.0.5683
PUP.Optional.MapsTrek, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}, Quarantined, [1688], [522760],1.0.5683
PUP.Optional.MapsTrek, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}, Quarantined, [1688], [522760],1.0.5683
PUP.Optional.MapsTrek, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0140D199-90CB-43AD-96B5-FCC4EBEA3C5C}, Quarantined, [1688], [522760],1.0.5683

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 14
PUP.Optional.MapsTrek, C:\USERS\{username}\APPDATA\LOCAL\MAPSTREK, Quarantined, [1688], [522773],1.0.5683
PUP.Optional.MapsTrek, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\{E3EB4DF8-0CFB-4380-A7C0-856D4DEDA887}, Quarantined, [1688], [522762],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\_metadata, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\html, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\css, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\lib, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GDNKJJHPFFLDMFLJPBFEMLIIDKEEECDJ, Quarantined, [14286], [536589],1.0.5683

File: 56
PUP.Optional.MapsTrek, C:\USERS\{username}\APPDATA\LOCAL\MAPSTREK\UNMASTRK.EXE, Quarantined, [1688], [522773],1.0.5683
PUP.Optional.MapsTrek, C:\Users\{username}\AppData\Local\MapsTrek\mastrk.dll, Quarantined, [1688], [522773],1.0.5683
PUP.Optional.MapsTrek, C:\Users\{username}\AppData\Local\MapsTrek\mastrk.exe, Quarantined, [1688], [522773],1.0.5683
PUP.Optional.MapsTrek, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\{e3eb4df8-0cfb-4380-a7c0-856d4deda887}\storage.js, Quarantined, [1688], [522762],1.0.5683
PUP.Optional.MapsTrek, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\{E3EB4DF8-0CFB-4380-A7C0-856D4DEDA887}.XPI, Quarantined, [1688], [522772],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\000003.log, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\CURRENT, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\LOCK, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\LOG, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\LOG.old, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnkjjhpffldmfljpbfemliidkeeecdj\MANIFEST-000001, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GDNKJJHPFFLDMFLJPBFEMLIIDKEEECDJ\182.5498.1094.31_0\MANIFEST.JSON, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\adaptmodel.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\calcandreturnlist.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\copylist.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\existaccountant.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\helpaccount.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\iterateaccount.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\leavebroker.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\makerange.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\repairmaterial.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\returnvalues.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\code\throwbackquery.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\abolishmoduo.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\abolishmoduoA.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\abolishmoduoB.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\abolishmoduoC.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\cyclelogic.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\readclock.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\readclockA.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\readclockB.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\substractpoint.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\core\substracttheme.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\css\backcomp.css, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\css\style.css, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\html\background.html, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\128.png, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\16.png, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\19.png, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\32.png, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\38.png, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\48.png, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\icons\64.png, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\js\vast.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\lib\require.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main\mountgate.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main\putparameters.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main\repairserver.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\main\showqueue.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\_metadata\computed_hashes.json, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\_metadata\verified_contents.json, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\listmutex.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\segmentsignal.js, Quarantined, [14286], [536589],1.0.5683
PUP.Optional.AdvertisingExt.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnkjjhpffldmfljpbfemliidkeeecdj\182.5498.1094.31_0\shredpoint.js, Quarantined, [14286], [536589],1.0.5683

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials



Also tagged with one or more of these keywords: AdvertisingExt

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.