What is WowMusix Start?
The Malwarebytes research team has determined that WowMusix Start is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
How do I know if my computer is affected by WowMusix Start?
You may see this entry in your list of installed Chrome extensions:
and these warnings during install:
You will see this icon in your Chrome menu-bar:
and this changed setting:
How did WowMusix Start get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:
after a redirect from their website:
How do I remove WowMusix Start?
Our program Malwarebytes can detect and remove this potentially unwanted program.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes removes WowMusix Start completely.
We hope our application and this guide have helped you eradicate this hijacker.
Technical details for experts
Possible signs in FRST logs:
CHR NewTab: Default -> Active:"chrome-extension://agibagflppafhfonkefpklndlohkclcb/index.html" CHR Extension: (WowMusix Start) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb [2019-01-15]Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0 Adds the file index.html"="12/9/2015 3:57 PM, 10658 bytes, A Adds the file manifest.json"="1/15/2019 9:03 AM, 1137 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\_metadata Adds the file computed_hashes.json"="1/15/2019 9:03 AM, 12371 bytes, A Adds the file verified_contents.json"="12/9/2015 4:16 PM, 4757 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons Adds the file icons_ama.png"="11/19/2015 4:39 PM, 2473 bytes, A Adds the file icons_ebay.png"="11/19/2015 4:39 PM, 2542 bytes, A Adds the file icons_fb.png"="11/19/2015 4:39 PM, 2155 bytes, A Adds the file icons_flickr.png"="11/19/2015 4:39 PM, 2344 bytes, A Adds the file icons_gogleplus.png"="11/19/2015 4:39 PM, 2622 bytes, A Adds the file icons_gomusix.png"="11/19/2015 4:39 PM, 2710 bytes, A Adds the file icons_inst.png"="11/19/2015 4:39 PM, 2407 bytes, A Adds the file icons_linked.png"="11/19/2015 4:39 PM, 2215 bytes, A Adds the file icons_movixHub.png"="11/19/2015 4:39 PM, 2434 bytes, A Adds the file icons_pin.png"="11/19/2015 4:39 PM, 2579 bytes, A Adds the file icons_tumbir.png"="11/19/2015 4:39 PM, 2212 bytes, A Adds the file icons_twi.png"="11/19/2015 4:39 PM, 2451 bytes, A Adds the file icons_yah.png"="11/19/2015 4:39 PM, 2374 bytes, A Adds the file icons_yt.png"="11/19/2015 4:39 PM, 2543 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs Adds the file logo.png"="1/15/2019 9:03 AM, 4126 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs\offers Adds the file classic.png"="11/19/2015 4:39 PM, 23964 bytes, A Adds the file dance.png"="11/19/2015 4:39 PM, 44793 bytes, A Adds the file electro.png"="11/19/2015 4:39 PM, 24754 bytes, A Adds the file jazz.png"="11/19/2015 4:39 PM, 19203 bytes, A Adds the file pop.png"="11/19/2015 4:39 PM, 28281 bytes, A Adds the file rock.png"="11/19/2015 4:39 PM, 38678 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\js Adds the file auto_complete.js"="12/9/2015 4:15 PM, 2493 bytes, A Adds the file background.js"="12/9/2015 3:57 PM, 3551 bytes, A Adds the file bootstrap.min.js"="11/19/2015 4:39 PM, 35607 bytes, A Adds the file content.js"="12/9/2015 4:07 PM, 5369 bytes, A Adds the file jquery.min.js"="11/19/2015 4:39 PM, 93104 bytes, A Adds the file jquery-1.9.1.js"="11/19/2015 4:39 PM, 277978 bytes, A Adds the file jqueryui.min.js"="11/19/2015 4:39 PM, 228013 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "agibagflppafhfonkefpklndlohkclcb"="REG_SZ", "2D2E7C92D72FEFF8647F22550F1E16F7EE304E3D2463A56C51EC6039307F9E88"Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/15/19 Scan Time: 9:15 AM Log File: c5ce4d8d-189d-11e9-b4f2-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8694 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236265 Threats Detected: 42 Threats Quarantined: 42 Time Elapsed: 2 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.GoMusix.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|agibagflppafhfonkefpklndlohkclcb, Quarantined, [14426], [443087],1.0.8694 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs\offers, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\_metadata, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\js, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AGIBAGFLPPAFHFONKEFPKLNDLOHKCLCB, Quarantined, [14426], [443087],1.0.8694 File: 34 PUP.Optional.GoMusix.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AGIBAGFLPPAFHFONKEFPKLNDLOHKCLCB\1.0.4_0\INDEX.HTML, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_ama.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_ebay.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_fb.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_flickr.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_gogleplus.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_gomusix.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_inst.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_linked.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_movixHub.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_pin.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_tumbir.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_twi.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_yah.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\icons\icons_yt.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs\offers\classic.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs\offers\dance.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs\offers\electro.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs\offers\jazz.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs\offers\pop.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs\offers\rock.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\imgs\logo.png, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\js\auto_complete.js, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\js\background.js, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\js\bootstrap.min.js, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\js\content.js, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\js\jquery-1.9.1.js, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\js\jquery.min.js, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\js\jqueryui.min.js, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\_metadata\computed_hashes.json, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\_metadata\verified_contents.json, Quarantined, [14426], [443087],1.0.8694 PUP.Optional.GoMusix.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibagflppafhfonkefpklndlohkclcb\1.0.4_0\manifest.json, Quarantined, [14426], [443087],1.0.8694 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention