Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Speed Check

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Speed Check?

The Malwarebytes research team has determined that Speed Check is a browser hijacker and forced Edge extension.
This extension was available for Chrome and Firefox according tho their website, but those have been removed from the webstores.

How do I know if my computer is affected by Speed Check?

You may see these warnings during install:

warning1.png

warning2.png

You may see this entry in your list of installed Edge extensions:

main.png

and this icon in the browser's menu-bar:

icons.png

How did Speed Check get on my computer?
Forced extensions use a typical method for distributing themselves. This particular one was also available in the webstore.

webstore.png

and is being promoted on their website:

website.png

How do I remove Speed Check?

Our program Malwarebytes can detect and remove this unwanted program.
  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.
Is there anything else I need to do to get rid of Speed Check?
  • No, Malwarebytes removes Speed Check completely.
Technical details for experts

Possible signs in FRST logs:

Edge Extension: (Speed Check) - C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll [2021-11-04]
Alterations made by the installer:
 
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0
       Adds the file manifest.json"="11/4/2021 11:21 AM, 987 bytes, A
       Adds the file ttrag.js"="9/9/2021 5:17 PM, 8869 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\__MACOSX
       Adds the file ._ics"="9/9/2021 3:37 PM, 211 bytes, A
       Adds the file ._manifest.json"="9/9/2021 3:37 PM, 211 bytes, A
       Adds the file ._ttrag.js"="9/9/2021 5:17 PM, 211 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\__MACOSX\ics
       Adds the file ._image128.png"="9/9/2021 3:37 PM, 211 bytes, A
       Adds the file ._image16.png"="9/9/2021 3:37 PM, 211 bytes, A
       Adds the file ._image32.png"="9/9/2021 3:37 PM, 211 bytes, A
       Adds the file ._image64.png"="9/9/2021 3:37 PM, 211 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\_metadata
       Adds the file computed_hashes.json"="11/4/2021 11:21 AM, 1045 bytes, A
       Adds the file verified_contents.json"="9/13/2021 11:54 AM, 2960 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kncjaipolcjphijglhbalgdpigdeldll\1.0_0\ics
       Adds the file image128.png"="11/4/2021 11:21 AM, 8193 bytes, A
       Adds the file image16.png"="11/4/2021 11:21 AM, 818 bytes, A
       Adds the file image32.png"="11/4/2021 11:21 AM, 1934 bytes, A
       Adds the file image64.png"="11/4/2021 11:21 AM, 3940 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll
       Adds the file 000003.log"="11/4/2021 11:21 AM, 317 bytes, A
       Adds the file CURRENT"="11/4/2021 11:21 AM, 16 bytes, A
       Adds the file LOCK"="11/4/2021 11:21 AM, 0 bytes, A
       Adds the file LOG"="11/4/2021 11:21 AM, 371 bytes, A
       Adds the file MANIFEST-000001"="11/4/2021 11:21 AM, 41 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings]
       "kncjaipolcjphijglhbalgdpigdeldll"="REG_SZ", "A89589C024F1C7CAC3B15D3C54D86230006D5604BC18FE9E533C5BAC1769E25B"
Malwarebytes log:
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/4/21
Scan Time: 11:31 AM
Log File: 53ebb40e-3d5a-11ec-9ba9-080027235d76.json

-Software Information-
Version: 4.4.9.142
Components Version: 1.0.1486
Update Package Version: 1.0.46768
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 259693
Threats Detected: 9
Threats Quarantined: 9
Time Elapsed: 2 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.ForcedExtension, HKCU\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|kncjaipolcjphijglhbalgdpigdeldll, Quarantined, 298, 994286, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll, Quarantined, 298, 994286, , , , , , 
PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\EXTENSIONS\kncjaipolcjphijglhbalgdpigdeldll, Quarantined, 298, 994286, 1.0.46768, , ame, , , 

File: 6
PUP.Optional.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 298, 994286, , , , , 184C32B404CEF12D2EB4B502A4DACEF2, F5861FF291C9F1E30C06C9A89910FCDF1ED5995F3BCCAF561EE77C44389B9CC2
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\000003.log, Quarantined, 298, 994286, , , , , 92BFC1ADD9549F52AF3C696DCC36A681, D0662BBB6AB0A62566195D19F7688E9CB51838899ECDF08ADC3D62F4FDE1EBEA
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\CURRENT, Quarantined, 298, 994286, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\LOCK, Quarantined, 298, 994286, , , , , , 
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\LOG, Quarantined, 298, 994286, , , , , BD55481E29F5E906466345224A6E8F9A, 45F3940977E658510C3DF1D39D5C52F5172957B5A586FB6FE11337C960C0282C
PUP.Optional.ForcedExtension, C:\Users\{username}\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\kncjaipolcjphijglhbalgdpigdeldll\MANIFEST-000001, Quarantined, 298, 994286, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.