Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Punctis Plugin

- - - - -
Started by Metallica , Feb 08 2014 03:05 PM

  • Please log in to reply
No replies to this topic

#1
Metallica
Posted 08 February 2014 - 03:05 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Punctis Plugin?

The Malwarebytes research team has determined that Punctis Plugin is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice.

How do I know if my computer is effected by Punctis Plugin?

You may see this warning during install:

Posted Image

Together with this icon in your taskbar:

Posted Image

In Internet Explorer you will see these changes in the add-ons and the toolbar:

Posted Image

Posted Image


How did Punctis Plugin get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Punctis Plugin?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Punctis Plugin?

  • No, but to remove the Chrome extension you will need Malwarebytes Anti-Malware 2.00 beta or newer.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Punctis Plugin rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.


Posted Image

Technical details for experts

Signs in a HijackThis log:
O2 - BHO: CrossriderApp0047482 - {11111111-1111-1111-1111-110411741182} - C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll

Alterations made by the installer:
File system details
---------------------------------------------
	Adds the folder C:\Program Files\Punctis Plugin
	   Adds the file background.html"="12/20/2013 1:52 PM, 729 bytes, A
	   Adds the file Installer.log"="2/8/2014 8:40 PM, 162616 bytes, A
	   Adds the file Punctis Plugin.ico"="12/20/2013 1:52 PM, 9662 bytes, A
	   Adds the file Punctis Plugin-bg.exe"="2/8/2014 8:40 PM, 773120 bytes, A
	   Adds the file Punctis Plugin-bho.dll"="2/8/2014 8:40 PM, 640512 bytes, A
	   Adds the file Punctis Plugin-buttonutil.dll"="2/8/2014 8:40 PM, 428544 bytes, A
	   Adds the file Punctis Plugin-buttonutil.exe"="2/8/2014 8:40 PM, 331264 bytes, A
	   Adds the file Punctis Plugin-codedownloader.exe"="2/8/2014 8:40 PM, 523776 bytes, A
	   Adds the file Punctis Plugin-enabler.exe"="2/8/2014 8:40 PM, 344064 bytes, A
	   Adds the file Punctis Plugin-helper.exe"="2/8/2014 8:40 PM, 331776 bytes, A
	   Adds the file Uninstall.exe"="2/8/2014 8:40 PM, 402424 bytes, A


Registry details [View: All details] (All)
------------------------------------------
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}]
	   "(Default)"="REG_SZ, "Punctis Plugin"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\Implemented Categories]
	   "(Default)"="REG_SZ, ""
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
	   "(Default)"="REG_SZ, ""
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\InprocServer32]
	   "(Default)"="REG_SZ, "C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll"
	   "ThreadingModel"="REG_SZ, "Apartment"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\ProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0047482.BHO.1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\Programmable]
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444744482}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411741182}\VersionIndependentProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0047482"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}]
	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\InprocServer32]
	   "(Default)"="REG_SZ, "C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll"
	   "ThreadingModel"="REG_SZ, "Apartment"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\ProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox.1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\Programmable]
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444744482}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422742282}\VersionIndependentProgID]
	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO]
	   "(Default)"="REG_SZ, "CrossriderApp0047482"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO\CLSID]
	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110411741182}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO\CurVer]
	   "(Default)"="REG_SZ, "CrossriderApp0047482"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO.1]
	   "(Default)"="REG_SZ, "CrossriderApp0047482"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.BHO.1\CLSID]
	   "(Default)"="REG_SZ, "{11111111-1111-1111-1111-110411741182}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox]
	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox\CLSID]
	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220422742282}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox\CurVer]
	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox.1]
	   "(Default)"="REG_SZ, "CrossriderApp0047482.Sandbox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0047482.Sandbox.1\CLSID]
	   "(Default)"="REG_SZ, "{22222222-2222-2222-2222-220422742282}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455745582}]
	   "(Default)"="REG_SZ, "ICrossriderBHO"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455745582}\ProxyStubClsid]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455745582}\ProxyStubClsid32]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455745582}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444744482}"
	   "Version"="REG_SZ, "1.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466746682}]
	   "(Default)"="REG_SZ, "ISandBox"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466746682}\ProxyStubClsid]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466746682}\ProxyStubClsid32]
	   "(Default)"="REG_SZ, "{00020424-0000-0000-C000-000000000046}"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466746682}\TypeLib]
	   "(Default)"="REG_SZ, "{44444444-4444-4444-4444-440444744482}"
	   "Version"="REG_SZ, "1.0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444744482}\1.0]
	   "(Default)"="REG_SZ, "CrossriderApp0047482 Type Library"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444744482}\1.0\0\win32]
	   "(Default)"="REG_SZ, "C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444744482}\1.0\FLAGS]
	   "(Default)"="REG_SZ, "0"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444744482}\1.0\HELPDIR]
	   "(Default)"="REG_SZ, "C:\Program Files\Punctis Plugin"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]
	   "Punctis Plugin-bg.exe"="REG_DWORD, 8000"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411741182}]
	   "(Default)"="REG_SZ, "CrossriderApp0047482"
	   "NoExplorer"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Punctis Plugin]
	   "CrAppId"="REG_SZ, "47482"
	   "CrPublisherId"="REG_SZ, "25470"
	   "DisplayIcon"="REG_SZ, "C:\Program Files\Punctis Plugin\Uninstall.exe"
	   "DisplayName"="REG_SZ, "Punctis Plugin"
	   "DisplayVersion"="REG_SZ, "1.32.153.0"
	   "Publisher"="REG_SZ, "Guido Arata"
	   "UninstallString"="REG_SZ, "C:\Program Files\Punctis Plugin\Uninstall.exe /fromcontrolpanel=1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Punctis Plugin\IE]
	   "TotalProfiles"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Punctis Plugin\IE\Profiles]
	   "{userID}"="REG_DWORD, 1"
	[HKEY_LOCAL_MACHINE\SOFTWARE\Punctis Plugin\Installer]
	   "BundledIe"="REG_DWORD, 1"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
	   "Bic"="REG_SZ, "70D45A0607354EF7883B264E9B9C0974IE"
	   "Verifier"="REG_SZ, "b71217994f21c545dd787539e8f9e0e6"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin]
	   "ActiveAppId"="REG_SZ, "47482"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Code]
	   "AppJavaScript"="REG_SZ, "*Knowing issues: "
	   "NewTabJavaScript"="REG_SZ, ""
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Debug]
	   "IsDebuggingPlugins"="REG_DWORD, 0"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Installer]
	   "CodeDownloadDomain"="REG_SZ, "http://app-static.crossrider.com"
	   "ErrorsDomain"="REG_SZ, "http://errors.statsmyapp.com"
	   "FullVersion"="REG_SZ, "1.32.153.0"
	   "FullVersionForUrl"="REG_SZ, "1_32_153"
	   "Params"="REG_SZ, "{   "source_id" : "0",   "sub_id" : "0",   "uzid" : "0"}"
	   "SrcId"="REG_SZ, "0"
	   "StatsDomain"="REG_SZ, "http://stats.statsmyapp.com"
	   "SubId"="REG_SZ, "0"
	   "Time"="REG_SZ, "1391888394"
	   "ZData"="REG_SZ, "0"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Log]
	   "punctis plugin-bho"="REG_DWORD, 0"
	   "punctis plugin-helper"="REG_DWORD, 0"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Manifest]
	   "AddressbarURL"="REG_SZ, "NA"
	   "BgVersion"="REG_SZ, "6"
	   "ChangePrevious"="REG_SZ, "false"
	   "Description"="REG_SZ, "Give a real value to your everyday life on the Web: earn great voucher discounts while surfing the web"
	   "DisableIe"="REG_SZ, "true"
	   "EnableSearchIE"="REG_SZ, "false"
	   "HomePageUrl"="REG_SZ, "NA"
	   "IsButtonEnabled"="REG_SZ, "true"
	   "Manifest"="REG_SZ, "NA"
	   "ModeType"="REG_SZ, "production"
	   "Name"="REG_SZ, "Punctis Plugin"
	   "PluginsManifestVersion"="REG_SZ, "3"
	   "PublisherId"="REG_SZ, "25470"
	   "PublisherName"="REG_SZ, "Guido Arata"
	   "RunInFrame"="REG_SZ, "false"
	   "SetNewTab"="REG_SZ, "false"
	   "ThanksUrl"="REG_SZ, "NA"
	   "UninstallerOfferAction"="REG_SZ, "NA"
	   "UninstallerOfferUrl"="REG_SZ, "NA"
	   "UpdateInterval"="REG_DWORD, 360
	   "Version"="REG_SZ, "20"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins]
	   "AppPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,207,72,177,28"
	   "BgPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,64,183,207,47,182,72"
	   "BrowserEventPluginList"="REG_SZ, "14,42,41,44,39,38,43,37,64,72"
	   "NewTabPluginList"="REG_SZ, "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"
	   "OnRequestPluginList"="REG_SZ, "14,42,41,39,38,43,45,64,72"
	   "PopupPluginList"="REG_SZ, "42,38,46,41,44,39,35,43,36,4,14,78,13,64,207,47,182,72,94"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\1]
	   "JavaScript"="REG_SZ, "*code in javascript   "	
	   "Name"="REG_SZ, "base"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/base.js"
	   "Version"="REG_DWORD, 10
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\13]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "CrossriderAppUtils"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/CrossriderAppUtils.js"
	   "Version"="REG_DWORD, 7"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\14]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "CrossriderUtils"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/CrossriderUtils.js"
	   "Version"="REG_DWORD, 11"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\17]
	   "Name"="REG_SZ, "jQuery"
	   "Version"="REG_DWORD, 4"
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\177]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "crossriderDashboard"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/crossriderDashboard.js"
	   "Version"="REG_DWORD, 2
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\182]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "openUrl"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/openUrl.js"
	   "Version"="REG_DWORD, 3
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\183]
	   "JavaScript"="REG_SZ, ""*code in javascript   "
	   "Name"="REG_SZ, "tabsWrapper"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/tabsWrapper.js"
	   "Version"="REG_DWORD, 3
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\2]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "ie8_fix_1"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie8_fix_1.js"
	   "Version"="REG_DWORD, 2
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\207]
	   "JavaScript"="REG_SZ, ""*code in javascript   "
	   "Name"="REG_SZ, "dbWrapper"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/dbWrapper.js"
	   "Version"="REG_DWORD, 2
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\21]
	   "JavaScript"="REG_SZ, ""*code in javascript   "
	   "Name"="REG_SZ, "debug"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/debug.js"
	   "Version"="REG_DWORD, 5
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\22]
	   "JavaScript"="REG_SZ, ""*code in javascript   "
	   "Name"="REG_SZ, "resources"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/resources.js"
	   "Version"="REG_DWORD, 5
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\28]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "initializer"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/initializer.js"
	   "Version"="REG_DWORD, 4
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\3]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "ie8_fix_2"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie8_fix_2.js"
	   "Version"="REG_DWORD, 2
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\3]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "IEAjax"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEAjax.js"
	   "Version"="REG_DWORD, 4
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\36]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "IEBackground"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEBackground.js"
	   "Version"="REG_DWORD, 7
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\37]
	   "JavaScript"="*code in javascript   "
	   "Name"="REG_SZ, "IEBrowserEvents"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEBrowserEvents.js"
	   "Version"="REG_DWORD, 6
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\38]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "IECallbacks"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IECallbacks.js"
	   "Version"="REG_DWORD, 4
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\39]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "IEDatabase"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEDatabase.js"
	   "Version"="REG_DWORD, 5
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\4]
	   "Name"="REG_SZ, "jquery_1_7_1"
	   "Version"="REG_DWORD, 4
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\40]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "IEExtension"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEExtension.js"
	   "Version"="REG_DWORD, 4
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\41]
	   "JavaScript"="*code in javascript   "
	   "Name"="REG_SZ, "IEInfo"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEInfo.js"
	   "Version"="REG_DWORD, 7
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\42]
	   "JavaScript"="*code in javascript   "
	   "Name"="REG_SZ, "IEInternal"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEInternal.js"
	   "Version"="REG_DWORD, 9
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\43]
	   "JavaScript"="*code in javascript   "
	   "Name"="REG_SZ, "IEMessaging"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEMessaging.js"
	   "Version"="REG_DWORD, 5
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\44]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "IEMisc"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEMisc.js"
	   "Version"="REG_DWORD, 6
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\45]
	   "JavaScript"="*code in javascript   "
	   "Name"="REG_SZ, "IEOnRequest"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEOnRequest.js"
	   "Version"="REG_DWORD, 4
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\46]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "IETimers"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IETimers.js"
	   "Version"="REG_DWORD, 5
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\47]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "resources_background"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/resources_background.js"
	   "Version"="REG_DWORD, 3
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\64]
	   "JavaScript"="*code in javascript   "
	   "Name"="REG_SZ, "appApiMessage"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/appApiMessage.js"
	   "Version"="REG_DWORD, 3
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\72]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "appApiValidation"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/appApiValidation.js"
	   "Version"="REG_DWORD, 4
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\78]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "CrossriderInfo"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/CrossriderInfo.js"
	   "Version"="REG_DWORD, 5
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Plugins\94]
	   "JavaScript"="REG_SZ, "*code in javascript   "
	   "Name"="REG_SZ, "IEPopup"
	   "Url"="REG_SZ, "http://app-static.crossrider.com/plugins/mins/ie/IEPopup.js"
	   "Version"="REG_DWORD, 2
	[HKEY_CURRENT_USER\Software\AppDataLow\Software\Punctis Plugin\Update]
	   "LastCheck"="REG_DWORD, 1391888433"
	[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Punctis Plugin]
	[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Guido Arata]
	   "47482"="REG_SZ, "Punctis Plugin"
	[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]
	   "{11111111-1111-1111-1111-110411741182}"="REG_BINARY, ............
	[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411741182}\iexplore]
	   "Blocked"="REG_DWORD, 1
	   "Count"="REG_DWORD, 1
	   "Flags"="REG_DWORD, 0
	   "Time"="REG_BINARY, .....*..
	   "Type"="REG_DWORD, 3
	[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
	   "C:\Users\{username}\Desktop\punctisplugin.exe"="REG_DWORD, 1

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/8/2014
Scan Time: 8:50:50 PM
Filename: mbampunctislog.txt

OS: Windows 7 Service Pack 1
CPU: x86
User: Malwarebytes
File System: NTFS

Version: 2.00.0.0502
Database: v2014.02.08.07
Administrator: true
License: Trial
Protection: true

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 189278
Time Elapsed: 2 min, 33 sec
Memory: yes
Startup: yes
FileSystem: yes
HeuristicsShuriken: yes
PUP: yes
PUM: yes
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 18
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 4
Files: 22

key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411741182},
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444744482},
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550455745582},
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660466746682},
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CrossriderApp0047482.BHO.1,
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411741182},
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CrossriderApp0047482.BHO,
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411741182},
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411741182},
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220422742282},
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CrossriderApp0047482.Sandbox.1,
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CrossriderApp0047482.Sandbox,
key, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411741182}\INPROCSERVER32,
key, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Punctis Plugin,
key, PUP.Optional.CrossRider.A, success, [3a8df3e6651596a0b79bfba7946f8080], HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider,
key, PUP.Optional.PunctisPlugin.A, success, [ecdba732e397063060d5d0a3d1316c94], HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Guido Arata,
key, PUP.Optional.PunctisPlugin.A, success, [53745a7fc4b681b50532f87b36cc6997], HKLM\SOFTWARE\Punctis Plugin,
key, PUP.Optional.Ligtning.A, success, [349349900d6d2e08ba8abeb5c33f4cb4], HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml,
folder, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin,
folder, PUP.Optional.eSafe.A, success, [8740ca0fcfab261089d701729e64a957], C:\ProgramData\eSafe\log,
folder, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml,
folder, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0,
file, PUP.Optional.PunctisPlugin.A, success, [03c40ecb2654122460a11b3de020c63a], C:\Program Files\Punctis Plugin\Punctis Plugin-bho.dll,
file, PUP.Optional.PunctisPlugin.A, success, [c20571686f0b6cca8d74d08806faa55b], C:\Users\{username}\Desktop\punctisplugin.exe,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\background.html,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Installer.log,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-bg.exe,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-buttonutil.dll,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-buttonutil.exe,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-codedownloader.exe,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-enabler.exe,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin-helper.exe,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Punctis Plugin.ico,
file, PUP.Optional.PunctisPlugin.A, success, [379005d4d1a911253cf71261b54d30d0], C:\Program Files\Punctis Plugin\Uninstall.exe,
file, PUP.Optional.eSafe.A, success, [8740ca0fcfab261089d701729e64a957], C:\ProgramData\eSafe\log\eGdpSvc.LOG,
file, PUP.Optional.NewTab.A, success, [ebdcc21718625ed8647960138e741fe1], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx,
file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html,
file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js,
file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json,
file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png,
file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js,
file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json,
file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js,
file, PUP.Optional.Lightning.A, success, [616676633c3e8aac4395d2a048baad53], C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js,

(end)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements

Back to Malware Removal Guides and Tutorials


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Malware Removal Guides and Tutorials

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.