What is AnySend?
The Malwarebytes research team has determined that AnySend is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by AnySend?
You may see these entries in your list of installed programs:
and these warnings during install:
and this balloon icon on your desktop (the menu opens when you click the balloon) :
and this rightclick context menu item:
How did AnySend get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove AnySend?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes AnySend completely.
We hope our application and this guide have helped you eradicate this adware application.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the AnySend adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O4 - HKLM\..\Run: [AnySend User Interface] C:\Program Files (x86)\AnySend\AnySendUI.exe O23 - Service: AnySend (AnySendService) - Unknown owner - C:\Program Files (x86)\AnySend\AnySendSVC.exeYou may see these signs in FRST logs:
() C:\Program Files (x86)\AnySend\AnySendSvc.exe () C:\Program Files (x86)\AnySend\AnySendUI.exe HKLM-x32\...\Run: [AnySend User Interface] => C:\Program Files (x86)\AnySend\AnySendUI.exe [7081984 2015-04-20] () BHO: AnySend -> {61628E2A-4FF9-4454-992D-D92A8CD27399} -> C:\Program Files\AnySend\AnySendShellExtension.dll [2012-08-21] (ClickMeIn Limited) R2 AnySendService; C:\Program Files (x86)\AnySend\AnySendSVC.exe [3710464 2015-04-20] () [File not signed] C:\ProgramData\AnySend C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend C:\Users\{username}\AppData\Roaming\AnySend C:\Program Files\AnySend (AnySend.com) C:\Users\{username}\AppData\Local\nsh873A.tmp C:\Program Files (x86)\AnySend (AnySend.com) C:\Users\{username}\AppData\Local\nsu38E5.tmp C:\Users\{username}\AppData\Local\Temp\AnySendSetup_full.exe AnySend (HKLM-x32\...\ASPackage) (Version: - CMI Limited) <==== ATTENTION AnySend 1.0.18.0 (x64) (HKLM\...\{7203C44E-08F7-471D-8C9B-349A0D17506F}) (Version: 1.0.18.0 - ClickMeIn Limited) <==== ATTENTION AnySend, Any file, Any size, Anywhere! (HKLM-x32\...\AnySend) (Version: 1.0.0.56 - AnySend Limited) <==== ATTENTIONAlterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\AnySend Adds the file AnySendShellExtension.dll"="21/08/2012 11:06, 401920 bytes, A Adds the C:\Program Files (x86)\AnySend Adds the file AnySend.guid"="11/08/2015 12:24, 92 bytes, A Adds the file AnySendIcon.ico"="28/03/2012 11:58, 99678 bytes, A Adds the file AnySendShellExtension_x64.msi"="21/08/2012 10:08, 482007 bytes, A Adds the file AnySendShellExtension_x86.msi"="21/08/2012 10:08, 469713 bytes, A Adds the file AnySendSvc.exe"="20/04/2015 11:47, 3710464 bytes, A Adds the file AnySendUI.exe"="20/04/2015 11:48, 7081984 bytes, A Adds the file AnySendUpdater.exe"="20/04/2015 11:48, 177629 bytes, A Adds the file CurrentVersion"="20/04/2015 11:48, 8 bytes, A Adds the file icudt.dll"="10/03/2013 05:16, 3846656 bytes, A Adds the file libcef.dll"="10/03/2013 05:16, 5984256 bytes, A Adds the file Uninstall.exe"="11/08/2015 12:24, 305107 bytes, A Adds the file upnp.dll"="12/07/2012 17:14, 90513 bytes, A Adds the folder C:\ProgramData\AnySend Adds the file ann.dat"="11/08/2015 12:24, 92 bytes, A Adds the file AnySend.DB"="11/08/2015 12:25, 256 bytes, A Adds the file EmailChecks.dat"="11/08/2015 12:24, 0 bytes, A Adds the file Vids.dat"="11/08/2015 12:24, 112 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\AnySend Adds the file exceptions.log"="11/08/2015 12:24, 0 bytes, A Adds the file VidPlays.dat"="11/08/2015 12:24, 9 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\SendTo Adds the file AnySend.lnk"="11/08/2015 12:24, 1143 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend Adds the file AnySend Show Tutorial.lnk"="11/08/2015 12:24, 1945 bytes, A Adds the file AnySend.lnk"="11/08/2015 12:24, 1917 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\AnySend\ShellExtension] "ButtonText"="REG_SZ", "AnySend" "EnableButton"="REG_SZ", "1" "EnableMenu"="REG_SZ", "1" "IconFile"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendIcon.ico" "MenuHelpText"="REG_SZ", "Send AnyFile, AnySize, AnyWhere Now with AnySend" "MenuText"="REG_SZ", "Send or Share with AnySend (Recommended)" "Run"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendUI.exe" "RunParameters"="REG_SZ", "/SEND %FILELIST%" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AnySend] "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect] "(Default)"="REG_SZ", "AnySend" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect\CLSID] "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect\CurVer] "(Default)"="REG_SZ", "AnySend.Connect.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect.1] "(Default)"="REG_SZ", "AnySend" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect.1\CLSID] "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}] "(Default)"="REG_SZ", "AnySend" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\InprocServer32] "(Default)"="REG_SZ", "C:\Program Files\AnySend\AnySendShellExtension.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\ProgID] "(Default)"="REG_SZ", "AnySend.Connect.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\TypeLib] "(Default)"="REG_SZ", "{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\VersionIndependentProgID] "(Default)"="REG_SZ", "AnySend.Connect" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\AnySend] "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0] "(Default)"="REG_SZ", "AnySend 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0\0\win64] "(Default)"="REG_SZ", "C:\Program Files\AnySend\AnySendShellExtension.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61628E2A-4FF9-4454-992D-D92A8CD27399}] "(Default)"="REG_SZ", "AnySend" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}] "(Default)"="REG_SZ", "AnySend" "Icon"="REG_EXPAND_SZ, "C:\Program Files (x86)\AnySend\AnySendIcon.ico" "Title"="REG_SZ", "AnySend" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}\shell\InvokeTask\command] "(Default)"="REG_EXPAND_SZ, "rundll32.exe "C:\Program Files\AnySend\AnySendShellExtension.dll",ExecuteCommand "%*"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksNoItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}] "(Default)"="REG_SZ", "AnySend" "Icon"="REG_EXPAND_SZ, "C:\Program Files (x86)\AnySend\AnySendIcon.ico" "Title"="REG_SZ", "AnySend" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksNoItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}\shell\InvokeTask\command] "(Default)"="REG_EXPAND_SZ, "rundll32.exe "C:\Program Files\AnySend\AnySendShellExtension.dll",ExecuteCommand "%*"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\AnySend\"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61628E2A-4FF9-4454-992D-D92A8CD27399}] "(Default)"="REG_SZ", "AnySend" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7203C44E-08F7-471D-8C9B-349A0D17506F}] "AuthorizedCDFPrefix"="REG_SZ", "" "Comments"="REG_SZ", "" "Contact"="REG_SZ", "" "DisplayName"="REG_SZ", "AnySend 1.0.18.0 (x64)" "DisplayVersion"="REG_SZ", "1.0.18.0" "EstimatedSize"="REG_DWORD", 373 "HelpLink"="REG_SZ", "" "HelpTelephone"="REG_SZ", "" "InstallDate"="REG_SZ", "20150811" "InstallLocation"="REG_SZ", "" "InstallSource"="REG_SZ", "C:\Program Files (x86)\AnySend\" "Language"="REG_DWORD", 1033 "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{7203C44E-08F7-471D-8C9B-349A0D17506F}" "Publisher"="REG_SZ", "ClickMeIn Limited" "Readme"="REG_SZ", "" "Size"="REG_SZ", "" "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{7203C44E-08F7-471D-8C9B-349A0D17506F}" "URLInfoAbout"="REG_SZ", "" "URLUpdateInfo"="REG_SZ", "" "Version"="REG_DWORD", 16777234 "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 0 "WindowsInstaller"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\SampleShellExtnesion] "FreeFolderTypeDocumentsTasksItemsSelected"="REG_SZ", "0" "FreeFolderTypeDocumentsTasksNoItemsSelected"="REG_SZ", "0" "FreeFolderTypeGenericTasksItemsSelected"="REG_SZ", "0" "FreeFolderTypeGenericTasksNoItemsSelected"="REG_SZ", "0" "FreeFolderTypeMusicTasksItemsSelected"="REG_SZ", "0" "FreeFolderTypeMusicTasksNoItemsSelected"="REG_SZ", "0" "FreeFolderTypePicturesTasksItemsSelected"="REG_SZ", "0" "FreeFolderTypePicturesTasksNoItemsSelected"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AnySend\ShellExtension] "ButtonText"="REG_SZ", "AnySend" "IconFile"="REG_SZ", "C:\Program Files (x86)\AnySend\anysendicon.ico" "MenuHelpText"="REG_SZ", "AnySend" "MenuText"="REG_SZ", "AnySend" "Run"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendUI.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AnySend User Interface"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendUI.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnySend] "DisplayIcon"="REG_SZ", ""C:\Program Files (x86)\AnySend\uninstall.exe"" "DisplayName"="REG_SZ", "AnySend, Any file, Any size, Anywhere!" "DisplayVersion"="REG_SZ", "1.0.0.56" "Publisher"="REG_SZ", "AnySend Limited" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\AnySend\uninstall.exe"" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AnySendService] "DisplayName"="REG_SZ", "AnySend" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\AnySend\AnySendSVC.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/08/2015 Scan Time: 12:55 Logfile: mbamAnySend.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.11.05 Rootkit Database: v2015.08.06.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 330063 Time Elapsed: 4 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendUI.exe, 3572, Delete-on-Reboot, [662b7b8caae125112e1e26f64eb5bd43] PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendSvc.exe, 3504, Delete-on-Reboot, [a9e82cdb8cff62d4460737e5ea1906fa] Modules: 3 PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\icudt.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\libcef.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\upnp.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], Registry Keys: 23 PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\INPROCSERVER32, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AF31E0EB-48CF-4A3B-893F-E999A0E29944}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\AnySend.Connect.1, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\AnySend.Connect, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AnySend.Connect, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\AnySend.Connect, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{61628E2A-4FF9-4454-992D-D92A8CD27399}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AnySend.Connect.1, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\AnySend.Connect.1, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.AnySend.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{61628E2A-4FF9-4454-992D-D92A8CD27399}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.ASPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], PUP.Optional.AnySend.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AnySendService, Quarantined, [a9e82cdb8cff62d4460737e5ea1906fa], PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AnySend, Quarantined, [99f88582bfccbd7927b554ba18eb738d], Registry Values: 1 PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AnySend User Interface, C:\Program Files (x86)\AnySend\AnySendUI.exe, Quarantined, [662b7b8caae125112e1e26f64eb5bd43] Registry Data: 0 (No malicious items detected) Folders: 7 PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\ASPackage, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, Quarantined, [ccc5e81f74177fb7e2ee6ac28a79f10f], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend, Quarantined, [553cde296625f83e94470806ab58659b], PUP.Optional.AnySend.A, C:\Program Files\AnySend, Delete-on-Reboot, [f69b7e89b9d22016d90348c67093b24e], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\ProgramData\AnySend, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\AnySend, Delete-on-Reboot, [bad758af305bf046e7f6a36ba85b04fc], Files: 29 PUP.Optional.AnySend.A, C:\Program Files\AnySend\AnySendShellExtension.dll, Delete-on-Reboot, [2d649b6c56356ec8b784058bfa08738d], PUP.Optional.GetNow.A, C:\Users\{username}\AppData\Local\Temp\nszD421.tmp\SevenZip-apset.exe, Quarantined, [8809b255bbd0122450bbc0daec16f50b], PUP.Optional.Installcore, C:\Users\{username}\AppData\Local\Temp\Setup__2140_il256.exe, Quarantined, [eba65bacb8d3cd69623f8ef527de21df], PUP.Optional.Installcore, C:\Users\{username}\AppData\Local\Temp\is1921360829\1FDF0D2B_stp\icc.dll, Quarantined, [94fd16f1325945f1e531f0527590d729], PUP.Optional.OutBrowse, C:\Users\{username}\AppData\Local\Temp\nszD421.tmp\setup-1228.exe, Quarantined, [f79a7a8d008b75c1415f943340c15aa6], PUP.Optional.Installcore, C:\Users\{username}\AppData\Local\Temp\nszD421.tmp\Setup__2140_il256.exe, Quarantined, [6829bd4a4744f73f7f22a9daad58956b], PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\ASPackage\Uninstall.exe, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\ASPackage\ASPackage.exe, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, Quarantined, [ccc5e81f74177fb7e2ee6ac28a79f10f], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendUI.exe, Delete-on-Reboot, [662b7b8caae125112e1e26f64eb5bd43], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendSvc.exe, Delete-on-Reboot, [a9e82cdb8cff62d4460737e5ea1906fa], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend Show Tutorial.lnk, Quarantined, [553cde296625f83e94470806ab58659b], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend.lnk, Quarantined, [553cde296625f83e94470806ab58659b], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySend.guid, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendIcon.ico, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendShellExtension_x64.msi, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendShellExtension_x86.msi, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendUpdater.exe, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\CurrentVersion, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\icudt.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\libcef.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\Uninstall.exe, Quarantined, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\upnp.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], PUP.Optional.AnySend.A, C:\ProgramData\AnySend\ann.dat, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\ProgramData\AnySend\AnySend.DB, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\ProgramData\AnySend\EmailChecks.dat, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\ProgramData\AnySend\Vids.dat, Quarantined, [563b00077b105fd7449927e7ee15b050], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\AnySend\exceptions.log, Delete-on-Reboot, [bad758af305bf046e7f6a36ba85b04fc], PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\AnySend\VidPlays.dat, Quarantined, [bad758af305bf046e7f6a36ba85b04fc], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention