Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for AnySend

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is AnySend?

The Malwarebytes research team has determined that AnySend is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by AnySend?

You may see these entries in your list of installed programs:

warning4.png

and these warnings during install:

main.png

warning1.png

and this balloon icon on your desktop (the menu opens when you click the balloon) :

icons.png

and this rightclick context menu item:

warning2.png

How did AnySend get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove AnySend?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of AnySend?
  • No, Malwarebytes' Anti-Malware removes AnySend completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the AnySend adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


protection1.png


Technical details for experts

You will see these signs in a HijackThis log:
O4 - HKLM\..\Run: [AnySend User Interface] C:\Program Files (x86)\AnySend\AnySendUI.exe
O23 - Service: AnySend (AnySendService) - Unknown owner - C:\Program Files (x86)\AnySend\AnySendSVC.exe
You may see these signs in FRST logs:
 () C:\Program Files (x86)\AnySend\AnySendSvc.exe
 () C:\Program Files (x86)\AnySend\AnySendUI.exe
 HKLM-x32\...\Run: [AnySend User Interface] => C:\Program Files (x86)\AnySend\AnySendUI.exe [7081984 2015-04-20] ()
 BHO: AnySend -> {61628E2A-4FF9-4454-992D-D92A8CD27399} -> C:\Program Files\AnySend\AnySendShellExtension.dll [2012-08-21] (ClickMeIn Limited)
 R2 AnySendService; C:\Program Files (x86)\AnySend\AnySendSVC.exe [3710464 2015-04-20] () [File not signed]
 C:\ProgramData\AnySend
 C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend
 C:\Users\{username}\AppData\Roaming\AnySend
 C:\Program Files\AnySend
 (AnySend.com) C:\Users\{username}\AppData\Local\nsh873A.tmp
 C:\Program Files (x86)\AnySend
 (AnySend.com) C:\Users\{username}\AppData\Local\nsu38E5.tmp
 C:\Users\{username}\AppData\Local\Temp\AnySendSetup_full.exe

AnySend (HKLM-x32\...\ASPackage) (Version:  - CMI Limited) <==== ATTENTION
AnySend 1.0.18.0 (x64) (HKLM\...\{7203C44E-08F7-471D-8C9B-349A0D17506F}) (Version: 1.0.18.0 - ClickMeIn Limited) <==== ATTENTION
AnySend, Any file, Any size, Anywhere! (HKLM-x32\...\AnySend) (Version: 1.0.0.56 - AnySend Limited) <==== ATTENTION
Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files\AnySend
       Adds the file AnySendShellExtension.dll"="21/08/2012 11:06, 401920 bytes, A
    Adds the  C:\Program Files (x86)\AnySend
       Adds the file AnySend.guid"="11/08/2015 12:24, 92 bytes, A
       Adds the file AnySendIcon.ico"="28/03/2012 11:58, 99678 bytes, A
       Adds the file AnySendShellExtension_x64.msi"="21/08/2012 10:08, 482007 bytes, A
       Adds the file AnySendShellExtension_x86.msi"="21/08/2012 10:08, 469713 bytes, A
       Adds the file AnySendSvc.exe"="20/04/2015 11:47, 3710464 bytes, A
       Adds the file AnySendUI.exe"="20/04/2015 11:48, 7081984 bytes, A
       Adds the file AnySendUpdater.exe"="20/04/2015 11:48, 177629 bytes, A
       Adds the file CurrentVersion"="20/04/2015 11:48, 8 bytes, A
       Adds the file icudt.dll"="10/03/2013 05:16, 3846656 bytes, A
       Adds the file libcef.dll"="10/03/2013 05:16, 5984256 bytes, A
       Adds the file Uninstall.exe"="11/08/2015 12:24, 305107 bytes, A
       Adds the file upnp.dll"="12/07/2012 17:14, 90513 bytes, A
    Adds the folder C:\ProgramData\AnySend
       Adds the file ann.dat"="11/08/2015 12:24, 92 bytes, A
       Adds the file AnySend.DB"="11/08/2015 12:25, 256 bytes, A
       Adds the file EmailChecks.dat"="11/08/2015 12:24, 0 bytes, A
       Adds the file Vids.dat"="11/08/2015 12:24, 112 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\AnySend
       Adds the file exceptions.log"="11/08/2015 12:24, 0 bytes, A
       Adds the file VidPlays.dat"="11/08/2015 12:24, 9 bytes, A
    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\SendTo
       Adds the file AnySend.lnk"="11/08/2015 12:24, 1143 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend
       Adds the file AnySend Show Tutorial.lnk"="11/08/2015 12:24, 1945 bytes, A
       Adds the file AnySend.lnk"="11/08/2015 12:24, 1917 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\AnySend\ShellExtension]
       "ButtonText"="REG_SZ", "AnySend"
       "EnableButton"="REG_SZ", "1"
       "EnableMenu"="REG_SZ", "1"
       "IconFile"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendIcon.ico"
       "MenuHelpText"="REG_SZ", "Send AnyFile, AnySize, AnyWhere Now with AnySend"
       "MenuText"="REG_SZ", "Send or Share with AnySend (Recommended)"
       "Run"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendUI.exe"
       "RunParameters"="REG_SZ", "/SEND %FILELIST%"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AnySend]
       "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect]
       "(Default)"="REG_SZ", "AnySend"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect\CLSID]
       "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect\CurVer]
       "(Default)"="REG_SZ", "AnySend.Connect.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect.1]
       "(Default)"="REG_SZ", "AnySend"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnySend.Connect.1\CLSID]
       "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}]
       "(Default)"="REG_SZ", "AnySend"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Program Files\AnySend\AnySendShellExtension.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\ProgID]
       "(Default)"="REG_SZ", "AnySend.Connect.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\TypeLib]
       "(Default)"="REG_SZ", "{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\VersionIndependentProgID]
       "(Default)"="REG_SZ", "AnySend.Connect"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\AnySend]
       "(Default)"="REG_SZ", "{61628E2A-4FF9-4454-992D-D92A8CD27399}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0]
       "(Default)"="REG_SZ", "AnySend 1.0 Type Library"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0\0\win64]
       "(Default)"="REG_SZ", "C:\Program Files\AnySend\AnySendShellExtension.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0\FLAGS]
       "(Default)"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}\1.0\HELPDIR]
       "(Default)"="REG_SZ", "C:\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61628E2A-4FF9-4454-992D-D92A8CD27399}]
       "(Default)"="REG_SZ", "AnySend"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}]
       "(Default)"="REG_SZ", "AnySend"
       "Icon"="REG_EXPAND_SZ, "C:\Program Files (x86)\AnySend\AnySendIcon.ico"
       "Title"="REG_SZ", "AnySend"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}\shell\InvokeTask\command]
       "(Default)"="REG_EXPAND_SZ, "rundll32.exe "C:\Program Files\AnySend\AnySendShellExtension.dll",ExecuteCommand "%*""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksNoItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}]
       "(Default)"="REG_SZ", "AnySend"
       "Icon"="REG_EXPAND_SZ, "C:\Program Files (x86)\AnySend\AnySendIcon.ico"
       "Title"="REG_SZ", "AnySend"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksNoItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}\shell\InvokeTask\command]
       "(Default)"="REG_EXPAND_SZ, "rundll32.exe "C:\Program Files\AnySend\AnySendShellExtension.dll",ExecuteCommand "%*""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
       "C:\Program Files\AnySend\"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61628E2A-4FF9-4454-992D-D92A8CD27399}]
       "(Default)"="REG_SZ", "AnySend"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7203C44E-08F7-471D-8C9B-349A0D17506F}]
       "AuthorizedCDFPrefix"="REG_SZ", ""
       "Comments"="REG_SZ", ""
       "Contact"="REG_SZ", ""
       "DisplayName"="REG_SZ", "AnySend 1.0.18.0 (x64)"
       "DisplayVersion"="REG_SZ", "1.0.18.0"
       "EstimatedSize"="REG_DWORD", 373
       "HelpLink"="REG_SZ", ""
       "HelpTelephone"="REG_SZ", ""
       "InstallDate"="REG_SZ", "20150811"
       "InstallLocation"="REG_SZ", ""
       "InstallSource"="REG_SZ", "C:\Program Files (x86)\AnySend\"
       "Language"="REG_DWORD", 1033
       "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /I{7203C44E-08F7-471D-8C9B-349A0D17506F}"
       "Publisher"="REG_SZ", "ClickMeIn Limited"
       "Readme"="REG_SZ", ""
       "Size"="REG_SZ", ""
       "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /I{7203C44E-08F7-471D-8C9B-349A0D17506F}"
       "URLInfoAbout"="REG_SZ", ""
       "URLUpdateInfo"="REG_SZ", ""
       "Version"="REG_DWORD", 16777234
       "VersionMajor"="REG_DWORD", 1
       "VersionMinor"="REG_DWORD", 0
       "WindowsInstaller"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\SampleShellExtnesion]
       "FreeFolderTypeDocumentsTasksItemsSelected"="REG_SZ", "0"
       "FreeFolderTypeDocumentsTasksNoItemsSelected"="REG_SZ", "0"
       "FreeFolderTypeGenericTasksItemsSelected"="REG_SZ", "0"
       "FreeFolderTypeGenericTasksNoItemsSelected"="REG_SZ", "0"
       "FreeFolderTypeMusicTasksItemsSelected"="REG_SZ", "0"
       "FreeFolderTypeMusicTasksNoItemsSelected"="REG_SZ", "0"
       "FreeFolderTypePicturesTasksItemsSelected"="REG_SZ", "0"
       "FreeFolderTypePicturesTasksNoItemsSelected"="REG_SZ", "0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AnySend\ShellExtension]
       "ButtonText"="REG_SZ", "AnySend"
       "IconFile"="REG_SZ", "C:\Program Files (x86)\AnySend\anysendicon.ico"
       "MenuHelpText"="REG_SZ", "AnySend"
       "MenuText"="REG_SZ", "AnySend"
       "Run"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendUI.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
       "AnySend User Interface"="REG_SZ", "C:\Program Files (x86)\AnySend\AnySendUI.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnySend]
       "DisplayIcon"="REG_SZ", ""C:\Program Files (x86)\AnySend\uninstall.exe""
       "DisplayName"="REG_SZ", "AnySend, Any file, Any size, Anywhere!"
       "DisplayVersion"="REG_SZ", "1.0.0.56"
       "Publisher"="REG_SZ", "AnySend Limited"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\AnySend\uninstall.exe""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AnySendService]
       "DisplayName"="REG_SZ", "AnySend"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\AnySend\AnySendSVC.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/08/2015
Scan Time: 12:55
Logfile: mbamAnySend.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.11.05
Rootkit Database: v2015.08.06.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330063
Time Elapsed: 4 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendUI.exe, 3572, Delete-on-Reboot, [662b7b8caae125112e1e26f64eb5bd43]
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendSvc.exe, 3504, Delete-on-Reboot, [a9e82cdb8cff62d4460737e5ea1906fa]

Modules: 3
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\icudt.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\libcef.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\upnp.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], 

Registry Keys: 23
PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}\INPROCSERVER32, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AF31E0EB-48CF-4A3B-893F-E999A0E29944}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\AnySend.Connect.1, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\AnySend.Connect, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AnySend.Connect, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\AnySend.Connect, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{61628E2A-4FF9-4454-992D-D92A8CD27399}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AnySend.Connect.1, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\AnySend.Connect.1, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.AnySend.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{61628E2A-4FF9-4454-992D-D92A8CD27399}, Quarantined, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8809b255bbd0122450bbc0daec16f50b], 
PUP.Optional.ASPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], 
PUP.Optional.AnySend.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AnySendService, Quarantined, [a9e82cdb8cff62d4460737e5ea1906fa], 
PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AnySend, Quarantined, [99f88582bfccbd7927b554ba18eb738d], 

Registry Values: 1
PUP.Optional.AnySend.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AnySend User Interface, C:\Program Files (x86)\AnySend\AnySendUI.exe, Quarantined, [662b7b8caae125112e1e26f64eb5bd43]

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\ASPackage, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], 
PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, Quarantined, [ccc5e81f74177fb7e2ee6ac28a79f10f], 
PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend, Quarantined, [553cde296625f83e94470806ab58659b], 
PUP.Optional.AnySend.A, C:\Program Files\AnySend, Delete-on-Reboot, [f69b7e89b9d22016d90348c67093b24e], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\ProgramData\AnySend, Quarantined, [563b00077b105fd7449927e7ee15b050], 
PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\AnySend, Delete-on-Reboot, [bad758af305bf046e7f6a36ba85b04fc], 

Files: 29
PUP.Optional.AnySend.A, C:\Program Files\AnySend\AnySendShellExtension.dll, Delete-on-Reboot, [2d649b6c56356ec8b784058bfa08738d], 
PUP.Optional.GetNow.A, C:\Users\{username}\AppData\Local\Temp\nszD421.tmp\SevenZip-apset.exe, Quarantined, [8809b255bbd0122450bbc0daec16f50b], 
PUP.Optional.Installcore, C:\Users\{username}\AppData\Local\Temp\Setup__2140_il256.exe, Quarantined, [eba65bacb8d3cd69623f8ef527de21df], 
PUP.Optional.Installcore, C:\Users\{username}\AppData\Local\Temp\is1921360829\1FDF0D2B_stp\icc.dll, Quarantined, [94fd16f1325945f1e531f0527590d729], 
PUP.Optional.OutBrowse, C:\Users\{username}\AppData\Local\Temp\nszD421.tmp\setup-1228.exe, Quarantined, [f79a7a8d008b75c1415f943340c15aa6], 
PUP.Optional.Installcore, C:\Users\{username}\AppData\Local\Temp\nszD421.tmp\Setup__2140_il256.exe, Quarantined, [6829bd4a4744f73f7f22a9daad58956b], 
PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\ASPackage\Uninstall.exe, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], 
PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\ASPackage\ASPackage.exe, Quarantined, [771a3acdd3b8c07603ccb07c80832ad6], 
PUP.Optional.ASPackage.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, Quarantined, [ccc5e81f74177fb7e2ee6ac28a79f10f], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendUI.exe, Delete-on-Reboot, [662b7b8caae125112e1e26f64eb5bd43], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendSvc.exe, Delete-on-Reboot, [a9e82cdb8cff62d4460737e5ea1906fa], 
PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend Show Tutorial.lnk, Quarantined, [553cde296625f83e94470806ab58659b], 
PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend.lnk, Quarantined, [553cde296625f83e94470806ab58659b], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySend.guid, Quarantined, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendIcon.ico, Quarantined, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendShellExtension_x64.msi, Quarantined, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendShellExtension_x86.msi, Quarantined, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\AnySendUpdater.exe, Quarantined, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\CurrentVersion, Quarantined, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\icudt.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\libcef.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\Uninstall.exe, Quarantined, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\Program Files (x86)\AnySend\upnp.dll, Delete-on-Reboot, [99f88582bfccbd7927b554ba18eb738d], 
PUP.Optional.AnySend.A, C:\ProgramData\AnySend\ann.dat, Quarantined, [563b00077b105fd7449927e7ee15b050], 
PUP.Optional.AnySend.A, C:\ProgramData\AnySend\AnySend.DB, Quarantined, [563b00077b105fd7449927e7ee15b050], 
PUP.Optional.AnySend.A, C:\ProgramData\AnySend\EmailChecks.dat, Quarantined, [563b00077b105fd7449927e7ee15b050], 
PUP.Optional.AnySend.A, C:\ProgramData\AnySend\Vids.dat, Quarantined, [563b00077b105fd7449927e7ee15b050], 
PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\AnySend\exceptions.log, Delete-on-Reboot, [bad758af305bf046e7f6a36ba85b04fc], 
PUP.Optional.AnySend.A, C:\Users\{username}\AppData\Roaming\AnySend\VidPlays.dat, Quarantined, [bad758af305bf046e7f6a36ba85b04fc], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.