What is Fast approach TT?
The Malwarebytes research team has determined that Fast approach TT is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Fast approach TT?
You may see this entry in your list of installed programs and features:
and these warnings during install:
You may see this entry in your list of installed programs:
and this task in your Task Scheduler:
This is the associated Chrome extension:
and the details about its permissions:
How did Fast approach TT get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Fast approach TT?
Our program Malwarebytes can detect and remove this potentially unwanted program.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
- If you are using Chrome, you may have to remove the Extension manually under Tools > Settings > Extensions. Remove the checkmark and click on the bin behind the Fast approach TT entry.
We hope our application and this guide have helped you eradicate this adware.
As you can see below the full version of Malwarebytes would have protected you against the Fast approach TT adware. It would have warned you before the adware could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Possible signs in FRST logs:
() C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe HKCU\...\Run: [adpighggolpekomhljmodbklekkbebac] => C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe [27648 2015-12-21] () C:\Windows\System32\Tasks\adpighggolpekomhljmodbklekkbebac C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac adpighggolpekomhljmodbklekkbebac (HKCU\...\adpighggolpekomhljmodbklekkbebac) (Version: - ) Task: {A2EF9CEE-6DD7-4A3F-BD2D-78C9199F86A9} - System32\Tasks\adpighggolpekomhljmodbklekkbebac => C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe [2015-12-21] ()The most significant alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac Adds the file adpighggolpekomhljmodbklekkbebac.crx"="4/6/2017 11:14 PM, 28192 bytes, A Adds the file brplugin.bin"="4/6/2017 11:14 PM, 432128 bytes, A Adds the file brplugin.py"="4/6/2017 11:14 PM, 17199 bytes, A Adds the file hash.txt"="4/6/2017 11:14 PM, 344 bytes, A Adds the file id.txt"="4/6/2017 11:14 PM, 32 bytes, A Adds the file launchall.py"="4/6/2017 11:14 PM, 17521 bytes, A Adds the file ml.py"="4/6/2017 11:14 PM, 27553 bytes, A Adds the file subid.txt"="5/4/2017 12:13 PM, 0 bytes, A Adds the file uninstall.exe"="5/4/2017 12:13 PM, 63493 bytes, A Adds the file uuid.txt"="5/4/2017 12:13 PM, 36 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python Adds the file msvcr100.dll"="2/19/2011 8:40 AM, 773968 bytes, A Adds the file python.exe"="12/21/2015 3:28 AM, 27136 bytes, A Adds the file python34.dll"="12/21/2015 3:28 AM, 2744320 bytes, A Adds the file pythonw.exe"="12/21/2015 3:28 AM, 27648 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs Adds the file _ctypes.pyd"="12/21/2015 3:28 AM, 85504 bytes, A Adds the file _socket.pyd"="12/21/2015 3:28 AM, 47104 bytes, A Adds the file _ssl.pyd"="12/21/2015 3:29 AM, 1331200 bytes, A Adds the file select.pyd"="12/21/2015 3:28 AM, 9728 bytes, A Adds the file unicodedata.pyd"="12/21/2015 3:28 AM, 758784 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections Adds the file __init__.py"="12/7/2015 12:25 AM, 44543 bytes, A Adds the file __main__.py"="8/1/2012 7:05 PM, 1313 bytes, A Adds the file abc.py"="10/21/2013 3:16 AM, 70 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\__pycache__ Adds the file __init__.cpython-34.pyc"="5/4/2017 12:13 PM, 45688 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes Adds the file __init__.py"="9/22/2014 5:03 AM, 17561 bytes, A Adds the file _endian.py"="3/26/2012 6:48 AM, 2013 bytes, A Adds the file util.py"="5/1/2014 10:21 PM, 9257 bytes, A Adds the file wintypes.py"="3/26/2012 6:48 AM, 5830 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\__pycache__ Adds the file __init__.cpython-34.pyc"="11/25/2016 8:15 PM, 17756 bytes, A Adds the file _endian.cpython-34.pyc"="11/25/2016 8:15 PM, 2077 bytes, A Adds the file util.cpython-34.pyc"="5/4/2017 12:13 PM, 7121 bytes, A Adds the file wintypes.cpython-34.pyc"="11/25/2016 8:15 PM, 5780 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib Adds the file __init__.py"="3/26/2012 6:48 AM, 163 bytes, A Adds the file dyld.py"="3/26/2012 6:48 AM, 5065 bytes, A Adds the file dylib.py"="3/26/2012 6:48 AM, 1891 bytes, A Adds the file fetch_macholib"="5/7/2011 10:03 PM, 86 bytes, A Adds the file fetch_macholib.bat"="12/7/2015 12:25 AM, 75 bytes, A Adds the file framework.py"="3/26/2012 6:48 AM, 2266 bytes, A Adds the file README.ctypes"="5/7/2011 10:03 PM, 302 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime Adds the file __init__.py"="5/7/2011 10:04 PM, 0 bytes, A Adds the file application.py"="5/7/2011 10:04 PM, 1292 bytes, A Adds the file audio.py"="3/26/2012 6:48 AM, 2747 bytes, A Adds the file base.py"="5/7/2011 10:04 PM, 820 bytes, A Adds the file image.py"="5/7/2011 10:04 PM, 1810 bytes, A Adds the file message.py"="5/7/2011 10:04 PM, 1320 bytes, A Adds the file multipart.py"="5/7/2011 10:04 PM, 1620 bytes, A Adds the file nonmultipart.py"="2/8/2015 6:39 PM, 713 bytes, A Adds the file text.py"="5/1/2014 10:21 PM, 1408 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings\__pycache__ Adds the file __init__.cpython-34.pyc"="11/25/2016 8:14 PM, 3912 bytes, A Adds the file aliases.cpython-34.pyc"="11/25/2016 8:14 PM, 7861 bytes, A Adds the file cp1251.cpython-34.pyc"="11/25/2016 8:14 PM, 2609 bytes, A Adds the file cp1252.cpython-34.pyc"="5/4/2017 12:13 PM, 2618 bytes, A Adds the file cp866.cpython-34.pyc"="11/25/2016 8:14 PM, 8038 bytes, A Adds the file idna.cpython-34.pyc"="5/4/2017 12:13 PM, 6579 bytes, A Adds the file latin_1.cpython-34.pyc"="11/25/2016 8:14 PM, 2060 bytes, A Adds the file mbcs.cpython-34.pyc"="11/25/2016 8:14 PM, 1829 bytes, A Adds the file utf_16.cpython-34.pyc"="5/4/2017 12:13 PM, 5292 bytes, A Adds the file utf_8.cpython-34.pyc"="11/25/2016 8:14 PM, 1748 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http Adds the file __init__.py"="3/26/2012 6:48 AM, 39 bytes, A Adds the file client.py"="12/7/2015 12:25 AM, 49238 bytes, A Adds the file cookiejar.py"="12/7/2015 12:25 AM, 78423 bytes, A Adds the file cookies.py"="12/7/2015 12:25 AM, 21667 bytes, A Adds the file server.py"="12/7/2015 12:25 AM, 47626 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http\__pycache__ Adds the file __init__.cpython-34.pyc"="5/4/2017 12:13 PM, 178 bytes, A Adds the file client.cpython-34.pyc"="5/4/2017 12:13 PM, 33281 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json Adds the file __init__.py"="12/7/2015 12:25 AM, 13576 bytes, A Adds the file decoder.py"="1/2/2014 7:44 PM, 13125 bytes, A Adds the file encoder.py"="9/9/2013 3:35 AM, 16221 bytes, A Adds the file scanner.py"="8/4/2013 6:54 AM, 2489 bytes, A Adds the file tool.py"="6/23/2014 6:50 AM, 993 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes Adds the file __init__.py"="9/21/2016 4:14 AM, 895 bytes, A Adds the file dnskeybase.py"="9/21/2016 4:14 AM, 4387 bytes, A Adds the file dsbase.py"="9/21/2016 4:14 AM, 3081 bytes, A Adds the file euibase.py"="9/21/2016 4:14 AM, 2746 bytes, A Adds the file mxbase.py"="9/21/2016 4:14 AM, 3660 bytes, A Adds the file nsbase.py"="9/21/2016 4:14 AM, 2851 bytes, A Adds the file txtbase.py"="9/21/2016 4:14 AM, 3040 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN Adds the file __init__.py"="9/21/2016 4:14 AM, 965 bytes, A Adds the file A.py"="9/21/2016 4:14 AM, 1854 bytes, A Adds the file AAAA.py"="9/21/2016 4:14 AM, 1939 bytes, A Adds the file APL.py"="9/21/2016 4:14 AM, 5250 bytes, A Adds the file DHCID.py"="9/21/2016 4:14 AM, 2020 bytes, A Adds the file IPSECKEY.py"="9/21/2016 4:14 AM, 5682 bytes, A Adds the file KX.py"="9/21/2016 4:14 AM, 881 bytes, A Adds the file NAPTR.py"="9/21/2016 4:14 AM, 4470 bytes, A Adds the file NSAP.py"="9/21/2016 4:14 AM, 2080 bytes, A Adds the file NSAP_PTR.py"="9/21/2016 4:14 AM, 893 bytes, A Adds the file PX.py"="9/21/2016 4:14 AM, 3394 bytes, A Adds the file SRV.py"="9/21/2016 4:14 AM, 3054 bytes, A Adds the file WKS.py"="9/21/2016 4:14 AM, 3812 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN\__pycache__ Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib Adds the file __init__.py"="3/26/2012 6:49 AM, 0 bytes, A Adds the file error.py"="3/19/2013 8:47 AM, 2743 bytes, A Adds the file parse.py"="2/8/2015 6:39 PM, 36221 bytes, A Adds the file request.py"="12/7/2015 12:25 AM, 95648 bytes, A Adds the file response.py"="12/7/2015 12:25 AM, 2379 bytes, A Adds the file robotparser.py"="6/23/2014 6:50 AM, 7176 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib\__pycache__ Adds the file __init__.cpython-34.pyc"="5/4/2017 12:13 PM, 180 bytes, A Adds the file error.cpython-34.pyc"="5/4/2017 12:13 PM, 2728 bytes, A Adds the file parse.cpython-34.pyc"="5/4/2017 12:13 PM, 30851 bytes, A Adds the file request.cpython-34.pyc"="5/4/2017 12:13 PM, 74129 bytes, A Adds the file response.cpython-34.pyc"="5/4/2017 12:13 PM, 3446 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file adpighggolpekomhljmodbklekkbebac"="5/4/2017 12:14 PM, 3662 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\adpighggolpekomhljmodbklekkbebac] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "adpighggolpekomhljmodbklekkbebac"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe" "C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\ml.py" --APPNAME="adpighggolpekomhljmodbklekkbebac"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\adpighggolpekomhljmodbklekkbebac] "DisplayName"="REG_SZ", "adpighggolpekomhljmodbklekkbebac" "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\uninstall.exe"Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/4/17 Scan Time: 12:31 PM Logfile: mbamPythonExtension.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1866 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 329746 Time Elapsed: 2 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe, Quarantined, [1358], [389396],1.0.1866 Module: 7 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\unicodedata.pyd, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ctypes.pyd, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_socket.pyd, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ssl.pyd, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\msvcr100.dll, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\python34.dll, Quarantined, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe, Quarantined, [1358], [389396],1.0.1866 Registry Key: 1 Adware.Agent.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\adpighggolpekomhljmodbklekkbebac, Delete-on-Reboot, [1358], [389396],1.0.1866 Registry Value: 1 Adware.Agent.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|adpighggolpekomhljmodbklekkbebac, Delete-on-Reboot, [1358], [389396],1.0.1866 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 38 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_locales\en, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_metadata, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_locales, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC, Delete-on-Reboot, [58], [389392],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\ANY, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes\IN, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns\rdtypes, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages\dns, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes\macholib, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\site-packages, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\__pycache__, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email\mime, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\encodings, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\ctypes, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\urllib, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\email, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\json, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\http, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\USERS\{username}\APPDATA\ROAMING\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC, Delete-on-Reboot, [1358], [389396],1.0.1866 File: 474 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_locales\en\messages.json, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_metadata\computed_hashes.json, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\_metadata\verified_contents.json, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\128x128.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\19x19.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\38x38.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\48x48.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\64x64.png, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\cs.js, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\manifest.json, Delete-on-Reboot, [58], [389392],1.0.1866 PUP.Optional.StartPage, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpighggolpekomhljmodbklekkbebac\13.6226.215_0\popup.html, Delete-on-Reboot, [58], [389392],1.0.1866 Adware.Agent.Generic, C:\USERS\{username}\APPDATA\ROAMING\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC.CRX, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\select.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\unicodedata.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ctypes.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_socket.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\DLLs\_ssl.pyd, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\__pycache__\__init__.cpython-34.pyc, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\collections\abc.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\_weakrefset.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\Lib\__future__.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\msvcr100.dll, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\python.exe, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\python34.dll, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\python\pythonw.exe, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\brplugin.bin, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\brplugin.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\hash.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\id.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\launchall.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\ml.py, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\subid.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\time.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\uninstall.exe, Delete-on-Reboot, [1358], [389396],1.0.1866 Adware.Agent.Generic, C:\Users\{username}\AppData\Roaming\adpighggolpekomhljmodbklekkbebac\uuid.txt, Delete-on-Reboot, [1358], [389396],1.0.1866 Trojan.Agent.Python, C:\USERS\{username}\DESKTOP\B45BAF964E244E67E38A32C8E50A2E09.EXE, Delete-on-Reboot, [9112], [389379],1.0.1866 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\ADPIGHGGOLPEKOMHLJMODBKLEKKBEBAC, Delete-on-Reboot, [58], [391191],1.0.1866 Physical Sector: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention