What is Search By PrsstMusic?
The Malwarebytes research team has determined that Search By PrsstMusic is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
How do I know if my computer is affected by Search By PrsstMusic?
You may see this entry in your list of installed Chrome extensions:
and these warnings during install:
You will see this icon in your Chrome menu-bar:
and this changed setting:
How did Search By PrsstMusic get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:
How do I remove Search By PrsstMusic?
Our program Malwarebytes can detect and remove this potentially unwanted program.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes removes Search By PrsstMusic completely.
We hope our application and this guide have helped you eradicate this hijacker.
Technical details for experts
Possible signs in FRST logs:
CHR DefaultSearchURL: Default -> hxxps://www.blpsearch.com/search?sid=842&src=ds&p={searchTerms} CHR DefaultSearchKeyword: Default -> Default-Search CHR Extension: (PrsstMusic) - C:\Users\Metallica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce [2019-03-19]Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0 Adds the file Archive created by free jZipFree.url"="1/29/2018 5:23 PM, 58 bytes, A Adds the file manifest.json"="3/19/2019 9:29 AM, 1938 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\_metadata Adds the file computed_hashes.json"="3/19/2019 9:29 AM, 628 bytes, A Adds the file verified_contents.json"="7/26/2018 1:02 PM, 2047 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\icons Adds the file PrsstMusic-128.png"="3/19/2019 9:29 AM, 4621 bytes, A Adds the file PrsstMusic-16.png"="3/19/2019 9:29 AM, 407 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\js Adds the file background.js"="7/26/2018 12:58 PM, 13891 bytes, A Adds the file brand.js"="7/26/2018 1:00 PM, 640 bytes, A Adds the file contentScript.js"="7/26/2018 12:58 PM, 938 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lahegkdkjbonnklbghcfkihdflfljfce"="REG_SZ", "8CDC0E79021410EEDD4340FDE483B8B5538B1A7F02BBFF8C82C2361624406404"Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/19/19 Scan Time: 9:39 AM Log File: 71c55512-4a22-11e9-a8f1-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9742 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 235346 Threats Detected: 18 Threats Quarantined: 18 Time Elapsed: 3 min, 27 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.BlpSearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lahegkdkjbonnklbghcfkihdflfljfce, Quarantined, [14608], [443081],1.0.9742 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 5 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\_metadata, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\icons, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\js, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LAHEGKDKJBONNKLBGHCFKIHDFLFLJFCE\1.0.842.368_0, Quarantined, [14608], [443081],1.0.9742 File: 12 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LAHEGKDKJBONNKLBGHCFKIHDFLFLJFCE\1.0.842.368_0\JS\BRAND.JS, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\icons\PrsstMusic-128.png, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\icons\PrsstMusic-16.png, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\js\background.js, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\js\contentScript.js, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\_metadata\computed_hashes.json, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\_metadata\verified_contents.json, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\Archive created by free jZipFree.url, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahegkdkjbonnklbghcfkihdflfljfce\1.0.842.368_0\manifest.json, Quarantined, [14608], [443081],1.0.9742 PUP.Optional.BlpSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [403], [496134],1.0.9742 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)The full version of Malwarebytes can actively protect your computer against threats.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention