Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Easy News Now

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Easy News Now?

The Malwarebytes research team has determined that Easy News Now is a potentially unwanted program (PUP) that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by Easy News Now?

You may see these warnings during install:

warning1.png

warning2.png

this type of unsollicited adveretisements:

warning5.png

and this warning when you try to opt out:

warning6.png

How did Easy News Now get on my computer?

Adware applications use different methods for distributing themselves. This particular one was downloaded from the webstore:

webstore.png

Visitors from the EU will recive this notice when trying to visit their website:

GDPR.png

How do I remove Easy News Now?

Our program Malwarebytes can detect and remove this potentially unwanted program.
  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.
Is there anything else I need to do to get rid of Easy News Now?
  • No, Malwarebytes removes Easy News Now completely.
How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this PUP.

Technical details for experts

Possible signs in FRST logs:
CHR Extension: (Easy News Now) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg [2020-11-20]
Significant changes made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0
       Adds the file background.html"="7/14/2020 12:17 AM, 2022 bytes, A
       Adds the file block-list.txt"="7/14/2020 12:17 AM, 254 bytes, A
       Adds the file manifest.json"="11/20/2020 8:48 AM, 1707 bytes, A
       Adds the file widget.config.json"="7/14/2020 2:50 AM, 5762 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0\_metadata
       Adds the file computed_hashes.json"="11/20/2020 8:48 AM, 6747 bytes, A
       Adds the file verified_contents.json"="7/14/2020 12:17 AM, 6943 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0\control\background
       Adds the file ad-request-handler.js"="7/14/2020 12:17 AM, 3307 bytes, A
       Adds the file ad-response-handler.js"="7/14/2020 12:17 AM, 3119 bytes, A
       Adds the file background-event-manager.js"="7/14/2020 12:17 AM, 9174 bytes, A
       Adds the file background-initializer.js"="7/14/2020 12:17 AM, 2286 bytes, A
       Adds the file block-list-handler.js"="7/14/2020 12:17 AM, 548 bytes, A
       Adds the file branding-event-handler.js"="7/14/2020 12:17 AM, 798 bytes, A
       Adds the file display-ad-delivery-handler.js"="7/14/2020 12:17 AM, 4243 bytes, A
       Adds the file ext-install-handler.js"="7/14/2020 12:17 AM, 483 bytes, A
       Adds the file ext-update-handler.js"="7/14/2020 12:17 AM, 94 bytes, A
       Adds the file lightbox-ad-delivery-handler.js"="7/14/2020 12:17 AM, 2095 bytes, A
       Adds the file print-handler.js"="7/14/2020 12:17 AM, 110 bytes, A
       Adds the file push-ad-delivery-handler.js"="7/14/2020 12:17 AM, 3642 bytes, A
       Adds the file survey-event-handler.js"="7/14/2020 12:17 AM, 3779 bytes, A
       Adds the file timer-heart-beat-handler.js"="7/14/2020 12:17 AM, 275 bytes, A
       Adds the file widget-handler.js"="7/14/2020 12:17 AM, 6062 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0\control\content
       Adds the file content.js"="7/14/2020 2:35 AM, 110026 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0\helper
       Adds the file constants.js"="7/14/2020 12:17 AM, 3718 bytes, A
       Adds the file utility.js"="7/14/2020 12:17 AM, 6203 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0\helper\logger
       Adds the file logger.js"="7/14/2020 12:17 AM, 966 bytes, A
       Adds the file logger-chrome-message-channel.js"="7/14/2020 12:17 AM, 250 bytes, A
       Adds the file logger-console-channel.js"="7/14/2020 12:17 AM, 122 bytes, A
       Adds the file logger-network-channel.js"="7/14/2020 12:17 AM, 648 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0\icons
       Adds the file 128.png"="11/20/2020 8:48 AM, 2825 bytes, A
       Adds the file 16.png"="11/20/2020 8:48 AM, 544 bytes, A
       Adds the file 19.png"="11/20/2020 8:48 AM, 728 bytes, A
       Adds the file 32.png"="11/20/2020 8:48 AM, 1001 bytes, A
       Adds the file 38.png"="11/20/2020 8:48 AM, 1393 bytes, A
       Adds the file 48.png"="11/20/2020 8:48 AM, 1943 bytes, A
       Adds the file 64.png"="11/20/2020 8:48 AM, 1702 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0\lib
       Adds the file cntx.js"="7/14/2020 2:29 AM, 30791 bytes, A
       Adds the file fdbck.js"="7/14/2020 12:17 AM, 19932 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0\model
       Adds the file ad-info.js"="7/14/2020 12:17 AM, 1650 bytes, A
       Adds the file ad-request.js"="7/14/2020 12:17 AM, 3253 bytes, A
       Adds the file ad-response.js"="7/14/2020 12:17 AM, 1051 bytes, A
       Adds the file context.js"="7/14/2020 12:17 AM, 2049 bytes, A
       Adds the file ext-config.js"="7/14/2020 12:17 AM, 9118 bytes, A
       Adds the file thank-you-page.js"="7/14/2020 12:17 AM, 941 bytes, A
       Adds the file user.js"="7/14/2020 12:17 AM, 5495 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpdflonjcdijcdbebladncdadlkapbhg\2.3.1075.102_0\view\background
       Adds the file display-ad-renderer.js"="7/14/2020 12:17 AM, 4191 bytes, A
       Adds the file thank-you-page-renderer.js"="7/14/2020 12:17 AM, 715 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fpdflonjcdijcdbebladncdadlkapbhg
       Adds the file 000003.log"="11/20/2020 8:53 AM, 1928 bytes, A
       Adds the file CURRENT"="11/20/2020 8:48 AM, 16 bytes, A
       Adds the file LOCK"="11/20/2020 8:48 AM, 0 bytes, A
       Adds the file LOG"="11/20/2020 8:49 AM, 409 bytes, A
       Adds the file LOG.old"="11/20/2020 8:48 AM, 184 bytes, A
       Adds the file MANIFEST-000001"="11/20/2020 8:48 AM, 41 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings]
       "fpdflonjcdijcdbebladncdadlkapbhg"="REG_SZ", "B6CCD596759B425B4CD7887AE546469156B675AFDA1ABD73239232DBF3718DBB"
Malwarebytes log:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/20/20
Scan Time: 9:05 AM
Log File: 2ac997e6-2b07-11eb-a768-080027235d76.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1112
Update Package Version: 1.0.33140
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 232030
Threats Detected: 12
Threats Quarantined: 12
Time Elapsed: 1 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.EasyNewsNow, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fpdflonjcdijcdbebladncdadlkapbhg, Quarantined, 15686, 879393, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.EasyNewsNow, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\fpdflonjcdijcdbebladncdadlkapbhg, Quarantined, 15686, 879393, , , , , , 
PUP.Optional.EasyNewsNow, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FPDFLONJCDIJCDBEBLADNCDADLKAPBHG, Quarantined, 15686, 879393, 1.0.33140, , ame, , , 

File: 9
PUP.Optional.EasyNewsNow, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15686, 879393, , , , , 466AE67316CC2FF9DD1049301869116F, 4D442872775CB871713B8C53B22B8A8F4E1191F0C90E6B1A321C19B9FC1EF1DE
PUP.Optional.EasyNewsNow, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15686, 879393, , , , , E94A67E8723EEA0FC003DF90B7569A3E, 274942AD2AE5507BAA523B775EC251297E568F72B47EE9A1E010B1E3EA2A6EC4
PUP.Optional.EasyNewsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fpdflonjcdijcdbebladncdadlkapbhg\000003.log, Quarantined, 15686, 879393, , , , , 7D4986A9E81B682BE678F9C533346EE3, 58815C8ADC94A980FF97B91FE7DAF11CE32C1ECD5178CFAC89A8FC7ED23FAA76
PUP.Optional.EasyNewsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fpdflonjcdijcdbebladncdadlkapbhg\CURRENT, Quarantined, 15686, 879393, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.EasyNewsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fpdflonjcdijcdbebladncdadlkapbhg\LOCK, Quarantined, 15686, 879393, , , , , , 
PUP.Optional.EasyNewsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fpdflonjcdijcdbebladncdadlkapbhg\LOG, Quarantined, 15686, 879393, , , , , 81C72BFE742EAF505DD5CD058E512B9D, 3A0EA3033D6FD7C7C8AA6C6C2DE08461F622A513782579AC7E6D6660A5434B71
PUP.Optional.EasyNewsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fpdflonjcdijcdbebladncdadlkapbhg\LOG.old, Quarantined, 15686, 879393, , , , , EE815ACAE7BBF6AC5E1F981CA8211714, 2A4B9D018D74FB3230AFEA0E91D266BC583B7262657385EA0C36B4F6517992D0
PUP.Optional.EasyNewsNow, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fpdflonjcdijcdbebladncdadlkapbhg\MANIFEST-000001, Quarantined, 15686, 879393, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.EasyNewsNow, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FPDFLONJCDIJCDBEBLADNCDADLKAPBHG\2.3.1075.102_0\MANIFEST.JSON, Quarantined, 15686, 879393, 1.0.33140, , ame, , 4A8DCDF201391C49434563104EF8C023, 58C307A403A16B4D6A798C5DE9A296268589176BAF0740584E599B3A70A1C4EA

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.