Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

my computer has been inested with KVAG virus

Solved 
3K views 24 replies 2 participants last post by  rimzan 
#1 ·
Hi,

My computer has been infested with kvga virus and all my important files are altered i fixed with combo fix and system restore but my files are remain altered please help me to restore

Thanks in advance

Rimzan
 
#2 ·
Hello

I am Marie Curie and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.

--------------------------------------------------------------

Please run the following diagnostic scans so I can ascertain the state of your computer.

STEP 1

Farbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Double-Click FRST.exe or FRST64.exe to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach both logs in your next reply.

======================================================
STEP 2
Logs
In your next reply please include the following logs.
  • FRST.txt
  • Addition.txt
 
#9 ·
1 yes i think i had a message somewhere but i did a system restore after that i was able to work on my computer as usual but my files like jppeg,mpeg,txt files that was in the computer was not able to open anymore (i have attached a screen shot of the files

2 yes i wan to clean my system
 

Attachments

#11 ·
here's the results,,

This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.

Identified by

  • sample_extension: .kvag
  • sample_bytes: [0x194 - 0x1AE] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
 
#12 ·
Yes, this is indeed STOP Ransomware.

STEP 1
Potentially Unwanted Software
I found a few potentially unwanted programs on your system. These programs are not malicious, but they might be on your computer without your consent. Some of them are known to deliver ads, bundle additional software, slow down your system, or have questionable privacy policies. Please tell me for each of the following programs if you want to keep them:
  • AVG Web TuneUp
  • GS.Supporter
  • VideoDownloadConverter Toolbar
  • Wondershare Helper Compact
  • WPM17.8.0.3297
  • YTD Video Downloader

STEP 2
Farbar Recovery Scan Tool (FRST) Search
This step will search for a ransom note on your system to check if the files are decryptable (in most cases they are not).
  • Double-Click FRST64.exe to run the programme.
  • Type the following text into the Search: textbox:
    Code:
     _readme.txt
  • Click on the Search File(s) button.
  • Upon completion, a log (Search.txt) will open.
  • Attach the file to your next reply.
 
#14 ·
STEP 1
Attach File
  • Please navigate to the following file and attach it to your next post
    • C:\_readme.txt

STEP 2
Revo Uninstaller
  • Please download and install Revo Uninstaller.
  • Double-Click Revo Uninstaller to run the programme.
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • AVG Web TuneUp
    • GS.Supporter
    • VideoDownloadConverter Toolbar
    • Wondershare Helper Compact
    • WPM17.8.0.3297r
  • Double-Click the programme.
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline.
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above.
 
#16 ·
I have bad news for you. Your strain of STOP ransomware is currently not decryptable (without paying the criminals, which I do not recommend). The chances are slim that there will be a solution in the future. It can happen if law enforcement seizes the server and gets hands on the keys. For such case you may backup encrypted files and at least one ransom note.

STEP 1
Farbar Recovery Scan Tool (FRST) Script
  • Download the attached fixlist.txt
  • Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
  • Double-click FRST64.exe to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.

STEP 2
Malwarebytes AdwCleaner
  • Please download Malwarebytes AdwCleaner and save the file to your Desktop.
  • Right-click AdwCleaner.exe and select
    Run as administrator
    to run the program.
  • Follow the prompts.
  • Click
    Scan Now and wait for completion of the scan.
  • Ensure anything you know to be legitimate does not have a check mark under the corresponding tab.
  • Click
    Quarantine.
  • Follow the prompts and allow your computer to reboot.
  • After the reboot, a log will open. Copy the contents of the log and paste or attach the log in your next reply.
-- File, folder and registry backups are made for items removed using this programme. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S0].txt.

STEP 3
Malwarebytes 3 (MBAM)
  • Please download the Malwarebytes 3 setup file to your Desktop.
  • Open MBSetup.exe and follow the prompts to install the programme.
  • Open Malwarebytes 3 and click Update Now.
  • Once updated, click the Scan Nowbutton
  • If threats are detected, click Quarantine Selected to allow MBAM to clean what was found.
  • If the prompt to restart the computer appears, click Yes. Open MBAM again after restart.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click on the scan log which shows the date and time of the scan just performed.
  • Click Copy to Clipboard and paste or attach the log in your next reply.

======================================================

Logs
In your next reply please include the following logs.
  • FixLog.txt
  • AdwCleaner log
  • Malwarebytes 3 log
 

Attachments

#17 ·
I fowled all your introductions ! but Malwarebytes repeatedly poing up the message "reebot required" i did several times is that okey ?i have posted logs here..

and than you for taking up all the pain in helping me out ..ill keep the encrypted files safe..to see if any possibilities
 

Attachments

#18 ·
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/12/19
Scan Time: 7:23 AM
Log File: 269a311a-1c82-11ea-a352-e89a8fd51234.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.13803
License: Trial

-System Information-
OS: Windows 7
CPU: x86
File System: NTFS
User: acer-PC\acer

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 195008
Threats Detected: 276
Threats Quarantined: 276
Time Elapsed: 13 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 12
PUP.Optional.MoviesToolBar, HKU\S-1-5-21-1045254829-66960985-1940655526-1000\SOFTWARE\ilividbandoomoviestoolbar, Quarantined, [821], [240925],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{70D24B06-F478-4166-B853-42CCFD86BDF2}, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8DD92302-44B1-46D8-B99F-00AF1DDC6877}, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-1045254829-66960985-1940655526-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9B0E8AAF-F09E-4C81-8C4B-20FEA13AD136}, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-1045254829-66960985-1940655526-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9B0E8AAF-F09E-4C81-8C4B-20FEA13AD136}, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9b0e8aaf-f09e-4c81-8c4b-20fea13ad136}, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA5A683E-AB8C-488F-A6EE-A92F9D29CD3B}, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE93CF0F-EA4D-4A02-940E-4104CDF8A3EF}, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F6BCEE6E-F2CC-4687-98D7-DB71D504507C}, Quarantined, [3], [253595],1.0.13803
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\MOZILLAPLUGINS\@VideoDownloadConverter_4z.com/Plugin, Quarantined, [1801], [443668],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaigjndjblmpeckabiffcpogflfgl, Quarantined, [3], [253589],1.0.13803
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [61], [169264],1.0.13803

Registry Value: 9
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{70D24B06-F478-4166-B853-42CCFD86BDF2}|APPPATH, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [3], [-1],0.0.0
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8DD92302-44B1-46D8-B99F-00AF1DDC6877}|APPPATH, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9b0e8aaf-f09e-4c81-8c4b-20fea13ad136}|APPPATH, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA5A683E-AB8C-488F-A6EE-A92F9D29CD3B}|APPPATH, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE93CF0F-EA4D-4A02-940E-4104CDF8A3EF}|APPPATH, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F6BCEE6E-F2CC-4687-98D7-DB71D504507C}|APPPATH, Quarantined, [3], [253595],1.0.13803
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-1045254829-66960985-1940655526-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|AAAAAIGJNDJBLMPECKABIFFCPOGFLFGL, Quarantined, [3], [253589],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, HKU\S-1-5-21-1045254829-66960985-1940655526-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|kpodggaakfmmlpmaopooamblkdcnacgi, Quarantined, [14920], [553092],1.0.13803

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 78
PUP.Optional.Babylon, C:\Users\acer\AppData\LocalLow\BabylonToolbar\BabylonToolbar, Quarantined, [382], [175554],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\LOCALLOW\BABYLONTOOLBAR, Quarantined, [382], [175554],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Settings, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\History, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\USERS\ACER\APPDATA\LOCALLOW\VideoDownloadConverter_4z, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MoviesToolBar, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\ilividmoviestoolbarha, Quarantined, [821], [178552],1.0.13803
PUP.Optional.MusicToolBar, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\jzipmusictoolbar181, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\lphantmusictoolbarrs, Quarantined, [1772], [178594],1.0.13803
Adware.Agent.TskLnk, C:\PROGRAMDATA\ahdfddbiikpejdmlaakpihaoilobgpij, Quarantined, [3774], [452674],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\es_419, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\en_GB, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\en_BS, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\pt_BR, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\en_US, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\pt_PT, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\zh_CN, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\zh_TW, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\fil, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\be, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\bg, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\bn, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ca, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\cs, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\da, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\de, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\el, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\en, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\es, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\et, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\fa, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\fi, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\fr, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\gu, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\hi, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\hr, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\hu, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\id, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\it, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ja, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\kn, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ko, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\lt, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\lv, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\mk, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ml, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\mr, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ms, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\nl, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\no, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\pl, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\pt, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\he, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ro, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ru, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sk, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sl, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sq, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sr, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sv, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sw, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ta, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\te, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\th, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\tr, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\uk, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\vi, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\am, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ar, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\icons, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\USERS\ACER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KPODGGAAKFMMLPMAOPOOAMBLKDCNACGI, Quarantined, [14920], [553092],1.0.13803

File: 177
PUP.Optional.Babylon, C:\PROGRAM FILES\MOZILLA FIREFOX\SEARCHPLUGINS\BABYLON.XML, Quarantined, [382], [235644],1.0.13803
PUP.Optional.MindSpark, C:\USERS\ACER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_gjngjhikmffiafannjcjkdediacimkmk_0.localstorage, Quarantined, [680], [240347],1.0.13803
PUP.Optional.MindSpark, C:\USERS\ACER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_mlmkmibflpaljkoooahfipdfhgpaoddh_0.localstorage, Quarantined, [680], [240392],1.0.13803
PUP.Optional.MindSpark, C:\USERS\ACER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pfkanglmmnniiolknlhaajllgmlgcdkj_0.localstorage, Quarantined, [680], [240404],1.0.13803
PUP.Optional.Ilivid, C:\USERS\ACER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage, Quarantined, [2537], [247103],1.0.13803
PUP.Optional.ASK, C:\USERS\ACER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_mppnoffgpafgpgbaigljliadgbnhljfl_0.localstorage, Quarantined, [2], [245521],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0012DD05, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0012E658, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0012EADB.bmp.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0012ECDD.bmp.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0012F18F.bmp.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0012F4C9.bmp.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0012F70B.bmp.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0012F8CF.bmp.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0012FB20.bmp.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\files.ini, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\History\search3, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\8_step1.gif.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\anemone.js, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\anemone.js.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\bd_grad.gif.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard.js, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard.js.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard1.htm.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard2.htm.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpp_ok.png.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpp_x.png.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpp_x2.png.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\index.htm.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\mid_dots.gif.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\mws_logo.gif.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\protect.htm.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\rebut4b.htm.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\shield.png.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\stop.gif.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\systrayp.htm.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\tp_grad.gif.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\bar\Settings\prevcfg2.htm.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\PopupProperties206581960.html.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\PopupProperties206581966.html.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\Radio.html.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MindSpark, C:\Users\acer\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\VideosBtn.html.kvag, Quarantined, [680], [178472],1.0.13803
PUP.Optional.MoviesToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\ilividmoviestoolbarha\apnuserid.dat, Quarantined, [821], [178552],1.0.13803
PUP.Optional.MoviesToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\ilividmoviestoolbarha\appid.dat, Quarantined, [821], [178552],1.0.13803
PUP.Optional.MoviesToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\ilividmoviestoolbarha\geodata.xml, Quarantined, [821], [178552],1.0.13803
PUP.Optional.MoviesToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\ilividmoviestoolbarha\setupCfg.xml, Quarantined, [821], [178552],1.0.13803
PUP.Optional.MoviesToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\ilividmoviestoolbarha\sysid.dat, Quarantined, [821], [178552],1.0.13803
PUP.Optional.MoviesToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\ilividmoviestoolbarha\trackid.dat, Quarantined, [821], [178552],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\jzipmusictoolbar181\apnuserid.dat, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\jzipmusictoolbar181\appid.dat, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\jzipmusictoolbar181\geodata.xml, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\jzipmusictoolbar181\setupCfg.xml, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\jzipmusictoolbar181\sysid.dat, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\jzipmusictoolbar181\trackid.dat, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\lphantmusictoolbarrs\apnuserid.dat, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\lphantmusictoolbarrs\appid.dat, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\lphantmusictoolbarrs\geodata.xml, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\lphantmusictoolbarrs\setupCfg.xml, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\lphantmusictoolbarrs\sysid.dat, Quarantined, [1772], [178594],1.0.13803
PUP.Optional.MusicToolBar, C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qqqs9h6b.default\lphantmusictoolbarrs\trackid.dat, Quarantined, [1772], [178594],1.0.13803
Adware.Agent.TskLnk, C:\PROGRAMDATA\ahdfddbiikpejdmlaakpihaoilobgpij\ahdfddbiikpejdmlaakpihaoilobgpij.crx, Quarantined, [3774], [452674],1.0.13803
Adware.Agent.TskLnk, C:\ProgramData\ahdfddbiikpejdmlaakpihaoilobgpij\update.xml, Quarantined, [3774], [452674],1.0.13803
Adware.Linkury, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\installer.dat, Quarantined, [412], [715618],1.0.13803
Adware.Linkury.Generic, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\SHA.DB, Quarantined, [3759], [709582],1.0.13803
PUP.Optional.Bandoo.AppFlsh, C:\USERS\ACER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [3], [253589],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.Babylon, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [382], [301501],1.0.13803
PUP.Optional.ASK, C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQQS9H6B.DEFAULT\PREFS.JS, Replaced, [2], [407901],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\USERS\ACER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\USERS\ACER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KPODGGAAKFMMLPMAOPOOAMBLKDCNACGI\1.2_0\MANIFEST.JSON, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\icons\ficon128.png, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\icons\icon128.png, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\icons\icon16.png, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\icons\icon48.png, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\he\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\am\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ar\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\be\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\bg\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\bn\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ca\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\cs\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\da\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\de\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\el\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\en\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\en_BS\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\en_GB\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\en_US\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\es\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\es_419\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\et\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\fa\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\fi\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\fil\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\fr\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\gu\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\hi\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\hr\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\hu\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\id\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\it\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ja\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\kn\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ko\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\lt\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\lv\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\mk\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ml\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\mr\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ms\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\nl\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\no\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\pl\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\pt\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\pt_BR\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\pt_PT\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ro\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ru\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sk\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sl\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sq\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sr\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sv\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\sw\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\ta\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\te\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\th\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\tr\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\uk\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\vi\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\zh_CN\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.ExtensionNSUU.Generic, C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpodggaakfmmlpmaopooamblkdcnacgi\1.2_0\_locales\zh_TW\messages.json, Quarantined, [14920], [553092],1.0.13803
PUP.Optional.MultiPlug, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [61], [-1],0.0.0
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [61], [-1],0.0.0

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)
 
#19 · (Edited)
Hi rimzan,

USB Worm Warning
------------------------------

Your system is infected by a worm called Dunihi. This worm spreads via removable drives, e.g., USB flash drives and external HDDs. Any removable drive that you plugged in lately is possibly infected. So is any computer that used those drives.
To prevent spreading the infection:
  • Do not plug in any drives to your infected system.
  • Do not connect possibly infected drives to any computer. Make sure no one else uses them.

STEP 1
Please gather all possibly infected drives for disinfection and tell me how many there are.

If any of these removable drives are not yours or were used for other computers than yours, inform their owners if possible to prevent spreading the infection.

STEP 2
Farbar Recovery Scan Tool (FRST) Scan
  • Double-Click FRST.exe to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach the logs in your next reply.
 
#21 · (Edited)
STEP 1
Deinstall Chrome Extension
  • Enter chrome://extensions/ in Chrome's address bar to view extensions installed for your browser.
  • On the extension RealDownloader click Remove
  • Confirm by clicking Remove.
-------------------------------------------------------------------------

STEP 2
USBFix Scan and Clean USB Disks
  • Please download USBFix and save the file to your Desktop.
  • Right-Click USBFix and select
    Run as administrator to run the programme.
  • Follow the prompts.
  • Hold the Shift key on your keyboard and insert the infected USB drives into your PC.
  • Note: If you cannot insert all drives at once, repeat STEP 2 and STEP 3 with the other drives.
  • Click Run an Analysis.
  • Click Scan USB Disks.
  • After the scan is finished, if infected elements are found, press Clean All
STEP 3
USBFix Listing
  • Ensure the USB drives are still inserted in your PC.
  • Navigate back to the Dashboard by clicking on the house button

  • Click Run an Analysis.
  • Click Make a Listing.
STEP 4
USBFix Reports
  • Navigate to the Report button
  • On the right side click Check All then Open
  • Notepad will open with your logs. Attach or paste these logs to your next reply.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top