4 Replies Latest reply on Apr 4, 2014 1:40 PM by catdaddy

    Win 8.1 Internet explorer Hijack Search Protector PlurPush

    mlisowski

      Some how this garbage got on my computer which was redirecting (hijacking) the browser.  Went through normal unistall process the only thing it did was cause the malware to hide in the bowels of windows.  I ran full scan with livesafe and it did not find/fix the issue.  I had to go to bleeping computers to get advice  and Run AdwCleaner and MalwareBytes to get rid of this trash.  Why did McAfee 1) not prevent the installation 2) fail to find and clean out all items below.  Any program that hijacks the browser is a virus and should be identified and removed by LiveSafe. 

       

       

       

      Key Found : HKCU\Software\SearchProtectINT
      Key Found : [x64] HKCU\Software\SearchProtectINT
      Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
      Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
      Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
      Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

      ***** [ Browsers ] *****

       

      PUP.Optional.FreeFileConverter.A, C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe, 2176, Delete-on-Reboot, [e115c65f86f5b482d988dfcb54afa759]

      Modules: 2
      PUP.Optional.FreeFileConverter.A, C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll, Delete-on-Reboot, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll, Delete-on-Reboot, [579fad78d5a640f65f014d16679aa957],

      Registry Keys: 24
      PUP.Optional.FreeFileConverter.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ConvertFilesforFreeUpdt, Quarantined, [e115c65f86f5b482d988dfcb54afa759],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{22B58425-A384-436c-A334-BB9255664D10}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{951F4658-6461-46AD-AB13-F73E7FCBE6DB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{951F4658-6461-46AD-AB13-F73E7FCBE6 DB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{22B58425-A384-436c-A334-BB9255664D10 }, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\CLASSES\ConvertFilesforFree.1, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\CLASSES\ConvertFilesforFree, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConvertFilesforFree, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConvertFilesforFree.1, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\CLASSES\CLSID\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\CLASSES\CLSID\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}\INPROCSERVER 32, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKU\S-1-5-21-4249996332-1622787085-128542896-1002-{ED1FC765-E35E-4C3D-BF15-2C2B 11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{59A062A1-5EC A-4A1A-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKU\S-1-5-21-4249996332-1622787085-128542896-1005-{ED1FC765-E35E-4C3D-BF15-2C2B 11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{59A062A1-5EC A-4A1A-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKU\S-1-5-21-4249996332-1622787085-128542896-1006-{ED1FC765-E35E-4C3D-BF15-2C2B 11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{59A062A1-5EC A-4A1A-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKU\S-1-5-21-4249996332-1622787085-128542896-1002-{ED1FC765-E35E-4C3D-BF15-2C2B 11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{59A062A1-5ECA-4 A1A-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKU\S-1-5-21-4249996332-1622787085-128542896-1005-{ED1FC765-E35E-4C3D-BF15-2C2B 11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{59A062A1-5ECA-4 A1A-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, HKU\S-1-5-21-4249996332-1622787085-128542896-1006-{ED1FC765-E35E-4C3D-BF15-2C2B 11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{59A062A1-5ECA-4 A1A-BC44-B2A9283A8ACB}, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [14e2e3420873013546fc579ced16ab55],
      PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5 }, Quarantined, [14e2e3420873013546fc579ced16ab55],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Convert Files for Free, Quarantined, [896d25002f4cba7c111b19466d95936d],
      PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\ZUPDATER\ConvertFilesforFreeUpdt.exe, Quarantined, [71854bda740765d183abfb64ae548e72],

      Registry Values: 0
      (No malicious items detected)

      Registry Data: 0
      (No malicious items detected)

      Folders: 1
      PUP.Optional.FreeFileConverter.A, C:\Program Files (x86)\Convert Files for Free, Delete-on-Reboot, [896d25002f4cba7c111b19466d95936d],

      Files: 12
      PUP.Optional.FreeFileConverter.A, C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe, Delete-on-Reboot, [e115c65f86f5b482d988dfcb54afa759],
      PUP.Optional.FreeFileConverter.A, C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll, Delete-on-Reboot, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.FreeFileConverter.A, C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll, Quarantined, [579fad78d5a640f65f014d16679aa957],
      PUP.Optional.OutBrowse, C:\Users\Mike\AppData\Local\Temp\InSetup1394989924.exe, Quarantined, [14e2e3420873013546fc579ced16ab55],
      PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Local\Temp\SearchProtectINT.exe, Quarantined, [698d43e2b0cb95a105eef71df9084db3],
      PUP.Optional.SearchProtect.A, C:\Users\Mike\AppData\Local\Temp\nsm83D2.exe, Quarantined, [3cbad1545c1ff83ee6e180a1778a56aa],
      PUP.Optional.SearchProtect.A, C:\Users\Mike\AppData\Local\Temp\nstB1DB.exe, Quarantined, [bb3b1114f784e650bc0bdf425fa230d0],
      PUP.Optional.SearchProtect.A, C:\Users\Mike\AppData\Local\Temp\nswD41A.exe, Quarantined, [787e46df9be00a2c1fa834ed2dd4649c],
      PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Local\Temp\nsl8452\SpSetup.exe, Quarantined, [f105cf5688f3b581b205ea2c0100a060],
      PUP.Optional.Outbrowse, C:\Users\Mike\Downloads\Installer.exe, Quarantined, [688e39ecdaa1d85e5ae86d3c53b0ac54],
      PUP.Optional.FreeFileConverter.A, C:\Program Files (x86)\Convert Files for Free\install.ico, Quarantined, [896d25002f4cba7c111b19466d95936d],
      PUP.Optional.FreeFileConverter.A, C:\Program Files (x86)\Convert Files for Free\uninstall.exe, Quarantined, [896d25002f4cba7c111b19466d95936d],

      Physical Sectors: 0
      (No malicious items detected)

      (end)