[Solved] How harmful is " Mysearchdial " ??

[kevh]

Hi Everyone

 

Last night my wife unfortunately downloaded " mysearchdial " by mistake thinking she was downloading something for her teacher planning.

 

I quickly uninstalled , reset homepage and deleted addons on various browsers etc.

 

Ran full updated scan of MS security essentials.

 

This only seems to have affected her user and only remnant on her user is a blank mysearchdial folder in program uninstalls which I cant get rid off.

 

Do I need to worry ?

 

How harmful is this malware?

 

Do I need to run other antimalware software?

 

Thanks for any help :)

 

Cheers Kev :cool:

[KenB]

Hi Kev

 

Download MBAM from here: - click here

You want the FREE version

 

Install > update > run it. ( quick scan )

Let MBAM delete what it finds.

It will produce a log.

Copy this and post it here please.

 

Starbuck or etavares will advise further.

 

========

 

Found this that may be of interest - click here

 

It doesn't seem to be particularly harmful - just possibly annoying.

[kevh]

Hi Ken

 

Thankyou for the reply and advice and will give it a go tonight.

 

Would I need to do it on my wifes user or as administrator?

 

Cheers Kev :cool:

[KenB]

Either should be OK - it will even run in Safe Mode :)

[Starbuck]

It doesn't seem to be particularly harmful - just possibly annoying.

Ken is right.

It's more annoying than anything.

It's classed as Adware and usually comes bundled with 'free' programs.

MBAM is reasonally good at removing Adware but for help in searching all the entries, a dedicated Adware removal tool is better.

This is the normal instructions for AdwCleaner:

 

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
  
• Click on the Scan button.
  
• AdwCleaner will begin to scan your computer.
  
• After the scan has finished...
  
• Click on the Clean button.
  
• Press OK when asked to close all programs and follow the onscreen prompts.
  
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

Ran full updated scan of MS security essentials.

MSSE doesn't search for Adware because it can be installed legitimately. (there are some strange people around )

So the search will come up empty.

 

This only seems to have affected her user and only remnant on her user is a blank mysearchdial folder in program uninstalls which I cant get rid off.

One of the big failings with removing files/folders manually is that the uninstaller can also get removed, so there's nothing to run if you try to uninstall from the add/remove folder.

This will now be an orphan entry so won't cause any problems be leaving it.

If you did want it removed, there is a registry edit i can explain.... but it depends on how confidant you are with editing the registry.

Or.... if you have CCleaner installed, that has an option to remove these orphan entries from the add/remove.

Edited January 27, 2014 by Starbuck

[kevh]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2014.01.27.07

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 11.0.9600.16476

Kev :: HOOPERSHOME-PC [administrator]

Protection: Enabled

27/01/2014 17:01:03

MBAM-log-2014-01-27 (17-54-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 436742

Time elapsed: 35 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 3

C:\Users\Tracey\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> No action taken.

C:\Users\Tracey\AppData\Roaming\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> No action taken.

C:\Users\Tracey\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> No action taken.

Files Detected: 10

C:\Users\Kev\Local Settings\Temporary Internet Files\Content.IE5\NYZW47S6\stubinst_pkg_en-uk[1].cab (PUP.Optional.OpenCandy) -> No action taken.

C:\Users\Kev\Local Settings\Temporary Internet Files\Content.IE5\VJ9FNBIW\stubinst_pkg_en-uk[1].cab (PUP.Optional.OpenCandy) -> No action taken.

C:\Users\Kev\Local Settings\Temporary Internet Files\Content.IE5\VJ9FNBIW\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> No action taken.

C:\Users\Tracey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> No action taken.

C:\Users\Tracey\AppData\Roaming\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> No action taken.

C:\Users\Tracey\AppData\Roaming\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> No action taken.

C:\Users\Tracey\AppData\Roaming\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> No action taken.

C:\Users\Tracey\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> No action taken.

C:\Users\Tracey\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> No action taken.

C:\Users\Tracey\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> No action taken.

(end)

[kevh]

Thanks for help and reassurance have just run MBAM and posted log above.

 

Will run ADWCleaner also.

 

Thanks again :)

 

Cheers Kev :cool:

[kevh]

# AdwCleaner v3.017 - Report created 27/01/2014 at 18:58:38

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

# Username : Kev - HOOPERSHOME-PC

# Running from : C:\Users\Kev\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Tracey\AppData\Local\Mysearchdial

File Deleted : C:\Users\Tracey\AppData\Roaming\Mozilla\Firefox\Profiles\plcoi4hp.default\user.js

File Deleted : C:\Windows\Tasks\MySearchDial.job

File Deleted : C:\Windows\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08F9B833-2B11-4311-8584-92AE896675FF}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08F9B833-2B11-4311-8584-92AE896675FF}

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

 

-\\ Mozilla Firefox v4.0 (en-GB)

[ File : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\jbc89u0g.default\prefs.js ]

 

[ File : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\e9a3kupw.default\prefs.js ]

 

[ File : C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\lhxmo6vm.default\prefs.js ]

 

[ File : C:\Users\Tracey\AppData\Roaming\Mozilla\Firefox\Profiles\plcoi4hp.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.AL", 2);

Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites0103");

Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDzzzzyCtA0ByCzy0C0B0B0DzzzzzytBtN0D0Tzu0SyByDyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");

Line Deleted : user_pref("extensions.mysearchdial.cr", "1721882440");

Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");

Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);

Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);

Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);

Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDzzzzyCtA0ByCzy0C0B0B0DzzzzzytBtN0D0Tzu0SyByDyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czut[...]

Line Deleted : user_pref("extensions.mysearchdial.id", "08863B69CBBD8892");

Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16096");

Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");

Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDzzzzyCtA0ByCzy0C0B0B0DzzzzzytBtN0D0Tzu0SyByDyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Cz[...]

Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDzzzzyCtA0ByCzy0C0B0B0DzzzzzytBtN0D0Tzu0SyByDyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1[...]

Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);

Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");

Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:49:32");

[ File : C:\Users\Kev_2\AppData\Roaming\Mozilla\Firefox\Profiles\441hlmjc.default\prefs.js ]

 

-\\ Google Chrome v

[ File : C:\Users\Kev\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\Kev_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

*************************

AdwCleaner[R0].txt - [5264 octets] - [27/01/2014 18:55:36]

AdwCleaner[s0].txt - [5309 octets] - [27/01/2014 18:58:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5369 octets] ##########

 

 

That found plenty :)

 

Cheers Kev :cool:

[kevh]

Do I need to uninstall ADWcleaner and MBAM when I turn MSE back on or do they just run when you tell them to run ?

 

Cheers Kev :cool:

[Starbuck]

Hi Kev,

 

That found plenty

That is what i meant by running a dedicated Adware Removal tool.

It does look a lot deeper.

 

Do I need to uninstall ADWcleaner and MBAM when I turn MSE back on or do they just run when you tell them to run ?

Double click on AdwCleaner.exe to run the tool again.

Vista/Windows 7/8 users right-click and select Run As Administrator.

• Click on the Uninstall button.
  
• Click Yes when asked are you sure you want to uninstall.
  
• Both AdwCleaner.exe, its folder and all logs will be removed.

 

MBAM can be left on the system and ran as an 'On Demand' scanner when needed.

Just remember to update the program before running it as it's updated several times a day.

[kevh]

Thanks Starbuck much appreciated .

 

Everything seems to running fine now and I assume from your post the logs I posted look ok and am clear of it .

 

Thanks again

 

Cheers Kev :cool:

[Starbuck]

Thanks Starbuck much appreciated

It's no problem at all.

 

I assume from your post the logs I posted look ok and am clear of it .

AdwCleaner is very effective against this adware, so you should be fine now.

If you do encounter any problems with the system, just post back and let us know.

But i think you'll be fine now.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

[kevh]

Cool!!

 

Many thanks

 

Cheers Kev :cool: