Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How did Funmoods return?


25 Apr 2013   #1

Windows 7 Home Premium x64
 
 
How did Funmoods return?

OK I'm baffled on this one. About 6 months ago I accidentally didn't uncheck the box for Funmoods toolbar when installing something, and long story short I decided to reinstall Win 7 (including deleting the original OS partition; I forget if I formatted it too) to make sure I killed it.

My computer has worked flawlessly since then. I have definitely not accidentally installed Funmoods since the reinstall - I've been hyper-vigilant about carefully reading what's being installed by default when installers run. There is no trace of it in Chrome or IE extensions/plugins etc. At all times I've had NOD32 running and updated, Windows (important) Updates immediately installed, and periodically scan with Malwarebytes. I only run Chrome unless IE is required for some random site.

So I was shocked today when I ran a Malwarebytes quick scan and it turned up Funmoods registry files. I pasted the log below. Again, my computer is working perfectly and there's never been any visible/noticeable funmoods crap in my browsers since my reinstall. My last MB quick scan a month or two ago (prior to recent MB update I installed) turned up nothing.

Any ideas how traces of Funmoods could be on my computer? Is it possible it survived the OS reinstall? Is it getting into my system without me installing anything when I visit an infected website? I want to figure out what I'm doing to allow it on my system because I thought I was being very careful. Thanks for any help!

MB quick scan log:

--------------------------------------

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.04.25.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
********* [administrator]

Protection: Enabled

4/25/2013 12:04:25 PM
mbam-log-2013-04-25 (12-04-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254831
Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: Funmoods Search -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (Funmoods Search) Good: (Google) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\****\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.

(end)


My System SpecsSystem Spec
.

25 Apr 2013   #2

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Hi chorizo


Link AdwCleaner Download

Click on Download now

Save to the Desktop

Right-click on adwcleaner.exe and choose Run as administrator

Click the Delete button

Upload the AdwCleaner[Sn].txt in your reply.

Note   Note
The log file is at C:\AdwCleaner[Sn].txt
My System SpecsSystem Spec
25 Apr 2013   #3

Windows 7 Home Premium
 
 

Chorizo,

Quote:
Any ideas how traces of Funmoods could be on my computer?
You may have installed a program and it bundled Funmoods.

For a browser, do you use Internet Explorer, Firefox, or Chrome?
Browser extensions, homepage change and a change in search engine are master-minded by Funmoods.
You may need to reverse these changes, if you are affected.

Also, in Control Panel> Programs and Features, is Funmoods present there?
If so, click Uninstall.and follow the prompts.

Remove any Funmoods scheduled task:
Press Start, and in the Search Programs and Files box above it, copy paste the following:
%windir%\System32\Tasks

In the window that appears, check for any Funmoods tasks
Updatetask.exe is launched automatically by registering itself into the Windows Task Scheduler under the task name: \Funmoods

Scheduled tasks:
The job 'At1' runs weekly in the path 'C:\WINDOWS\Tasks\At1.job'
The job 'Funmoods' runs daily in the path '\Funmoods'
The job 'DSite' runs daily in the path '\DSite'
The job 'Searchya' runs daily in the path '\Searchya'
Entry path 'C:\WINDOWS\Tasks\At1.job'
Entry path '\DSite'
Entry path 'C:\WINDOWS\Tasks\At2.job'
Entry path '\Funmoods'

If you find any scheduled tasks for Funmoods, use the following tutorial to remove:
Task Scheduler - Create New Task

You may also want to clean your temporary internet files using a program like CCleaner - Download
My System SpecsSystem Spec
.


Reply

 How did Funmoods return?




Thread Tools



Similar help and support threads for2: How did Funmoods return?
Thread Forum
Removing Funmoods/Control Panel Question System Security
funmoods System Security
how do i get rid of funmoods? Software
Solved NO URL address bar and some crappy funmoods icon Browsers & Mail
Return of BSOD on my pc. BSOD Help and Support
Should I return the gpu? Graphic Cards

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:29 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33