How did Funmoods return?


  1. Chorizo
    Posts : 6
    Windows 7 Home Premium x64
       New #1

    How did Funmoods return?


    OK I'm baffled on this one. About 6 months ago I accidentally didn't uncheck the box for Funmoods toolbar when installing something, and long story short I decided to reinstall Win 7 (including deleting the original OS partition; I forget if I formatted it too) to make sure I killed it.

    My computer has worked flawlessly since then. I have definitely not accidentally installed Funmoods since the reinstall - I've been hyper-vigilant about carefully reading what's being installed by default when installers run. There is no trace of it in Chrome or IE extensions/plugins etc. At all times I've had NOD32 running and updated, Windows (important) Updates immediately installed, and periodically scan with Malwarebytes. I only run Chrome unless IE is required for some random site.

    So I was shocked today when I ran a Malwarebytes quick scan and it turned up Funmoods registry files. I pasted the log below. Again, my computer is working perfectly and there's never been any visible/noticeable funmoods crap in my browsers since my reinstall. My last MB quick scan a month or two ago (prior to recent MB update I installed) turned up nothing.

    Any ideas how traces of Funmoods could be on my computer? Is it possible it survived the OS reinstall? Is it getting into my system without me installing anything when I visit an infected website? I want to figure out what I'm doing to allow it on my system because I thought I was being very careful. Thanks for any help!

    MB quick scan log:

    --------------------------------------

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.04.25.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    ********* [administrator]

    Protection: Enabled

    4/25/2013 12:04:25 PM
    mbam-log-2013-04-25 (12-04-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 254831
    Time elapsed: 9 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 4
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: Funmoods Search -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (Funmoods Search) Good: (Google) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Users\****\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\****\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.

    (end)
      My Computer
    Quote Quote

  3. VistaKing
    Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       New #2

    Hi chorizo


    Link AdwCleaner Download

    Click on Download now

    Save to the Desktop

    Right-click on adwcleaner.exe and choose Run as administrator

    Click the Delete button

    Upload the AdwCleaner[Sn].txt in your reply.

       Note
    The log file is at C:\AdwCleaner[Sn].txt
      My Computer
    Quote Quote

  4. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #3

    Chorizo,

    Any ideas how traces of Funmoods could be on my computer?
    You may have installed a program and it bundled Funmoods.

    For a browser, do you use Internet Explorer, Firefox, or Chrome?
    Browser extensions, homepage change and a change in search engine are master-minded by Funmoods.
    You may need to reverse these changes, if you are affected.

    Also, in Control Panel> Programs and Features, is Funmoods present there?
    If so, click Uninstall.and follow the prompts.

    Remove any Funmoods scheduled task:
    Press Start, and in the Search Programs and Files box above it, copy paste the following:
    %windir%\System32\Tasks

    In the window that appears, check for any Funmoods tasks
    Updatetask.exe is launched automatically by registering itself into the Windows Task Scheduler under the task name: \Funmoods

    Scheduled tasks:
    The job 'At1' runs weekly in the path 'C:\WINDOWS\Tasks\At1.job'
    The job 'Funmoods' runs daily in the path '\Funmoods'
    The job 'DSite' runs daily in the path '\DSite'
    The job 'Searchya' runs daily in the path '\Searchya'
    Entry path 'C:\WINDOWS\Tasks\At1.job'
    Entry path '\DSite'
    Entry path 'C:\WINDOWS\Tasks\At2.job'
    Entry path '\Funmoods'

    If you find any scheduled tasks for Funmoods, use the following tutorial to remove:
    Task Scheduler - Create New Task

    You may also want to clean your temporary internet files using a program like CCleaner - Download
      My Computer
    Quote Quote

 

  Related Discussions
Somehow Funmoods accidentally got installed on my PC. I know I removed the toolbar from my Mozilla Firefox browser, however I still see it lingering in chat. (i.e. Facebook.) I understand you go to the control panel to remove the program. However, mine does not look right to me or like anything...
funmoods
in System Security

I have funmoods on my computer. I have updated my malwarebytes Anti-Malware software and ran a full scan on my computer. Funmoods is identified and deleted as part of the scanning process. Unfortunately upon rebooting and opening up the second web page the file is always there. Any ideas on how...
I accidently installed funmoods on my pc and i want it gone. I uninstalled from control panel but it's still there in the browser its a nuicence to me. How do i get rid of it?
Not sure what has happened but if I open firefox I no longer get my URL address box and it goes to something being determined by funmoods! Cannot delete it as windows says nothing to find re funmoods, its damned annoying how do I get rid of it? Thanks
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 03:54.
Find Us