New
#1
How did Funmoods return?
OK I'm baffled on this one. About 6 months ago I accidentally didn't uncheck the box for Funmoods toolbar when installing something, and long story short I decided to reinstall Win 7 (including deleting the original OS partition; I forget if I formatted it too) to make sure I killed it.
My computer has worked flawlessly since then. I have definitely not accidentally installed Funmoods since the reinstall - I've been hyper-vigilant about carefully reading what's being installed by default when installers run. There is no trace of it in Chrome or IE extensions/plugins etc. At all times I've had NOD32 running and updated, Windows (important) Updates immediately installed, and periodically scan with Malwarebytes. I only run Chrome unless IE is required for some random site.
So I was shocked today when I ran a Malwarebytes quick scan and it turned up Funmoods registry files. I pasted the log below. Again, my computer is working perfectly and there's never been any visible/noticeable funmoods crap in my browsers since my reinstall. My last MB quick scan a month or two ago (prior to recent MB update I installed) turned up nothing.
Any ideas how traces of Funmoods could be on my computer? Is it possible it survived the OS reinstall? Is it getting into my system without me installing anything when I visit an infected website? I want to figure out what I'm doing to allow it on my system because I thought I was being very careful. Thanks for any help!
MB quick scan log:
--------------------------------------
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
Malwarebytes : Free anti-malware download
Database version: v2013.04.25.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
********* [administrator]
Protection: Enabled
4/25/2013 12:04:25 PM
mbam-log-2013-04-25 (12-04-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254831
Time elapsed: 9 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: Funmoods Search -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (Funmoods Search) Good: (Google) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Users\****\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
(end)