Logo_Malware
Freshy is a program that usually installs without your knowledge via free software downloads. Identified the 09/18/2015.

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions :

– It installs a plugin of the browser Mozilla Firefox (P2)
– It changes the start page of the browser Internet Explorer (R0),
– It changes the browser Internet Explorer search page (R1),
– It installs as a program (O42),
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45).
– It creates multiple files users (O61),

ZHPDiag report:

P2 – EXT FILE: (…) — C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\v0id4bxn.default-1442500760997\extensions\toolbar11219@freshy.com.xpi
P2 – FPN:

[HKCU] [@tnt2npapi.com/Plugin] – (.Freshy.com.) — C:\Users\Coolman\AppData\Local\TNT2\2.0.0.1995\npTNT2.dll
R0 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://services.freshy.com/
R1 – HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.freshy.com/
R1 – HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://services.freshy.com/
O42 – Logiciel: Findwide Toolbar – (.Freshy.) [HKCU] — {DA5D2F9E-9783-4F2A-ACA0-DA9B35E35F33}
HKCU\SOFTWARE\TNT2
O43 – CFD: 2015/09/18 06:49:24 – [] D — C:\Program Files\TNT2
O43 – CFD: 2015/09/18 06:49:15 – [] D — C:\Users\Coolman\AppData\Local\TNT2
O61 – LFC: 2015/09/18 06:49:07 A . (..) — C:\Users\Coolman\AppData\Local\TNT2\2.0.0.1995\chromeinst.1.dll [110080] O61 – LFC: 2015/09/18 06:49:07 A . (.Freshy.com.) — C:\Users\Coolman\AppData\Local\TNT2\2.0.0.1995\hmac.1.dll [106496] O61 – LFC: 2015/09/18 06:49:07 A . (.Freshy.com.) — C:\Users\Coolman\AppData\Local\TNT2\2.0.0.1995\iestage2.1.dll [199168]

Remove:

– Remove software via Windows Configuration Panel,
Remove with ZHPcleaner
ZHPCleaner_EN2
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:24+00:00 Categories: Polluteware, PUP|Tags: , |Comments Off on PUP.Optional.Freshy