Jump to content

Removal instructions for Blasteroids


Recommended Posts

  • Staff

What is Blasteroids?

The Malwarebytes research team has determined that Blasteroids is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is effected by Blasteroids?

This is how the start-page looks:

main.png

And you may see this warning:

warning1.png

How did Blasteroids get on my computer?

Adware applications use different methods for distributing themselves. This particular one was offered as a game.

How do I remove Blasteroids?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Blasteroids?
  • No, Malwarebytes' Anti-Malware removes Blasteroids completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Blasteroids adware. It would have warned you before the application installed a service on your computer, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O23 - Service: Blasteroids - Acute Angle Solutions - C:\ProgramData\Blasteroids\BlasteroidsService.exe
Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\ProgramData\Blasteroids       Adds the file app.dat"="6/25/2014 3:04 PM, 806313 bytes, A       Adds the file Blasteroids.dll"="6/25/2014 3:04 PM, 1177984 bytes, A       Adds the file Blasteroids.exe"="6/25/2014 3:04 PM, 50048 bytes, A       Adds the file Blasteroids.exe.config"="6/25/2014 3:04 PM, 190 bytes, A       Adds the file Blasteroids.ico"="6/2/2014 8:10 PM, 175467 bytes, A       Adds the file BlasteroidsService.exe"="6/25/2014 3:04 PM, 2318720 bytes, A       Adds the file BlasteroidsService.exe.config"="6/25/2014 3:04 PM, 189 bytes, A       Adds the file data.dat"="6/25/2014 3:04 PM, 2048 bytes, A       Adds the file info.dat"="6/25/2014 3:04 PM, 64 bytes, A       Adds the file Uninstall.exe"="6/18/2014 11:16 PM, 523136 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\BlasteroidsRegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}]       "ad"="REG_SZ", "playblasteroids.com"       "id"="REG_SZ", "8b872e5816634cfa90f4172453b59aea"       "ip"="REG_SZ", "355"       "ns"="REG_SZ", "BLST"       "p"="REG_SZ", "355"       "v"="REG_SZ", "2.7.21"       "vp"="REG_SZ", "2.7.21355"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24f09f3a-63f5-ae27-4857-f28c64ffd287}]       "id"="REG_SZ", "8b872e5816634cfa90f4172453b59aea"       "p"="REG_SZ", "355"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48d7f936-dd3f-a928-7889-7dbfed859b66}]       "ik"="REG_SZ", "{dd32faf2-443e-7931-baea-a56c9f075f3d}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}]       "(Default)"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}]       "id"="REG_SZ", "8b872e5816634cfa90f4172453b59aea"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BlasteroidsService_RASAPI32]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BlasteroidsService_RASMANCS]       "ConsoleTracingMask"="REG_DWORD", -65536       "EnableConsoleTracing"="REG_DWORD", 0       "EnableFileTracing"="REG_DWORD", 0       "FileDirectory"="REG_EXPAND_SZ, "%windir%\tracing"       "FileTracingMask"="REG_DWORD", -65536       "MaxFileSize"="REG_DWORD", 1048576    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Blasteroids]       "DisplayIcon"="REG_SZ", "C:\ProgramData\Blasteroids\Blasteroids.ico"       "DisplayName"="REG_SZ", "Blasteroids"       "DisplayVersion"="REG_SZ", "2.7.21"       "EstimatedSize"="REG_DWORD", 1469       "HelpLink"="REG_SZ", "http://www.playblasteroids.com/about.html"       "InstallDate"="REG_SZ", "20140625"       "Publisher"="REG_SZ", "Acute Angle Solutions"       "UninstallString"="REG_SZ", "C:\ProgramData\Blasteroids\uninstall.exe /kb=y /ic=0"    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Blasteroids]       "DependOnService"="REG_MULTI_SZ, "Winmgmt CryptSvc "       "DisplayName"="REG_SZ", "Blasteroids"       "ErrorControl"="REG_DWORD", 1       "FailureActions"="REG_BINARY, <.....................       "ImagePath"="REG_EXPAND_SZ, ""C:\ProgramData\Blasteroids\BlasteroidsService.exe""       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16    [HKEY_CURRENT_USER\Software\AppDataLow\Software\DynConIE]       "id"="REG_SZ", "8b872e5816634cfa90f4172453b59aea"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 6/25/2014Scan Time: 3:08:26 PMLogfile: mbamBlasteroids.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.06.25.09Rootkit Database: v2014.06.23.02License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 233774Time Elapsed: 2 min, 45 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\BlasteroidsService.exe, 3648, Delete-on-Reboot, [e9c4ec90cab155e1b1d145473ec3b64a]Modules: 0(No malicious items detected)Registry Keys: 5PUP.Optional.Blasteroids.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Blasteroids, Quarantined, [e9c4ec90cab155e1b1d145473ec3b64a], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [6a438fed96e57cbac8aec68426dc7b85], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [cfdeabd14932ed49c97b17338979f709], PUP.Optional.Blasteroids.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Blasteroids, Quarantined, [4b625527017afc3aee8ea20aaa5822de], PUP.Optional.MultiIE.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [45684933265537ff78ab9b67788c56aa], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 1PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids, Delete-on-Reboot, [4b625527017afc3aee8ea20aaa5822de], Files: 12PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\BlasteroidsService.exe, Delete-on-Reboot, [e9c4ec90cab155e1b1d145473ec3b64a], PUP.Optional.SafeWeb.A, C:\ProgramData\Blasteroids\Blasteroids.dll, Quarantined, [beef7ffdf6857db99e260674ca3a15eb], PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\Blasteroids.exe, Quarantined, [cedf8eeed2a9082eea9895f7ce33f10f], PUP.Optional.Blasteroids.A, C:\Users\{username}\Desktop\Blasteroids.exe, Quarantined, [e1ccccb002797eb8285a503c679a16ea], PUP.Optional.InstallCore, C:\Users\{username}\Downloads\googleupdatersetup.exe, Quarantined, [911c770586f5f046e367c4b80004eb15], PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\app.dat, Quarantined, [4b625527017afc3aee8ea20aaa5822de], PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\Blasteroids.exe.config, Quarantined, [4b625527017afc3aee8ea20aaa5822de], PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\Blasteroids.ico, Quarantined, [4b625527017afc3aee8ea20aaa5822de], PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\BlasteroidsService.exe.config, Quarantined, [4b625527017afc3aee8ea20aaa5822de], PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\data.dat, Quarantined, [4b625527017afc3aee8ea20aaa5822de], PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\info.dat, Delete-on-Reboot, [4b625527017afc3aee8ea20aaa5822de], PUP.Optional.Blasteroids.A, C:\ProgramData\Blasteroids\Uninstall.exe, Quarantined, [4b625527017afc3aee8ea20aaa5822de], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.