Jump to content

Removal instructions for clicup


Recommended Posts

  • Staff

What is clicup?

The Malwarebytes research team has determined that clicup is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by clicup?

You may see this entry in your list of installed programs:

warning4.png

How did clicup get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove clicup?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of clicup?
  • No, Malwarebytes' Anti-Malware removes clicup completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the clicup adware. �It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

You will see these signs in a HijackThis log:

O4 - HKCU\..\Run: [clicup] C:\Users\{username}\AppData\Local\clicup\chrmndr.exe
You may see these signs in a FRST log:

 (clicup) C:\Users\Malwarebytes\AppData\Local\clicup\chrmndr.exe HKCU\...\Run: [clicup] => C:\Users\Malwarebytes\AppData\Local\clicup\chrmndr.exe [512496 2014-12-18] (clicup) () C:\Users\Malwarebytes\AppData\Local\clicup
Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Users\{username}\AppData\Local\clicup       Adds the file chrmndr.exe"="12/18/2014 1:12 PM, 512496 bytes, A       Adds the file toast.exe"="12/18/2014 1:21 PM, 1992120 bytes, A       Adds the file Uninstaller.exe"="1/19/2015 6:57 PM, 74422 bytes, A       Adds the file Update.bat"="12/9/2014 6:34 PM, 369 bytes, ARegistry details  ------------------------------------------    [HKEY_CURRENT_USER\Software\clicup]       "Version"="REG_SZ", "NTMwNQ=="    [HKEY_CURRENT_USER\Software\clicup\Agent]       "ad"="REG_SZ", "aHR0cDovL3BlcmYtbWFya2V0LWV4dC5uZXR8aHR0cDovL3R1bmVtYXJrZXQubmV0fGh0dHA6Ly9iZXN0Mm1hcmtldC5uZXR8aHR0cDovL3Byb2R1Y3QtcGVyZi5uZXQ="       "BaseDomain"="REG_SZ", "aHR0cDovL21hcmtldC1leHQubmV0"       "ConfigFrequency"="REG_SZ", "MTgw"       "Configuration"="REG_SZ", "Mg=="       "HID"="REG_SZ", "MDgtMDAtMjctM2QtN2QtZDc="       "Host"="REG_SZ", "aHR0cDovL21hcmtldC1leHQubmV0"       "InstallDate"="REG_SZ", "MTQyMTY5MDI2Mw=="       "InstallWaitTime"="REG_SZ", "MA=="       "Partner"="REG_SZ", "MjAwNDU="       "PingFrequency"="REG_SZ", "MTgw"       "Platform"="REG_SZ", "MQ=="       "TestParam"="REG_SZ", "MA=="       "TokenID"="REG_SZ", "MGQ0NWY2OWNjZDkwZjE3MDE3YjQzMjI1N2E0ZjdjZWE="       "Type"="REG_SZ", "RA=="       "UrlForFile"="REG_SZ", ""       "UrlForUpdate"="REG_SZ", ""       "UserID"="REG_SZ", "MTIwNzcxMDI0"       "Version"="REG_SZ", "NTMwNQ=="       "VersionToUpdate"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\clicup\Agent\SystemInfo]       "ChromeVersion"="REG_SZ", "MzkuMC4yMTcxLjk1"       "ComputersUp"="REG_SZ", "MA=="       "CountryCode"="REG_SZ", "MQ=="       "FirefoxVersion"="REG_SZ", "MjUuMCAoZW4tVVMp"       "IEVersion"="REG_SZ", "MTEuMC45NjAwLjE3NTAx"       "Language"="REG_SZ", "MTAzMw=="       "MacAddress"="REG_SZ", "MDgtMDAtMjctM2QtN2QtZDc="       "OsName"="REG_SZ", "TWljcm9zb2Z0IFdpbmRvd3MgNyBVbHRpbWF0ZSBOIA=="    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]       "clicup"="REG_SZ", "C:\Users\{username}\AppData\Local\clicup\chrmndr.exe"    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup]       "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\clicup\chrmndr.exe"       "DisplayName"="REG_SZ", "clicup"       "DisplayVersion"="REG_SZ", "1.0"       "InstallDate"="REG_SZ", "20141214"       "Publisher"="REG_SZ", "Ad business Crown Solutions"       "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Local\clicup\Uninstaller.exe"    [HKEY_CURRENT_USER\Software\SystemInfo]       "ID"="REG_SZ", "17686"    [HKEY_CURRENT_USER\Software\zcln]       "ProductVersion"="REG_SZ", "1.0"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 1/19/2015Scan Time: 7:04:47 PMLogfile: mbamClicup.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2015.01.19.10Rootkit Database: v2015.01.14.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 289030Time Elapsed: 4 min, 9 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.Solus, C:\Users\{username}\AppData\Local\clicup\chrmndr.exe, 1300, Delete-on-Reboot, [4ef88871107990a601157ee9d8282fd1]Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 1PUP.Optional.Solus, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|clicup, C:\Users\{username}\AppData\Local\clicup\chrmndr.exe, Quarantined, [4ef88871107990a601157ee9d8282fd1]Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 3PUP.Optional.Solus, C:\Users\{username}\AppData\Local\clicup\chrmndr.exe, Delete-on-Reboot, [4ef88871107990a601157ee9d8282fd1], PUP.Optional.Salus, C:\Users\{username}\Desktop\clicup_08_01.exe, Quarantined, [4df98b6e0f7abf777d30c24c9072c33d], PUP.Optional.Solus, C:\Users\{username}\AppData\Local\clicup\toast.exe, Quarantined, [4600bd3c622778be62b6df27b74e4eb2], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.