Jump to content

Removal instructions for SushiLeads (type 2)


Recommended Posts

  • Staff

What is SushiLeads?

 

The Malwarebytes research team has determined that SushiLeads is adware. These adware applications display advertisements not originating from the sites you are browsing.

 

How do I know if my computer is affected by SushiLeads?

You may see this entry in your list of installed programs:

 

warning4.png

 

How did SushiLeads get on my computer?

 

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

 

How do I remove SushiLeads?

 

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of SushiLeads?
  • No, Malwarebytes' Anti-Malware removes SushiLeads completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the SushiLeads adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

protection1.png

Technical details for experts

 

You will see these signs in a HijackThis log:

O23 - Service: SushiLeads Update (sushileadsupd) - SushiLeads - C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe
 

You may see these signs in FRST logs:

 (SushiLeads) C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:47574 R2 sushileadsupd; C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe [1092096 2015-06-03] (SushiLeads) [] R1 SushiLUpdd; C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushildrw.sys [61872 2015-06-03] () () C:\ProgramData\SushiLeadsAgent () C:\Program Files\Common Files\SushiLeadsSushiLeads (HKLM-x32\...\SushiLeads Client) (Version: 1.0.0.21 - SushiLeads)
 

 

Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    Adds the folder C:\Program Files\Common Files\SushiLeads\SushiLeads Client       Adds the file sushildrw.sys"="03-Jun-15 12:06 AM, 61872 bytes, A       Adds the file sushileadsa.exe"="03-Jun-15 12:04 AM, 219136 bytes, A       Adds the file sushileadss.exe"="03-Jun-15 12:06 AM, 1092096 bytes, A       Adds the file sushili32.dll"="03-Jun-15 12:04 AM, 676352 bytes, A       Adds the file sushili64.dll"="03-Jun-15 12:05 AM, 843264 bytes, A       Adds the file uninstall.exe"="12-Jun-15 10:08 AM, 150160 bytes, A    Adds the folder C:\ProgramData\SushiLeadsAgent       Adds the file startprocess.js"="12-Jun-15 10:08 AM, 414 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\SushiLeadsAgent\SushiLUpd]       "Default1"="REG_BINARY, ..................................................       "Default2"="REG_BINARY, ..........................................................................................................       "DefTimeL"="REG_QWORD, ....    [HKEY_LOCAL_MACHINE\SOFTWARE\SushiLeadsAgent\SushiLUpd\Users\Default]       "Default3"="REG_BINARY, ....................................    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SushiLeads Client]       "DisplayIcon"="REG_SZ", "C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe"       "DisplayName"="REG_SZ", "SushiLeads"       "DisplayVersion"="REG_SZ", "1.0.0.21"       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "SushiLeads"       "UninstallString"="REG_SZ", ""C:\Program Files\Common Files\SushiLeads\SushiLeads Client\uninstall.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SushiLeadsAgent\SushiLUpd]       "Default1"="REG_BINARY, ..................................................       "Default2"="REG_BINARY, .........................................................................................................................    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sushileadsupd]       "Description"="REG_SZ", "Enables you to find the best service professionals in your area and compare offers."       "DisplayName"="REG_SZ", "SushiLeads Update"       "ErrorControl"="REG_DWORD", 1       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe /service"       "ObjectName"="REG_SZ", "LocalSystem"       "Start"="REG_DWORD", 2       "Type"="REG_DWORD", 16    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SushiLUpdd]       "DisplayName"="REG_SZ", "SushiLeadsD"       "ErrorControl"="REG_DWORD", 1       "ImagePath"="REG_EXPAND_SZ, "\??\C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushildrw.sys"       "Start"="REG_DWORD", 1       "Type"="REG_DWORD", 1    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]       "ProxyEnable"="REG_DWORD", 1       "ProxyServer"="REG_SZ", "http=127.0.0.1:47574"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 12-Jun-15Scan Time: 10:22:37 AMLogfile: mbamSushiLeads2.txtAdministrator: YesVersion: 2.01.6.1022Malware Database: v2015.06.12.01Rootkit Database: v2015.06.02.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 8.1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 346224Time Elapsed: 29 min, 34 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe, 2932, Delete-on-Reboot, [5d747148e4a6da5cb787a1dae61a916f]Modules: 0(No malicious items detected)Registry Keys: 5PUP.Optional.SushiLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\sushileadsupd, Quarantined, [5d747148e4a6da5cb787a1dae61a916f], PUP.Optional.SushiLeads.A, HKLM\SOFTWARE\SushiLeadsAgent, Quarantined, [b61b3f7adfab072f3f4ca448689b4cb4], PUP.Optional.SushiLeads.A, HKLM\SOFTWARE\WOW6432NODE\SushiLeadsAgent, Quarantined, [69681a9f4743092d5b303bb1689b43bd], PUP.Optional.SushiLeads.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SushiLeads Client, Quarantined, [636e0bae06849c9af6944ba155ae2dd3], PUP.Optional.SushiLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SushiLUpdd, Quarantined, [d9f848716c1e7eb8860807e5b152a060], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 3PUP.Optional.SushiLeads.A, C:\ProgramData\SushiLeadsAgent, Quarantined, [676a1d9ce2a8280e0017faf2659ef40c], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads, Delete-on-Reboot, [e6ebf9c06129a98d4fc96a822ed5de22], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client, Delete-on-Reboot, [e6ebf9c06129a98d4fc96a822ed5de22], Files: 8PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadss.exe, Delete-on-Reboot, [5d747148e4a6da5cb787a1dae61a916f], PUP.Optional.SushiLeads.A, C:\Users\{username}\Desktop\SushiLeads2.exe, Quarantined, [c30ec1f8a7e343f34fefd7a4cf31f709], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushildrw.sys, Quarantined, [d9f848716c1e7eb8860807e5b152a060], PUP.Optional.SushiLeads.A, C:\ProgramData\SushiLeadsAgent\startprocess.js, Quarantined, [676a1d9ce2a8280e0017faf2659ef40c], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushileadsa.exe, Quarantined, [e6ebf9c06129a98d4fc96a822ed5de22], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushili32.dll, Delete-on-Reboot, [e6ebf9c06129a98d4fc96a822ed5de22], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\sushili64.dll, Delete-on-Reboot, [e6ebf9c06129a98d4fc96a822ed5de22], PUP.Optional.SushiLeads.A, C:\Program Files\Common Files\SushiLeads\SushiLeads Client\uninstall.exe, Quarantined, [e6ebf9c06129a98d4fc96a822ed5de22], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.