Adware.AnonymizerGadget is Malwarebytes' detection name for a family of adware that uses a proxy to deliver their advertisements.
Users may see this type of warnings during install:
install AnonymizerGadget
notice this Scheduled Task:
Scheduled Task AnonymizerGadget
and this entry in their list of installed Programs and Features:
installed AnonymizerGadget
Adware.AnonymizerGadget promises to provide users with privacy by choosing a proxy.
Adware.AnonymizerGadget is often installed by bundlers. These bundled installers are sometimes detected as Adware.Vitruvian.PrxySvrRST
and by blocking their download locations:
Malwarebytes blocks elhournaupload.com
Malwarebytes can detect and remove Adware.AnonymizerGadget without further user interaction.
A Malwarebytes log of removal will look similar to this:
Malwarebytes www.malwarebytes.com
-Log Details- Scan Date: 5/8/18 Scan Time: 10:32 AM Log File: 573578e3-529a-11e8-8e72-080027235d76.json Administrator: Yes
-Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.5026 License: Premium
-System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username}
-Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 238918 Threats Detected: 15 Threats Quarantined: 15 Time Elapsed: 3 min, 15 sec
-Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect
-Scan Details- Process: 1 Adware.AnonymizerGadget.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Quarantined, [10369], [490737],1.0.5026
Module: 2 Adware.AnonymizerGadget.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Quarantined, [10369], [490737],1.0.5026 Adware.Vitruvian.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\AGLOADER.DLL, Quarantined, [12353], [505115],1.0.5026
Registry Key: 1 Adware.AnonymizerGadget.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [10369], [-1],0.0.0
Registry Value: 5 Adware.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AnonymizerGadget, Quarantined, [10369], [490737],1.0.5026 Adware.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [10369], [-1],0.0.0 Adware.AnonymizerGadget.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [10369], [-1],0.0.0 Adware.AnonymizerGadget.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [10369], [-1],0.0.0 Adware.AnonymizerGadget.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [10369], [-1],0.0.0
Registry Data: 0 (No malicious items detected)
Data Stream: 0 (No malicious items detected)
Folder: 0 (No malicious items detected)
File: 6 Adware.AnonymizerGadget.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Quarantined, [10369], [490737],1.0.5026 Adware.Vitruvian.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\AGLOADER.DLL, Quarantined, [12353], [505115],1.0.5026 Adware.Vitruvian.PrxySvrRST, C:\USERS\{username}\DESKTOP\ANONYMIZER.EXE, Quarantined, [12353], [505115],1.0.5026 Adware.AnonymizerGadget.PrxySvrRST, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET\ANONYMIZERLAUNCHER.EXE, Quarantined, [10369], [490738],1.0.5026 Adware.Vitruvian.PrxySvrRST, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET\AGUTILS.DLL, Quarantined, [12353], [505115],1.0.5026 Adware.Vitruvian.PrxySvrRST, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET\AGLOADER.DLL, Quarantined, [12353], [505115],1.0.5026
Physical Sector: 0 (No malicious items detected)
(end)
You may see these entries in FRST logs:
(Jetico ltd) C:\Users\{username}\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe HKLM-x32\...\Run: [AnonymizerGadget] => C:\Users\{username}\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [347784 2018-05-08] (Jetico ltd) C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget C:\Users\{username}\AppData\Roaming\AGData C:\Windows\System32\Tasks\AGProxyCheck C:\Program Files (x86)\AnonymizerGadget
AnonymizerGadget (HKCU\...\AnonymizerGadget) (Version: 1 - Jetico lim) Task: {F33953EB-E849-492E-9A08-26F583D2EACB} - System32\Tasks\AGProxyCheck => C:\Program
Select your language