Adware.RuKometa

Short bio

Adware.RuKometa is the generic detection for a family of adwarethat mainly targets Windows systems on the Russian market.

Protection

Malwarebytes blocks Adware.RuKometa

Remediation

Malwarebytes can detect and remove Adware.RuKometa without further user interaction.

1. Please download Malwarebytesto your desktop.
2. Double-click MBSetup.exeand follow the prompts to install the program.
3. When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
4. Click on the Get started button.
5. Click Scan to start a Threat Scan.
6. Click Quarantineto remove the found threats.
7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

A Malwarebytes log of removal will look similar to this one, installed by Adware.SearchGo:Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 8/4/17Scan Time: 9:12 AMLog File: mbamSearchgoi.txtAdministrator: Yes-Software Information-Version: 3.1.2.1733Components Version: 1.0.160Update Package Version: 1.0.2505License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 320447Threats Detected: 10Threats Quarantined: 10Time Elapsed: 1 min, 29 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled-Scan Details-Process: 2Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE, Quarantined, [147], [421085],1.0.2505Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE.EXE, Quarantined, [147], [419654],1.0.2505Module: 2Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE, Quarantined, [147], [421085],1.0.2505Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE.EXE, Quarantined, [147], [419654],1.0.2505Registry Key: 1Adware.RuKometa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SvcHost Service Host, Delete-on-Reboot, [147], [421085],1.0.2505Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 5Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE, Delete-on-Reboot, [147], [421085],1.0.2505Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE.EXE, Delete-on-Reboot, [147], [419654],1.0.2505Adware.SearchGo, C:\USERS\{username}\DESKTOP\SEARCHGOI.EXE, Delete-on-Reboot, [3560], [411104],1.0.2505Adware.SearchGo, C:\USERS\{username}\APPDATA\LOCAL\TEMP\SEARCHGO0.DLL, Delete-on-Reboot, [3560], [411104],1.0.2505Adware.SearchGo, C:\USERS\{username}\APPDATA\LOCAL\TEMP\SEARCHGO0.NEW.EXE, Delete-on-Reboot, [3560], [411104],1.0.2505Physical Sector: 0(No malicious items detected)(end)