Adware.RuKometa
Short bio
Adware.RuKometa is the generic detection for a family of adwarethat mainly targets Windows systems on the Russian market.
Protection
Remediation
Malwarebytes can detect and remove Adware.RuKometa without further user interaction.
- Please download Malwarebytesto your desktop.
- Double-click MBSetup.exeand follow the prompts to install the program.
- When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantineto remove the found threats.
- Reboot the system if prompted to complete the removal process.
Malwarebytes removal log
A Malwarebytes log of removal will look similar to this one, installed by Adware.SearchGo:Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 8/4/17Scan Time: 9:12 AMLog File: mbamSearchgoi.txtAdministrator: Yes-Software Information-Version: 3.1.2.1733Components Version: 1.0.160Update Package Version: 1.0.2505License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 320447Threats Detected: 10Threats Quarantined: 10Time Elapsed: 1 min, 29 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled-Scan Details-Process: 2Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE, Quarantined, [147], [421085],1.0.2505Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE.EXE, Quarantined, [147], [419654],1.0.2505Module: 2Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE, Quarantined, [147], [421085],1.0.2505Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE.EXE, Quarantined, [147], [419654],1.0.2505Registry Key: 1Adware.RuKometa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SvcHost Service Host, Delete-on-Reboot, [147], [421085],1.0.2505Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 5Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE, Delete-on-Reboot, [147], [421085],1.0.2505Adware.RuKometa, C:\WINDOWS\MICROSOFT\SVCHOST.EXE.EXE, Delete-on-Reboot, [147], [419654],1.0.2505Adware.SearchGo, C:\USERS\{username}\DESKTOP\SEARCHGOI.EXE, Delete-on-Reboot, [3560], [411104],1.0.2505Adware.SearchGo, C:\USERS\{username}\APPDATA\LOCAL\TEMP\SEARCHGO0.DLL, Delete-on-Reboot, [3560], [411104],1.0.2505Adware.SearchGo, C:\USERS\{username}\APPDATA\LOCAL\TEMP\SEARCHGO0.NEW.EXE, Delete-on-Reboot, [3560], [411104],1.0.2505Physical Sector: 0(No malicious items detected)(end)