Adware.VRBrothers

Short bio

mymacro is an Adware.VRBrothers variant
Protection

Malwarebytes blocks Adware.VRBrothers
Remediation
Malwarebytes can detect and remove Adware.VRBrothers without further user interaction.
- Please download Malwarebytesto your desktop.
- Double-click MBSetup.exeand follow the prompts to install the program.
- When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantineto remove the found threats.
- Reboot the system if prompted to complete the removal process.
Malwarebytes removal log
A Malwarebytes log of removal for the variant mymacro looked like this:Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 11/7/17Scan Time: 12:11 PMLog File: 6c5144eb-c3ac-11e7-9722-080027750297.jsonAdministrator: Yes-Software Information-Version: 3.2.2.2018Components Version: 1.0.212Update Package Version: 1.0.3196License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 332795Threats Detected: 23Threats Quarantined: 23Time Elapsed: 3 min, 52 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 1Adware.VRBrothers, C:\DOWNLOADS\MYMACRO.EXE, Quarantined, [609], [345043],1.0.3196Module: 2Adware.VRBrothers, C:\DOWNLOADS\MYMACRO.EXE, Quarantined, [609], [345043],1.0.3196Adware.VRBrothers, C:\DOWNLOADS\CFGDLL.DLL, Quarantined, [609], [327615],1.0.3196Registry Key: 15Adware.VRBrothers, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\InprocServer32, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\CLASSES\QMDispatch.QMVBSRoutine, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\CLASSES\QMDispatch.QMRoutine, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\CLASSES\QMDispatch.QMLibrary, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\InprocServer32, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\InprocServer32, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\InprocServer32, Delete-on-Reboot, [609], [327615],1.0.3196Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 5Adware.VRBrothers, C:\USERS\{username}\APPDATA\ROAMING\MYMACRO\QDISP.DLL, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, C:\USERS\{username}1\APPDATA\ROAMING\MYMACRO\QDISP.DLL, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, C:\DOWNLOADS\MYMACRO.EXE, Delete-on-Reboot, [609], [345043],1.0.3196Adware.VRBrothers, C:\DOWNLOADS\CFGDLL.DLL, Delete-on-Reboot, [609], [327615],1.0.3196Adware.VRBrothers, C:\DOWNLOADS\SHIELDMODULE.DAT, Delete-on-Reboot, [609], [327615],1.0.3196Physical Sector: 0(No malicious items detected)(end)