What is Astromenda?

[BobH]

Every time MalwareBytes runs on my system it finds and reports a PUP called Astromenda. The registry information indicates that it might be associated with Chrome. Each time it appears, I quarantine it. How can I get rid of it altogether and prevent its coming back?

I have uninstalled Chrome. I have checked Firefox (32.0.2) Add-ons and do not have FastStart among them. I checked my Tools>Options General tab and changed my Opening Screen to use the tabs from the last time. I checked Manage Search Engines and found Ixquick, Amazon, Ebay, and Wikipedia are the only ones listed. All of these steps are suggested here. There is also the suggestion to download SpyHunter and use it to remove Astromenda, but I have not done that yet lest the web page is some sort of perverted purveyor of a reinfection with this virus.

Has anyone else dealt with Astromenda? If you were able to remove it, how did you do so?

[Rebel]

Have a look at this information

[Rudi]

See this video too.
How effective its advice proves to be is anyone's guess?
If you're struggling with this malware...its worth a try.
PS: Enjoy the modern music...LOL!

An alternative way using registry
PS: Enjoy the silence...LOL!

[BobH]

Thanks for all the tips!!

The only trace of Astromenda that I can find on my system is the occasional discovery by MalWareBytes. I can find nothing in CP>Programs and Features and nothing in my Firefox settings to and including Manage Search Engines. I did follow all of the protocols that were in the link from Rebel (Thanks, John!) and found nothing.

If it turns up again, I'll capture the Registry values and see about forcibly removing them.

[Rudi]

If it turns up again, I'll capture the Registry values and see about forcibly removing them.

There is the registry path:
HKEY_CURRENT_USER
Software
Microsoft
Internet Explorer
Main
With Main selected, in the right hand pane scroll to Start Page
Right Click and Delete

1.jpg

[viking33]

BobH,
I thought that was some fix put out by the Houston Astros?

[BobH]

UPDATE:

I think I just discovered the source of the Astromenda PUP.

I was downloading Filezilla Server from SourceForgeNet and installing it when I received a warning that Astromenda had been intercepted by MalWareBytes. Despite its indicating that Astromenda was quarantined, I soon saw a new tab in Firefox and it was made active without my choosing it. It was the Astromenda screen hijack. I looked at CP > Programs and Features and found the most recent addition was Astromenda which I immediately uninstalled.

I also discovered that something called Optimizer Pro was installed and ran. I suspect that the combination of the 2 sent back information about my system and/or browsing history. Both were uninstalled

Beware of SourceForge downloads. I was watching carefully and failed to see any indication that I was downloading anything other than Filezilla. I saw no file saved in Downloads for Astromenda no did I do anything to run a file to install it. It was all done by insidious creepware.


BEWARE OF SOURCEFORGE

[Rudi]

TX Bob.
Nowadays, ANY freeware needs to be installed with the utmost scrutiny and care.
It is rare to find the original download without it being bundled together with other junk.

[jonwallace]

Apparently this is what Sourceforge does now. It can be circumvented by clicking the "direct download" link instead of the green button.

Clipboard01.png

[PJ_in_FL]

Bob and John,

Thanks for following up and reporting back to the forum!

I have used several projects from SourceForge, but it looks like SF has gone over to the dark side using an installer to increase revenue. I've stopped using other program hosters for the same reason, but having a work-around is very good!