Every time MalwareBytes runs on my system it finds and reports a PUP called Astromenda. The registry information indicates that it might be associated with Chrome. Each time it appears, I quarantine it. How can I get rid of it altogether and prevent its coming back?
I have uninstalled Chrome. I have checked Firefox (32.0.2) Add-ons and do not have FastStart among them. I checked my Tools>Options General tab and changed my Opening Screen to use the tabs from the last time. I checked Manage Search Engines and found Ixquick, Amazon, Ebay, and Wikipedia are the only ones listed. All of these steps are suggested here. There is also the suggestion to download SpyHunter and use it to remove Astromenda, but I have not done that yet lest the web page is some sort of perverted purveyor of a reinfection with this virus.
Has anyone else dealt with Astromenda? If you were able to remove it, how did you do so?
What is Astromenda?
-
- UraniumLounger
- Posts: 9314
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
What is Astromenda?
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- 4StarLounger
- Posts: 571
- Joined: 24 Jan 2010, 16:02
- Location: Recently moved to Bracebridge - in the heart of Muskoka.
Re: What is Astromenda?
Have a look at this information
John
A Child's Mind, Once Stretched by Imagination...
Never Regains Its Original Dimensions
A Child's Mind, Once Stretched by Imagination...
Never Regains Its Original Dimensions
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: What is Astromenda?
See this video too.
How effective its advice proves to be is anyone's guess?
If you're struggling with this malware...its worth a try.
PS: Enjoy the modern music...LOL!
An alternative way using registry
PS: Enjoy the silence...LOL!
How effective its advice proves to be is anyone's guess?
If you're struggling with this malware...its worth a try.
PS: Enjoy the modern music...LOL!
An alternative way using registry
PS: Enjoy the silence...LOL!
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- UraniumLounger
- Posts: 9314
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: What is Astromenda?
Thanks for all the tips!!
The only trace of Astromenda that I can find on my system is the occasional discovery by MalWareBytes. I can find nothing in CP>Programs and Features and nothing in my Firefox settings to and including Manage Search Engines. I did follow all of the protocols that were in the link from Rebel (Thanks, John!) and found nothing.
If it turns up again, I'll capture the Registry values and see about forcibly removing them.
The only trace of Astromenda that I can find on my system is the occasional discovery by MalWareBytes. I can find nothing in CP>Programs and Features and nothing in my Firefox settings to and including Manage Search Engines. I did follow all of the protocols that were in the link from Rebel (Thanks, John!) and found nothing.
If it turns up again, I'll capture the Registry values and see about forcibly removing them.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: What is Astromenda?
There is the registry path:BobH wrote:If it turns up again, I'll capture the Registry values and see about forcibly removing them.
HKEY_CURRENT_USER
Software
Microsoft
Internet Explorer
Main
With Main selected, in the right hand pane scroll to Start Page
Right Click and Delete
You do not have the required permissions to view the files attached to this post.
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: What is Astromenda?
BobH,
I thought that was some fix put out by the Houston Astros?
I thought that was some fix put out by the Houston Astros?
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- UraniumLounger
- Posts: 9314
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: What is Astromenda?
UPDATE:
I think I just discovered the source of the Astromenda PUP.
I was downloading Filezilla Server from SourceForgeNet and installing it when I received a warning that Astromenda had been intercepted by MalWareBytes. Despite its indicating that Astromenda was quarantined, I soon saw a new tab in Firefox and it was made active without my choosing it. It was the Astromenda screen hijack. I looked at CP > Programs and Features and found the most recent addition was Astromenda which I immediately uninstalled.
I also discovered that something called Optimizer Pro was installed and ran. I suspect that the combination of the 2 sent back information about my system and/or browsing history. Both were uninstalled
Beware of SourceForge downloads. I was watching carefully and failed to see any indication that I was downloading anything other than Filezilla. I saw no file saved in Downloads for Astromenda no did I do anything to run a file to install it. It was all done by insidious creepware.
BEWARE OF SOURCEFORGE
I think I just discovered the source of the Astromenda PUP.
I was downloading Filezilla Server from SourceForgeNet and installing it when I received a warning that Astromenda had been intercepted by MalWareBytes. Despite its indicating that Astromenda was quarantined, I soon saw a new tab in Firefox and it was made active without my choosing it. It was the Astromenda screen hijack. I looked at CP > Programs and Features and found the most recent addition was Astromenda which I immediately uninstalled.
I also discovered that something called Optimizer Pro was installed and ran. I suspect that the combination of the 2 sent back information about my system and/or browsing history. Both were uninstalled
Beware of SourceForge downloads. I was watching carefully and failed to see any indication that I was downloading anything other than Filezilla. I saw no file saved in Downloads for Astromenda no did I do anything to run a file to install it. It was all done by insidious creepware.
BEWARE OF SOURCEFORGE
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: What is Astromenda?
TX Bob.
Nowadays, ANY freeware needs to be installed with the utmost scrutiny and care.
It is rare to find the original download without it being bundled together with other junk.
Nowadays, ANY freeware needs to be installed with the utmost scrutiny and care.
It is rare to find the original download without it being bundled together with other junk.
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- 5StarLounger
- Posts: 1120
- Joined: 26 Jan 2010, 11:32
- Location: "What a mighty long bridge to such a mighty little old town"
Re: What is Astromenda?
Apparently this is what Sourceforge does now. It can be circumvented by clicking the "direct download" link instead of the green button.
You do not have the required permissions to view the files attached to this post.
John
“Always trust a microbiologist because they have the best chance of predicting when the world will end”
― Teddie O. Rahube
“Always trust a microbiologist because they have the best chance of predicting when the world will end”
― Teddie O. Rahube
-
- 5StarLounger
- Posts: 1113
- Joined: 21 Jan 2011, 16:51
- Location: Florida
Re: What is Astromenda?
Bob and John,
Thanks for following up and reporting back to the forum!
I have used several projects from SourceForge, but it looks like SF has gone over to the dark side using an installer to increase revenue. I've stopped using other program hosters for the same reason, but having a work-around is very good!
Thanks for following up and reporting back to the forum!
I have used several projects from SourceForge, but it looks like SF has gone over to the dark side using an installer to increase revenue. I've stopped using other program hosters for the same reason, but having a work-around is very good!
PJ in (usually sunny) FL