Friday
2015-09-30, 12:59
The following instructions have been created to help you to get rid of "PU.Mindspark" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Removal Instructions:
Autorun:
Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{032416f0-0007-481b-9df8-9bcd1bf357f0}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{045c5f24-9e13-4ea8-ab93-fddab34f3fa5}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{13119113-0854-469d-807A-171568457991}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{23f28f6b-50a2-4327-9450-7d3d2f33daae}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{272143f8-3dbe-424c-949f-20acd11e5a6d}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2c72f7a5-8160-4024-94d8-e0995d547bb0}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{3042df7a-e900-4389-9b94-923df0daa57e}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{488c2712-1482-42ad-bc4d-681e5832f0c2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{4DE8B15E-E379-482A-81C5-CD99EB8CEF40}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{58376892-60e7-4f63-aca0-0f686af554d6}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5b610696-32b6-416c-bf5c-ca4f60a345dd}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6C367B45-0824-419A-AF7F-157665B56ABA}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6d0c6f55-e3eb-4d6b-8f52-996b4da196d9}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6eb534fb-2001-45c4-b860-bc904865a379}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{715321aa-a1fc-4058-8ffa-668d687b6e32}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{73a7cce6-ff3a-4c7f-9a3e-db9bd92be292}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{82481cff-738f-4410-bffb-77595d5d9faa}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{9378167C-FAC6-4DFB-BD4F-F7C195D2B1E4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{afed4702-7932-4426-aea4-9b248189c7a3}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{b4ea8204-ee81-4f73-a240-ec4aeb8ad3de}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D1479029-BACC-4C9A-8C15-D857A2974E27}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{da08805b-ba32-426b-ad14-ecac8235a8aa}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{e001b32e-5acb-4cce-9910-2d379ce0a6d6}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{e7472076-ff9d-4325-8eaf-613572008758}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{eb2049f6-9dfa-4e51-b2a1-fc5a6e596c80}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F9A402FD-82C8-4743-991E-BC77E62DA0E5}" at "HKEY_CLASSES_ROOT\CLSID\".
If PU.Mindspark uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Removal Instructions:
Autorun:
Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{032416f0-0007-481b-9df8-9bcd1bf357f0}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{045c5f24-9e13-4ea8-ab93-fddab34f3fa5}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{13119113-0854-469d-807A-171568457991}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{23f28f6b-50a2-4327-9450-7d3d2f33daae}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{272143f8-3dbe-424c-949f-20acd11e5a6d}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2c72f7a5-8160-4024-94d8-e0995d547bb0}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{3042df7a-e900-4389-9b94-923df0daa57e}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{488c2712-1482-42ad-bc4d-681e5832f0c2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{4DE8B15E-E379-482A-81C5-CD99EB8CEF40}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{58376892-60e7-4f63-aca0-0f686af554d6}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5b610696-32b6-416c-bf5c-ca4f60a345dd}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6C367B45-0824-419A-AF7F-157665B56ABA}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6d0c6f55-e3eb-4d6b-8f52-996b4da196d9}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6eb534fb-2001-45c4-b860-bc904865a379}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{715321aa-a1fc-4058-8ffa-668d687b6e32}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{73a7cce6-ff3a-4c7f-9a3e-db9bd92be292}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{82481cff-738f-4410-bffb-77595d5d9faa}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{9378167C-FAC6-4DFB-BD4F-F7C195D2B1E4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{afed4702-7932-4426-aea4-9b248189c7a3}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{b4ea8204-ee81-4f73-a240-ec4aeb8ad3de}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D1479029-BACC-4C9A-8C15-D857A2974E27}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{da08805b-ba32-426b-ad14-ecac8235a8aa}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{e001b32e-5acb-4cce-9910-2d379ce0a6d6}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{e7472076-ff9d-4325-8eaf-613572008758}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{eb2049f6-9dfa-4e51-b2a1-fc5a6e596c80}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F9A402FD-82C8-4743-991E-BC77E62DA0E5}" at "HKEY_CLASSES_ROOT\CLSID\".
If PU.Mindspark uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.