Multiplug

Multiplug Description

If your anti-virus software is detecting a Multiplug infection, this may mean that adware has been detected on your computer. These types of infections take the form of an extension or toolbar for your Web browser and are designed to generate revenue from advertising and affiliate marketing on the affected computer. The Multiplug infections are not particularly threatening and can be removed in a simpler manner than with other, more severe types of threats. However, despite that the Multiplug infection is categorized as adware, this does not mean that Multiplug is not severely disruptive. Many of the symptoms associated with Multiplug also may appear in cases of a more harmful threat like the Sirefef rootkit.

Multiplug may make the affected Web browser difficult to use and also may be difficult to remove completely because, if not removed entirely, Multiplug may come back to the affected computer. The Multiplug infections may cause the appearance of pop-up windows and error messages and cause alterations to your computer and Web browser preferences. In most cases, Multiplug also may make it difficult to use the affected Web browser because of its constant interruptions.

The Advertisements Exhibited by Multiplug May Lead to Unsafe Websites

Symptoms associated with Multiplug may prevent computer users from using the infected computer effectively. The main purpose of Multiplug and similar infections is to profit at the expense of the computer user, mainly using advertisement revenue and affiliate marketing schemes. Because of this, the main purpose of Multiplug infections is to display advertisements on the infected Web browser or to force computer users to visit websites containing advertisements and affiliate marketing links repeatedly. Multiplug also may insert advertisements and links into online content that would normally not have these types of components. Many of these advertisements may be disruptive, and include video or audio content.

Multiplug may add banners, linked text, and similar advertisements to websites viewed on the affected Web browser. Many of the advertisements associated with Multiplug may be difficult to close, appear repeatedly, or open new Web browser windows or tabs when the computer user closes the advertisements. Some of the symptoms of the Multiplug infections that may be noticed easily include browser redirects to websites associated with Multiplug, the appearance of an unwanted toolbar on the infected Web browser, changes to the compromised Web browser's homepage and default search engine, browser redirects to websites associated with Multiplug, and poor system and Web browser's performance and Internet connection speed. Multiplug may change the affected Web browser's homepage and default search engine to websites associated with Multiplug and, in some cases, also may change the affected Web browser's security settings to make it easier for other unwanted components to be installed.

How Multiplug may Enter a Computer

The main way in which Multiplug is distributed is by bundling this adware with legitimate, free software. Shady marketers may hide Multiplug and the option to opt out of installing these types of components. Browser toolbars associated with Multiplug are very common when downloading free software from download websites with poorly regulated content. You can stay away from these types of tactics by paying attention to the installation process when installing new software on your computer. In many cases, computer users may be opted in automatically to begin the installation of Multiplug when installing other software. The option to drop out may be hidden, needing computer users to select 'custom' or 'advanced' installation. The language informing the computer user on how to opt out of installing Multiplug may be convoluted, using double negatives as well as multiple, confusing confirmation messages. This is all deliberate, ensuring that inexperienced computer users allow Multiplug to enter their computers, believing Multiplug to be a legitimate component.

Aliases: HEUR/QVM10.1.Malware.Gen [Qihoo-360], MultiPlug-FYT [McAfee-GW-Edition], Gen:Variant.Adware.Kazy.622347 (B) [Emsisoft], AdWare/MultiPlug.hsno [Jiangmin], ADWARE/MultiPlug.Gen4 [Avira], Trojan.Adware.Kazy.D97F0B [Arcabit], PUP/Win32.MultiPlug [AhnLab-V3], suspected of Heur.Malware-Cryptor.Multiplug [VBA32], Generic Suspicious [Panda], Win32.Trojan-dropper.Agent.Hquy [Tencent], PUA.Multiplug [Ikarus], Riskware/MultiPlug [Fortinet], Generic6.AXCM [AVG], Adware.Win32.MultiPlug.BDFn [Baidu-International] and TROJ_GEN.R021C0FF915 [TrendMicro].

Do You Suspect Your PC May Be Infected with Multiplug & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Multiplug as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Multiplug creates the following file(s):
# File Name Size MD5 Detection Count
1 %ALLUSERSPROFILE%\BetterSoft\SaveByClick\SaveByClick.exe 341,504 f33c9db8bc05ae336bb15a50230ad209 2,821
2 %WINDIR%\System32\config\systemprofile\AppData\Local\Clip Converter\clipcnv.dll 3,575,808 427c68d0fd031608a8d16ac5bda477d6 2,683
3 %PROGRAMFILES%\DeltaFix\DeltaFix.dll 3,906,048 22f99fd2ba978909acdcf3f63846af17 2,083
4 %PROGRAMFILES(x86)%\Supporter\Supporter_x64.dll 4,229,120 ca1b63feb56327da9a87a2bd4eb6701f 1,326
5 %ALLUSERSPROFILE%\Application Data\YouTuAdBlocuker\w.dll 425,984 9db00e10d0208ade7fa4c8463219f374 1,257
6 %ALLUSERSPROFILE%\SmartWeb\SmartWeb_x64.dll 4,455,424 23a3a9ee4aee4be0d9c3be3a847b1310 709
7 %ALLUSERSPROFILE%\PssdoCheckker\3xGFxgf.x64.dll 469,504 8d1a5b0d609d8c2dff38a78c2d1cf62e 555
8 %PROGRAMFILES(x86)%\CutterEdit\CutterEdit.dll 2,151,936 b36cfb19bcb00fc2d1521b55ccf9987c 546
9 %PROGRAMFILES(x86)%\SystemAssister\SystemAssister.dll 2,224,128 9536d2c8ecf800cd956224c945cf9989 500
10 %ALLUSERSPROFILE%\Dados de aplicativos\50CouoPons\CPhvsgG0rT.dll 423,424 59a61d90ad573e018e9d8c098d1f25b7 465
11 %PROGRAMFILES(x86)%\PragmaGeneration\PragmaGeneration.dll 2,117,632 2df90a48f897cef5b0f351a97dc3da0b 429
12 %ALLUSERSPROFILE%\PPPTCheckeurr\LqhbTK.x64.dll 475,648 c9ceb3a0ce337e754684fb569eaedbd4 394
13 %PROGRAMFILES(x86)%\CutterInstance\CutterInstance.dll 2,149,376 e25f8b52d0ec6cc37f58408eb8752763 378
14 %ALLUSERSPROFILE%\Application Data\YTAdReemoval\U0IOp9A.dll 423,936 d7cdf87c0b42b69973c2791d8a14b65f 369
15 %ALLUSERSPROFILE%\Application Data\Browser faster\BrowserfasterSvc.dll 174,928 fdefd720b6237daf58d73894ad13d61f 362
More files

Registry Details

Multiplug creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
SOFTWARE\Wow6432Node\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_1a34a8e0
SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
SOFTWARE\Classes\..9
SYSTEM\CurrentControlSet\services\fc67e7a0
SYSTEM\ControlSet002\services\fc67e7a0
SYSTEM\ControlSet001\services\fc67e7a0
Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
SYSTEM\ControlSet001\Services\24c54e38
SYSTEM\ControlSet002\Services\24c54e38
SYSTEM\CurrentControlSet\Services\24c54e38
Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc06596e-d9ef-4bb8-b229-2c5f0c46d5aa}
SYSTEM\ControlSet002\services\813b67ce
SYSTEM\ControlSet001\services\813b67ce
SYSTEM\ControlSet002\services\a952796e
SYSTEM\CurrentControlSet\Services\a952796e
SYSTEM\ControlSet001\Services\d45d88d8
SYSTEM\CurrentControlSet\Services\d45d88d8
SYSTEM\CurrentControlSet\Services\863788fa
SYSTEM\ControlSet001\services\353f6e4a
SYSTEM\ControlSet002\services\353f6e4a
SYSTEM\CurrentControlSet\services\353f6e4a
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: Bidaily Synchronize Task.job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: Bidaily Synchronize Task.job.fp
SYSTEM\ControlSet001\services\6135ae48
SYSTEM\ControlSet002\services\6135ae48
SYSTEM\CurrentControlSet\services\6135ae48
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[pr]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: Bidaily Synchronize Task[pr].job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: Bidaily Synchronize Task[pr].job.fp
SYSTEM\CurrentControlSet\services\abc71024
SYSTEM\ControlSet001\services\abc71024
SYSTEM\ControlSet002\services\abc71024
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[74c7]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[3c32]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: Bidaily Synchronize Task[74c7].job.fp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: Bidaily Synchronize Task[74c7].job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: Bidaily Synchronize Task[3c32].job.fp
SYSTEM\ControlSet001\Services\d6b52028
SYSTEM\ControlSet002\Services\d6b52028
SYSTEM\CurrentControlSet\Services\d6b52028
SYSTEM\ControlSet001\services\a89d7674
SYSTEM\CurrentControlSet\services\e3f7f5ff
SYSTEM\ControlSet002\services\e3f7f5ff
SYSTEM\ControlSet001\services\e3f7f5ff
SYSTEM\CurrentControlSet\services\18f5616d
SYSTEM\ControlSet002\services\18f5616d
SYSTEM\ControlSet001\services\18f5616d
SYSTEM\CurrentControlSet\services\1998d97c
SYSTEM\ControlSet002\services\1998d97c
SYSTEM\ControlSet001\services\1998d97c
SYSTEM\ControlSet001\services\cf05acd1
SYSTEM\CurrentControlSet\services\fd3b02ee
SYSTEM\ControlSet002\services\fd3b02ee
SYSTEM\ControlSet001\services\fd3b02ee
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: BestSleep.job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures, value: BestSleep.job.fp
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
{681002C6-5019-81A2-7871-A43754F71E56}
{5F189DF5-2D05-472B-9091-84D9848AE48B}{e81a9dc1}
{8ABACB7B-4CF4-DC8E-C250-022BEC2B7F14}
{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
S-46480778
{5F189DF5-2D05-472B-9091-84D9848AE48B}{dfc86759}
{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}
{5F189DF5-2D05-472B-9091-84D9848AE48B}{f7dc94c1}
{F7FFE175-E3D6-2E86-0226-1D3AE4905E40}
{B945F928-45A2-231E-495F-38C40CA198E9}
{4820778D-AB0D-6D18-C316-52A6A0E1D507}
{6F10CA8F-97E3-48FB-9003-3EE8E9050577}
{65886F9B-214B-530F-E4EA-7565AFF6DE8D}
{1C9DFFAD-5158-FA7A-7370-7F37A1986E53}
{F04D4328-4631-1CBE-1907-201B33FAF2E8}
{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
{D8A9D3D9-F414-952D-AC93-E5F96D47B5BD}
{F6EF44E0-CA47-4F41-8C06-431C005AAEFE}
{27299911-B597-DF98-7F0F-F5451CFF33DC}
{3A3FEB83-3BC6-4EDB-5974-30434EDAE956}
{E32743D3-5789-6E4F-3998-06FB87C9214B}
{74BF2A43-3AF4-E7C8-8EFC-4A7D17DA01F6}
{A0C60E87-9A9B-B803-55AC-7C7D46A57C59}
{924C3DC2-8E4E-432E-F973-9A2174A39774}
{A695893E-A5C7-2E5C-6953-52B0E61E4C1A}
{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}
{842C4394-47F7-60DE-480B-C09116B63559}
S-2217937322
S-1569660013
{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{dfceb3c4}
{11F6D5AB-263F-388E-74DE-E3DECD390E3F}
{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{813b67ce}
{7F90CB46-EB38-83F9-7DB4-CB89897D5836}
{B0EC0808-6922-8705-C255-F9C79C315BD5}
{3F7D597C-7512-F73C-B0F3-5D711BC91948}
{355FE5A0-F76C-0FCB-3575-FAD0CBA4A5F3}
{88E96402-3BBD-02D9-0A36-6FB806AEE04E}
{F364255F-18D3-2E0A-6D4D-A0C3FF4A43B1}
The following CLSID's were found:
HKEY..\..\{CLSID Path}
{0F19EF48-CB8C-416A-B84C-C33B02970632}
{12A61307-94CD-4F8E-94BC-918E511FAA81}
{157B1AA6-3E5C-404A-9118-C1D91F537040}
{382F6195-1B46-40D5-B9FD-0493263E6132}
{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
{3C94CD82-91C5-4DA7-AC36-BC96B16DEB26}
{41F978F3-431A-4464-A789-5C0692D562FB}
{4b277c2a-f74d-4f62-8922-454b6c93425a}
{508e46e8-f9d8-4cb7-bff0-4d2c56dd5560}
{52144437-5be5-488d-b9f0-4f53fd8f0653}
{59C6EEAF-054F-4EAD-B3A3-5A8EEE543228}
{78048C2C-F223-5E70-3B59-225FCEF1780D}
{892C55E5-D1FA-4010-9CFE-11E0F8DF466A}
{9129BF03-EE04-4C16-B8AA-5DA6ADE6AB2B}
{9D4DC1C6-EFD1-44B1-91F9-6C7D4FC13CBD}
{A30561DE-4B73-45DA-A94E-AF6BEB3EF04C}
{ADA38E4E-F20A-4399-BE91-E260AC341C69}
{b80b2eed-c8f3-44c6-b3aa-d74cc4214b1e}
{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
{BE79296A-2EEA-4D47-AA9D-404796EA3BD6}
{CC6D5343-CD0F-4599-9301-C067DE01BEF0}
{DFF50D27-9859-4F50-9BE1-A4CBFA102B9D}
{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
{E481A870-86C7-44E1-97DF-E759FC147CBE}
{EB559340-3A8F-4456-B24D-160098054EF0}
{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.