- Jul 8, 2015
- 4
Hi! This is Rhana, Community Manager for AdBlock. One of our users has run into a new type of adware, PriceMoon. I think you may not know about it yet, since I couldn't find a removal guide for it. In the absence of a guide specifically for PriceMoon, I suggested the user follow the procedure for removing the Best Price Nina virus, which Malwarebytes also found.
The strange thing is, the screenshot the user provided doesn't show "Ads by PriceMoon." Instead, the ads are captioned "Ads by Not Set." The only way I can tell which virus we're dealing with is from the Malwarebytes Anti-Malware scan report.
I'm attaching the screenshot. The salient part of the scan report follows.
Files: 8
PUP.Optional.BestPriceNinja, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_pstatic.bestpriceninja.com_0.localstorage, ,
[6279cbdfb0db56e07bfb2ee6b153c53b],
PUP.Optional.BestPriceNinja, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, ,
[528942688a013ef8f18546cec83c3ac6],
PUP.Optional.BestPriceNinja, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\http_pstatic.bestpriceninja.com_0.localstorage, ,
[c81312988506d660601644d06a9ade22],
PUP.Optional.BestPriceNinja, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, ,
[6b70f9b1602ba88e8cea41d357ad1ce4],
PUP.Optional.PriceMoon, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_pstatic.pricemoon.co_0.localstorage, ,
[12c94862810ab38389d595825fa54db3],
PUP.Optional.PriceMoon, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_pstatic.pricemoon.co_0.localstorage-journal, ,
[8e4dc9e18506dc5a67f78a8d9c68966a],
PUP.Optional.PriceMoon, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\http_pstatic.pricemoon.co_0.localstorage, ,
[a437109acbc0de58f5699e79e3218080],
PUP.Optional.PriceMoon, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\http_pstatic.pricemoon.co_0.localstorage-journal, ,
[27b4c4e6fe8d05311d4133e409fb5fa1],
Thanks for looking into this!
The strange thing is, the screenshot the user provided doesn't show "Ads by PriceMoon." Instead, the ads are captioned "Ads by Not Set." The only way I can tell which virus we're dealing with is from the Malwarebytes Anti-Malware scan report.
I'm attaching the screenshot. The salient part of the scan report follows.
Files: 8
PUP.Optional.BestPriceNinja, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_pstatic.bestpriceninja.com_0.localstorage, ,
[6279cbdfb0db56e07bfb2ee6b153c53b],
PUP.Optional.BestPriceNinja, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, ,
[528942688a013ef8f18546cec83c3ac6],
PUP.Optional.BestPriceNinja, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\http_pstatic.bestpriceninja.com_0.localstorage, ,
[c81312988506d660601644d06a9ade22],
PUP.Optional.BestPriceNinja, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, ,
[6b70f9b1602ba88e8cea41d357ad1ce4],
PUP.Optional.PriceMoon, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_pstatic.pricemoon.co_0.localstorage, ,
[12c94862810ab38389d595825fa54db3],
PUP.Optional.PriceMoon, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_pstatic.pricemoon.co_0.localstorage-journal, ,
[8e4dc9e18506dc5a67f78a8d9c68966a],
PUP.Optional.PriceMoon, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\http_pstatic.pricemoon.co_0.localstorage, ,
[a437109acbc0de58f5699e79e3218080],
PUP.Optional.PriceMoon, C:\Users\{USER}\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\http_pstatic.pricemoon.co_0.localstorage-journal, ,
[27b4c4e6fe8d05311d4133e409fb5fa1],
Thanks for looking into this!
