Author Topic: Potential Malware!! :- MediaPluginInstall from game play labs is a spyware!!!  (Read 32564 times)

0 Members and 1 Guest are viewing this topic.

nounzein

  • Guest
This is really wired i've installed this file since yesterday and i've got nothing suspicious (till now) but a spyware that you can uninstall!!! I've never seen that...
And it seems that he attached him selfs with the browser that you opened with as an extension (chrome in my case).

anrose

  • Guest
I would suggest that you use this antivirus Dr.Web Anti Virus for Windows 4.44. It is best for viruses like the one you encounter on facebook. Try using it you'll definitely like it.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi nounzein,

That is the Browser Help Object that comes with the install: http://www.google.nl/search?sourceid=chrome&ie=UTF-8&q=0xD7DC7DFE31FA56BBF486E947D89C68F3
See: http://www.threatexpert.com/report.aspx?md5=20d3f7c94b5265c14d05554c50eb8fa1
Anubis report:
http://anubis.iseclab.org/?action=result&task_id=16ae099d4a0b736c42509e155e9aad9b3&format=xml&save=1

It comes now with new installer campaigns, added unwanted installs of BHO's, I had a nasty one with PicPick installer from softonic with a Bing toolbar recently.
and there are more examples...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Norman analysis added detection

Here is the one i found in reply #56
Quote
MediaPluginSetup.exe : Processed - GamePlay.D

and here is the one @nounzein sendt me
Quote
MediaPluginSetup.exe : Processed - GamePlay.A

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Wonder why Avast isnt adding it  ???
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)

Offline DraKuL

  • Sr. Member
  • ****
  • Posts: 392
Ok so I was just messing around with the browser extensions today and found out that another browser extension from gameplay labs called gameplay labs plugin was installed(obviously it got installed with that media plugin) but before removing it from the GUI of the browser I searched everywhere on the user documents, appdata but couldnt find anything on it.. Dont know how it was still there and why MBAM didnt detect it.. It was installed on firefox as well. It was enabled by default, even if I disable it will get enabled the next time I run the browser. At first the option to remove it completely wasnt there.. but after restarting the computer and disconnecting from the internet, I was able to remove it from both these browsers..

I searched a bit about this plugin and it has given so many people a lot of trouble.. Just google "Gameplay labs plugin" and you'll see :)

Anyway if it really is a spyware and it steals passwords and stuff so many sensitive information of mine has been leaked  :(

Avast still hasn't added detection though, I doubt if they will do it in the future..
ASUS ROG Mobo - AMD Ryzen 7 3700X| RAM 32.00GB | 4TB HDD +1TB SSD | ATI Radeon RX 5700 XT 8GB
Windows 10 Pro 64bit |Avast One Individual | MBAM PRO - RealTime | SUPERAntiSpyware PRO |CC Cleaner | Chrome | Firefox |(The Latest Release of all the Software)