Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le décembre 14, 2016, 12:01:27

Titre: Advanced PC Tuneup
Posté par: chantal11 le décembre 14, 2016, 12:01:27
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

Advanced PC Tuneup est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)

(https://forums.malwarebytes.org/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AdvancedPCTuneup/main.png&key=e49f1ec64a94c3a21a6dbdb8d714df8ead96256786bf8251b0e881c03ca46e0c)

(https://forums.malwarebytes.org/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AdvancedPCTuneup/warning4.png&key=5bdb23ccd4bfd3c13a9f5dc9c9506896814096630c612d4c7608ab63edd1b933)

(https://forums.malwarebytes.org/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AdvancedPCTuneup/warning1.png&key=310d04de2553ff6510f1747e2de2a99339e94d9cecaaebf53123bbd23295f437)

(https://forums.malwarebytes.org/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AdvancedPCTuneup/warning2.png&key=86286c13a9a19e97ab1f1c7212fccc3da587149fe65c6ac98c62e09c0acfe5c3)

(https://forums.malwarebytes.org/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AdvancedPCTuneup/warning5.png&key=f14f2657fef9a79a4b3fb86709e0de4c838967344c80fa4d677c4afd4db4bbfa)

(https://forums.malwarebytes.org/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AdvancedPCTuneup/icons.png&key=921870190aa5f31c39fb6aafd4475a91dd4e3e51c54c0ccfe1835e1f082f08c0)


(https://forums.malwarebytes.org/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AdvancedPCTuneup/warning3.png&key=e5a999453ff4a467bab7e683ef239c73350e91a28438dd02b9151a3f968644c5)





**********

Détection de Advanced PC Tuneup dans des rapports FRST :

Citer
Advanced PC Tuneup (HKLM-x32\...\Advanced PC Tuneup_is1) (Version: 6.3.45.516 - www.advancedpctuneup.com)
Task: {31473DA2-99AF-4A06-9656-68F29BE85DF9} - System32\Tasks\Advanced PC Tuneup_DEFAULT => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe [2016-12-09] (AdvancedPCTuneup.com)
Task: {50B00273-6B7E-4668-9BB6-5851DB3B7FC5} - System32\Tasks\RunAtStartup => C:\Users\{Nom_Utilisateur}\AppData\Roaming\SysMon\sysmon.exe [2016-12-09] ()
Task: {7D751A0B-5AE6-44F6-8B5D-82BF0E7EC027} - System32\Tasks\Advanced PC Tuneup => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe [2016-12-09] (AdvancedPCTuneup.com)
Task: {B64C0B9D-2A08-48EA-83E6-C41E47A14FDE} - System32\Tasks\Advanced PC Tuneup_UPDATES => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe [2016-12-09] (AdvancedPCTuneup.com)
Task: C:\Windows\Tasks\Advanced PC Tuneup_DEFAULT.job => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe
Task: C:\Windows\Tasks\Advanced PC Tuneup_UPDATES.job => C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe

(AdvancedPCTuneup.com) C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F\AdvancedPCTuneup.exe
() C:\Users\{Nom_Utilisateur}\AppData\Roaming\SysMon\sysmon.exe
C:\Windows\System32\Tasks\Advanced PC Tuneup_DEFAULT
C:\Windows\System32\Tasks\Advanced PC Tuneup
C:\Windows\System32\Tasks\Advanced PC Tuneup_UPDATES
C:\Windows\System32\Tasks\RunAtStartup
C:\Users\Public\Desktop\Advanced PC Tuneup.lnk
C:\Windows\Tasks\Advanced PC Tuneup_UPDATES.job
C:\Windows\Tasks\Advanced PC Tuneup_DEFAULT.job
C:\Users\{Nom_Utilisateur}\AppData\Roaming\SysMon
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Tuneup
C:\Program Files (x86)\6DC835E1-049B-4fe5-9825-B51FE4F7057F
C:\Users\{Nom_Utilisateur}\AppData\Roaming\6dc835e1-049b-4fe5-9825-b51fe4f7057f

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine advancedpctuneup.com et l'IP 169.55.71.151
 

Citer
PUP.Optional.Jawego
PUP.Optional.SysTweak.Generic


Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for Advanced PC Tuneup de Metallica - Malwarebytes Forums (https://forums.malwarebytes.org/topic/192099-removal-instructions-for-advanced-pc-tuneup/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/