Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le septembre 26, 2017, 17:33:26

Titre: AnytimeAstrology
Posté par: chantal11 le septembre 26, 2017, 17:33:26
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

AnytimeAstrology est un Browser Hijacker NewTab (https://blog.malwarebytes.com/glossary/NewTab/) (pirate de navigateur nouvel onglet) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, nouvel onglet ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
AnytimeAstrology appartient à la famille Mindspark/Ask (https://blog.malwarebytes.org/malvertising-2/2014/11/mindspark-toolbars/) maintenant connu comme des Applications IAC.

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AnytimeAstrology/warning4.png&key=e2ae854ae7afddcdb321508fb7952e101ce3ece9d1e4583b5564fc83f21da5bd)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AnytimeAstrology/warning6.png&key=4250143e96b2a0036a9e683b3774622e389a9fd9eab5ca1f4be1c1fcd7bd69d4)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AnytimeAstrology/icons.png&key=f045e1c682cda39df4dce5341c956a1342bfc9ed56e6a92fb509db964410d7da)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AnytimeAstrology/warning6.png&key=4250143e96b2a0036a9e683b3774622e389a9fd9eab5ca1f4be1c1fcd7bd69d4)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AnytimeAstrology/warning1.png&key=52ad708dd8086d24422bf4790e9394b3a1e38b5f72ecf3a4efc68ac3b5b6a15a)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AnytimeAstrology/warning2.png&key=9993a16852efccc5c707e3c286adaa5d8fc628f2e265b24d74121efa670bfb64)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/AnytimeAstrology/startpage.png&key=c1038cb0f1b6558c1d06fe0790333e141becc35d483880d30978eb0dddec1b36)








**********

Détection de AnytimeAstrology dans des rapports FRST :

Citer
AnytimeAstrology Internet Explorer Homepage and New Tab (HKCU\...\AnytimeAstrologyTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/anytimeastrology/S22699/index.html?n={n1}&p2={p21}&ptb={ptb1}&coid={coid1}
FF Extension: No Name - C:\Users\{Nom_Utilisateur}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_oxMembers_@free.anytimeastrology.com.xpi [2017-09-06]
CHR Extension: (AnytimeAstrology) - C:\Users\{Nom_Utilisateur}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdcnkkhncapfcngcjkmfkikanomkgnmb [2017-09-06]
C:\Users\{Nom_Utilisateur}\AppData\Local\AnytimeAstrologyTooltab



**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine hp.myway.com et l'IP 2.19.63.115


Citer
PUP.Optional.MindSpark
PUP.Optional.MindSpark.Generic

Exemple de rapport (https://up.security-x.fr/file.php?h=Rfe88acb9f9d85ab65a09ce0403926f76)



Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for AnytimeAstrology de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/209927-removal-instructions-for-anytimeastrology/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/