Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le août 10, 2017, 17:14:32

Titre: CC Cleaner
Posté par: chantal11 le août 10, 2017, 17:14:32
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

CC Cleaner est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/CCCleanerPCVark/main.png&key=e4655054411c133bf1ccd2989bdc0aee91c7313381ab1b108221d14d358e8e0d)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/CCCleanerPCVark/warning4.png&key=3668cba1b4d72254e30d3108cb9260240b63c6499ac37c87b64bc794d2b56886)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/CCCleanerPCVark/warning1.png&key=7421e34fa157e47817d0b7b6cbc455167b60e9f7acd74b7ce239891d4790fe85)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/CCCleanerPCVark/warning2.png&key=7284dbed157e351ee9a6d28ec5a997934d9f88516fafb0fa6fbe36bc049e61d3)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/CCCleanerPCVark/warning6.png&key=2b1760bfb65d0e6303acf6c7e3497c2d9c111f460d13cecef97973d0756dbaf8)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/CCCleanerPCVark/icons.png&key=9e91db864f5c81130f8c6fcbe950974b8b289f1e3df1e8eb3611612b09daef3d)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/CCCleanerPCVark/warning5.png&key=5c502297db4b4f5b36ab54ceb22c042f8542278ef57a80c80f17df23eab82add)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/CCCleanerPCVark/warning3.png&key=1ed095778f5892e84055cd26bb045f858727061d7df733308848b7541a52e057)







**********

Détection de CC Cleaner dans des rapports FRST :

Citer
CC Cleaner (HKLM\...\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1) (Version: 1.0.0.2502 - )
Task: {2AF76D7D-51E9-45D2-90E5-1E4F8F5A2963} - System32\Tasks\CC Cleaner_Logon => C:\Program Files\CC Cleaner for {Nom_PC}\scad.exe [2017-06-30] ()

() C:\Program Files\CC Cleaner for {Nom_PC}\scad.exe
C:\Windows\System32\Tasks\CC Cleaner_Logon
C:\Users\{Nom_Utilisateur}\AppData\Roaming\CC Cleaner For {Nom_PC}
C:\Users\Public\Desktop\CC Cleaner.lnk
C:\Users\{Nom_Utilisateur}\AppData\Roaming\FileOpenerWindows for {Nom_PC}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CC Cleaner for {Nom_PC}
C:\ProgramData\CC Cleaner for {Nom_PC}
C:\Program Files\CC Cleaner for {Nom_PC}

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'IP 87.248.202.1 et le domaine cdn.ccleaner.online

Citer
PUP.Optional.PCVARK
PUP.Optional.AdvanceSystemCare
PUP.Optional.WindowsFileOpener

Citer
-Scan Details-
Process: 1
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\SCAD.EXE, Quarantined, [8617], [421564],1.0.2498

Module: 6
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\SCAD.EXE, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\X64\SQLITE.INTEROP.DLL, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\System.Data.SQLite.DLL, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\TAFactory.IconPack.dll, Quarantined, [8617], [421564],1.0.2498

Registry Key: 4
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2AF76D7D-51E9-45D2-90E5-1E4F8F5A2963}, Delete-on-Reboot, [8617], [421573],1.0.2498
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CC Cleaner_Logon, Delete-on-Reboot, [8617], [421572],1.0.2498
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\ASC-PR, Delete-on-Reboot, [701], [333216],1.0.2498

Registry Value: 4
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2AF76D7D-51E9-45D2-90E5-1E4F8F5A2963}|PATH, Delete-on-Reboot, [8617], [421573],1.0.2498
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND|WINDOWSFILEOPENER.DAT, Delete-on-Reboot, [701], [333220],1.0.2498
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND|WINDOWSFILEOPENER.DAT, Delete-on-Reboot, [1295], [333218],1.0.2498
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\ASC-PR|AFFILIATEID, Delete-on-Reboot, [701], [333216],1.0.2498

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 10
PUP.Optional.PCVARK, C:\PROGRAMDATA\CC Cleaner for {computername}, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\CC Cleaner For {computername}\smico, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\CC Cleaner For {computername}, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x64, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x86, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\FileOpenerWindows for {computername}, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\x64, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\x86, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC Cleaner for {computername}, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CC Cleaner for {computername}, Delete-on-Reboot, [8617], [421563],1.0.2498

File: 47
PUP.Optional.PCVARK, C:\ProgramData\CC Cleaner for {computername}\mdb.db, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\ProgramData\CC Cleaner for {computername}\pcspstartrepair_en.mp3, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\CC Cleaner For {computername}\Errorlog.txt, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\CC Cleaner For {computername}\exlist.bin, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\CC Cleaner For {computername}\res.xml, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x64\SQLite.Interop.dll, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x86\SQLite.Interop.dll, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\fow.exe, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\fow.exe.config, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\langswfo.db, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\System.Data.SQLite.DLL, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\SCAD.EXE, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\X64\SQLITE.INTEROP.DLL, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\x86\SQLite.Interop.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\application.ico, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\danish_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Dutch_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\english_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\finish_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\French_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\german_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\HtmlRenderer.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\HtmlRenderer.WinForms.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\italian_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\japanese_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\langs.db, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\NAudio.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\norwegian_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\portuguese_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\ResASYSC.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\russian_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\scad.exe.config, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\spanish_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\swedish_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\System.Data.SQLite.DLL, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\TAFactory.IconPack.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\unins000.dat, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\unins000.exe, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\unins000.msg, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CC Cleaner for {computername}\Buy CC Cleaner.lnk, Delete-on-Reboot, [8617], [421563],1.0.2498
PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CC Cleaner for {computername}\CC Cleaner.lnk, Delete-on-Reboot, [8617], [421563],1.0.2498
PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CC Cleaner for {computername}\Uninstall CC Cleaner.lnk, Delete-on-Reboot, [8617], [421563],1.0.2498
PUP.Optional.PCVARK, C:\USERS\{username}\DESKTOP\CCLSETUP.EXE, Delete-on-Reboot, [8617], [421556],1.0.2498
PUP.Optional.PCVARK, C:\USERS\PUBLIC\DESKTOP\CC CLEANER.LNK, Delete-on-Reboot, [8617], [421566],1.0.2498
PUP.Optional.PCVARK, C:\WINDOWS\SYSTEM32\TASKS\CC CLEANER_LOGON, Delete-on-Reboot, [8617], [421571],1.0.2498

Physical Sector: 0
(No malicious items detected)



Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for CC Cleaner de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/206638-removal-instructions-for-cc-cleaner/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/