Auteur Sujet: CC Cleaner  (Lu 1251 fois)

0 Membres et 1 Invité sur ce sujet

En ligne chantal11

  • Admin Formation
  • Mega Power Members
  • ****
  • Messages: 22966
    • Windows 10 - Windows 8 - Windows 7 - Windows Vista
CC Cleaner
« le: août 10, 2017, 17:14:32 »
Contenu republié avec la permission de Malwarebytes

CC Cleaner est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs



  • S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur

  • Affiche ces alertes pendant l'installation


  • Affiche ces écrans pendant les opérations

  • Crée cette icône dans la Barre des tâches, sur le Bureau et dans le Menu Démarrer

  • Affiche cette notification dans la Barre des tâches

  • Crée ces tâches planifiées








**********

Détection de CC Cleaner dans des rapports FRST :

Citer
CC Cleaner (HKLM\...\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1) (Version: 1.0.0.2502 - )
Task: {2AF76D7D-51E9-45D2-90E5-1E4F8F5A2963} - System32\Tasks\CC Cleaner_Logon => C:\Program Files\CC Cleaner for {Nom_PC}\scad.exe [2017-06-30] ()

() C:\Program Files\CC Cleaner for {Nom_PC}\scad.exe
C:\Windows\System32\Tasks\CC Cleaner_Logon
C:\Users\{Nom_Utilisateur}\AppData\Roaming\CC Cleaner For {Nom_PC}
C:\Users\Public\Desktop\CC Cleaner.lnk
C:\Users\{Nom_Utilisateur}\AppData\Roaming\FileOpenerWindows for {Nom_PC}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CC Cleaner for {Nom_PC}
C:\ProgramData\CC Cleaner for {Nom_PC}
C:\Program Files\CC Cleaner for {Nom_PC}

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'IP 87.248.202.1 et le domaine cdn.ccleaner.online

Citer
PUP.Optional.PCVARK
PUP.Optional.AdvanceSystemCare
PUP.Optional.WindowsFileOpener

Citer
-Scan Details-
Process: 1
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\SCAD.EXE, Quarantined, [8617], [421564],1.0.2498

Module: 6
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\SCAD.EXE, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\X64\SQLITE.INTEROP.DLL, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\System.Data.SQLite.DLL, Quarantined, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\TAFactory.IconPack.dll, Quarantined, [8617], [421564],1.0.2498

Registry Key: 4
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2AF76D7D-51E9-45D2-90E5-1E4F8F5A2963}, Delete-on-Reboot, [8617], [421573],1.0.2498
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CC Cleaner_Logon, Delete-on-Reboot, [8617], [421572],1.0.2498
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\ASC-PR, Delete-on-Reboot, [701], [333216],1.0.2498

Registry Value: 4
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2AF76D7D-51E9-45D2-90E5-1E4F8F5A2963}|PATH, Delete-on-Reboot, [8617], [421573],1.0.2498
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND|WINDOWSFILEOPENER.DAT, Delete-on-Reboot, [701], [333220],1.0.2498
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND|WINDOWSFILEOPENER.DAT, Delete-on-Reboot, [1295], [333218],1.0.2498
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\ASC-PR|AFFILIATEID, Delete-on-Reboot, [701], [333216],1.0.2498

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 10
PUP.Optional.PCVARK, C:\PROGRAMDATA\CC Cleaner for {computername}, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\CC Cleaner For {computername}\smico, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\CC Cleaner For {computername}, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x64, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x86, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\FileOpenerWindows for {computername}, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\x64, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\x86, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC Cleaner for {computername}, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CC Cleaner for {computername}, Delete-on-Reboot, [8617], [421563],1.0.2498

File: 47
PUP.Optional.PCVARK, C:\ProgramData\CC Cleaner for {computername}\mdb.db, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\ProgramData\CC Cleaner for {computername}\pcspstartrepair_en.mp3, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\CC Cleaner For {computername}\Errorlog.txt, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\CC Cleaner For {computername}\exlist.bin, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\CC Cleaner For {computername}\res.xml, Delete-on-Reboot, [8617], [421565],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x64\SQLite.Interop.dll, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\x86\SQLite.Interop.dll, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\fow.exe, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\fow.exe.config, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\langswfo.db, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\FileOpenerWindows for {computername}\System.Data.SQLite.DLL, Delete-on-Reboot, [8617], [421589],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\SCAD.EXE, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\PROGRAM FILES\CC CLEANER FOR {computername}\X64\SQLITE.INTEROP.DLL, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\x86\SQLite.Interop.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\application.ico, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\danish_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Dutch_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\english_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\finish_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\French_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\german_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\HtmlRenderer.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\HtmlRenderer.WinForms.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\italian_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\japanese_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\langs.db, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\NAudio.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\norwegian_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\portuguese_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\ResASYSC.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\russian_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\scad.exe.config, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\spanish_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\swedish_iss.ini, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\System.Data.SQLite.DLL, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\TAFactory.IconPack.dll, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\unins000.dat, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\unins000.exe, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\Program Files\CC Cleaner for {computername}\unins000.msg, Delete-on-Reboot, [8617], [421564],1.0.2498
PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CC Cleaner for {computername}\Buy CC Cleaner.lnk, Delete-on-Reboot, [8617], [421563],1.0.2498
PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CC Cleaner for {computername}\CC Cleaner.lnk, Delete-on-Reboot, [8617], [421563],1.0.2498
PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CC Cleaner for {computername}\Uninstall CC Cleaner.lnk, Delete-on-Reboot, [8617], [421563],1.0.2498
PUP.Optional.PCVARK, C:\USERS\{username}\DESKTOP\CCLSETUP.EXE, Delete-on-Reboot, [8617], [421556],1.0.2498
PUP.Optional.PCVARK, C:\USERS\PUBLIC\DESKTOP\CC CLEANER.LNK, Delete-on-Reboot, [8617], [421566],1.0.2498
PUP.Optional.PCVARK, C:\WINDOWS\SYSTEM32\TASKS\CC CLEANER_LOGON, Delete-on-Reboot, [8617], [421571],1.0.2498

Physical Sector: 0
(No malicious items detected)



Tutoriel d'utilisation Malwarebytes en images


Source : Removal instructions for CC Cleaner de Metallica - Malwarebytes Forums



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/
 

Security-X

CC Cleaner
« le: août 10, 2017, 17:14:32 »