Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le août 10, 2017, 17:36:44

Titre: Driver Tuneup
Posté par: chantal11 le août 10, 2017, 17:36:44
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

Driver Tuneup est un faux nettoyeur/optimiseur (Driver Update), affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/DriverTuneUp/main.png&key=70d30385b545e3f367dce372c26743b29dfa49543988e654b2d2f76a013a2781)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/DriverTuneUp/warning4.png&key=508399069a4beba69cb643706101c6945d33c9bcf405fa3ba6750f43e12c9187)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/DriverTuneUp/warning1.png&key=6b5af2d2cce7ec16f871f35d066b6a96b02f31c43f248119b2b48771748e6caf)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/DriverTuneUp/warning2.png&key=e6d5a0c4ed4fe0b3d6575d7fafb471fb1277f8993b0965bd98d4377b79744c4e)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/DriverTuneUp/warning5.png&key=bb611440f6825c56c3814da57a15a157d71001cc4ab0696c2684b9bc3d4ced75)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/DriverTuneUp/warning6.png&key=ffa8369000765c37338f210665944037af3e75f2111f126a729d7f1d5022761d)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/DriverTuneUp/icons.png&key=bae3d823314dca73ece5424553897c34047d2debe31da9460202e089c97a312e)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/DriverTuneUp/icons2.png&key=b4f654c7836087758b15781da083065f4595b372ba2351a148401ad133769798)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/DriverTuneUp/warning3.png&key=2abdd67b880a03ca3c589597e3b43403f3306eac6866d2e684d0d0896d4688c1)






**********

Détection de Driver Tuneup dans des rapports FRST :

Citer
Driver Tuneup (HKLM\...\{9132F466-FD4C-4DF1-85F0-818CC4567B2F}_is1) (Version: 1.0.0.34067 - driver-tuneup.com)
Task: {0BE065E2-536F-4A9A-B98D-1F41CD7ECE39} - System32\Tasks\Driver Tuneup_Logon => C:\Program Files\Driver Tuneup\drivertuneup.exe [2017-07-31] (driver-tuneup.com)

(driver-tuneup.com) C:\Program Files\Driver Tuneup\drivertuneup.exe
C:\Users\Public\Desktop\Driver Tuneup.lnk
C:\Windows\System32\Tasks\Driver Tuneup_Logon
C:\Users\{Nom_Utilisateur}\AppData\Roaming\driver-tuneup.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tuneup
C:\Program Files\Driver Tuneup

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine driver-tuneup.com et l'IP 67.219.144.82
 

Citer
PUP.Optional.PCVARK

Citer
-Scan Details-
Process: 1
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\drivertuneup.exe, Quarantined, [8611], [421581],1.0.2481

Module: 3
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Microsoft.Win32.TaskScheduler.dll, Quarantined, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\drivertuneup.exe, Quarantined, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Interop.IWshRuntimeLibrary.dll, Quarantined, [8611], [421581],1.0.2481

Registry Key: 3
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9132F466-FD4C-4DF1-85F0-818CC4567B2F}_is1, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BE065E2-536F-4A9A-B98D-1F41CD7ECE39}, Delete-on-Reboot, [8611], [421577],1.0.2481
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Driver Tuneup_Logon, Delete-on-Reboot, [8611], [421576],1.0.2481

Registry Value: 1
PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0BE065E2-536F-4A9A-B98D-1F41CD7ECE39}|PATH, Delete-on-Reboot, [8611], [421577],1.0.2481

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 8
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\Download, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\Backups, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\smico, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\icon, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\driver-tuneup.com, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER TUNEUP, Delete-on-Reboot, [8611], [421582],1.0.2481

File: 60
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\icon\114602.ico, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\common_desktop.gif, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\common_desktop_backup.gif, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\common_desktop_install.gif, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\common_desktop_restore.gif, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\Errorlog.txt, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\driver-tuneup.com\Driver Tuneup\res.bin, Delete-on-Reboot, [8611], [421580],1.0.2481
PUP.Optional.PCVARK.Generic, C:\USERS\PUBLIC\DESKTOP\DRIVER TUNEUP.LNK, Delete-on-Reboot, [8613], [421590],1.0.2481
PUP.Optional.PCVARK, C:\PROGRAM FILES\DRIVER TUNEUP\DTDUTOASTNOTIFICATION.EXE, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\dp\7z.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\dp\7z.exe, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\dp\DPInst32.exe, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\dp\DPInst64.exe, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\dp\DriversTuneupPath.exe, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\danish_du_da.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\Dutch_du_nl.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\english_du_en.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\finish_du_fi.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\French_du_fr.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\german_du_de.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\italian_du_it.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\japanese_du_ja.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\norwegian_du_no.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\portuguese_du_ptbr.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\russian_du_ru.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\spanish_du_es.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Langs\swedish_du_sv.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Application_icon.png, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\danish_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Delimon.Win32.IO.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\drivertuneup.exe, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\drivertuneup.exe.config, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Dutch_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\DUTuneupResource.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\english_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\finish_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\French_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\german_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\italian_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\japanese_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Microsoft.WindowsAPICodePack.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Microsoft.WindowsAPICodePack.Shell.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\norwegian_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\portuguese_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\russian_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\spanish_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\swedish_iss.ini, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\System.ServiceModel.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\TAFactory.IconPack.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\TaskScheduler.dll, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\unins000.dat, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\unins000.exe, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\unins000.msg, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\Program Files\Driver Tuneup\Windows.winmd, Delete-on-Reboot, [8611], [421581],1.0.2481
PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER TUNEUP\BUY DRIVER TUNEUP.LNK, Delete-on-Reboot, [8611], [421582],1.0.2481
PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tuneup\Driver Tuneup.lnk, Delete-on-Reboot, [8611], [421582],1.0.2481
PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Tuneup\Uninstall Driver Tuneup.lnk, Delete-on-Reboot, [8611], [421582],1.0.2481
PUP.Optional.PCVARK, C:\WINDOWS\SYSTEM32\TASKS\DRIVER TUNEUP_LOGON, Delete-on-Reboot, [8611], [421575],1.0.2481

Physical Sector: 0
(No malicious items detected)


Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for Driver Tuneup de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/206454-removal-instructions-for-driver-tuneup/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/[/list]