Auteur Sujet: Driver Updater  (Lu 12640 fois)

0 Membres et 1 Invité sur ce sujet

Hors ligne chantal11

  • Admin Formation
  • Mega Power Members
  • ****
  • Messages: 25002
    • Windows 10 - Windows 8 - Windows 7 - Windows Vista
Driver Updater
« le: octobre 19, 2017, 16:43:17 »
Contenu republié avec la permission de Malwarebytes

Driver Updater est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs
Driver Updater est installé comme un faux scan en ligne.



  • S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur

  • Affiche ces alertes pendant l'installation

  • Affiche ces écrans pendant les opérations


  • Crée cette icône dans la Barre des tâches, sur le Bureau et dans le Menu Démarrer

  • Crée une tâche planifiée









**********

Détection de Driver Updater dans des rapports FRST :

Citer
Driver Updater (HKLM\...\{ACE83A3B-6AE9-485B-B11A-293BA26BC725}_is1) (Version: 1.0.1000.36735 - efixdrivers.com)
Task: {CF70F24D-AE4A-40B7-A8E9-4CD1D519F728} - System32\Tasks\Driver Updater_Logon => C:\Program Files\Driver Updater\aptdu.exe [2017-09-20] (efixdrivers.com)

(efixdrivers.com) C:\Program Files\Driver Updater\aptdu.exe
C:\Windows\System32\Tasks\Driver Updater_Logon
C:\Users\Public\Desktop\Driver Updater.lnk
C:\Users\{Nom_Utilisateur}\AppData\Roaming\efixdrivers.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater
C:\Program Files\Driver Updater

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès au domaine lp.efixdrivers.com et l'IP 184.173.21.164

Citer
-Scan Details-
Process: 1
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\aptdu.exe, Quarantined, [8849], [437562],1.0.2861

Module: 2
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\aptdu.exe, Quarantined, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Microsoft.Win32.TaskScheduler.dll, Quarantined, [8849], [437562],1.0.2861

Registry Key: 7
PUP.Optional.DriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ACE83A3B-6AE9-485B-B11A-293BA26BC725}_is1, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CF70F24D-AE4A-40B7-A8E9-4CD1D519F728}, Delete-on-Reboot, [58], [412119],1.0.2861
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Driver Updater_Logon, Delete-on-Reboot, [58], [412118],1.0.2861
PUP.Optional.DriverUpdater, HKLM\SOFTWARE\duefx-pr, Delete-on-Reboot, [8849], [437563],1.0.2861
PUP.Optional.DriverUpdater, HKLM\SOFTWARE\efixdrivers.com, Delete-on-Reboot, [8849], [437564],1.0.2861
PUP.Optional.DriverUpdater, HKLM\SOFTWARE\ZWZpeGRyaXZlcnMuY29t, Delete-on-Reboot, [8849], [437570],1.0.2861
PUP.Optional.DriverUpdater, HKCU\SOFTWARE\efixdrivers.com, Delete-on-Reboot, [8849], [437565],1.0.2861

Registry Value: 1
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CF70F24D-AE4A-40B7-A8E9-4CD1D519F728}|PATH, Delete-on-Reboot, [58], [412119],1.0.2861

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.AdvancedPCCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER UPDATER, Delete-on-Reboot, [58], [412123],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\Download, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\Backups, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\smico, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\USERS\{username}\APPDATA\ROAMING\EFIXDRIVERS.COM, Delete-on-Reboot, [8849], [437561],1.0.2861

File: 54
PUP.Optional.Carambis, C:\USERS\PUBLIC\DESKTOP\DRIVER UPDATER.LNK, Delete-on-Reboot, [1907], [351666],1.0.2861
PUP.Optional.AdvancedPCCare, C:\WINDOWS\SYSTEM32\TASKS\DRIVER UPDATER_LOGON, Delete-on-Reboot, [58], [412117],1.0.2861
PUP.Optional.DriverUpdater, C:\PROGRAM FILES\DRIVER UPDATER\APTDU.EXE.CONFIG, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\7z.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\7z.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\DPInst32.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\DPInst64.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\DriversPath.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\FileValidator.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\danish_du_da.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\Dutch_du_nl.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\english_du_en.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\finish_du_fi.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\French_du_fr.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\german_du_de.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\italian_du_it.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\japanese_du_ja.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\norwegian_du_no.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\portuguese_du_ptbr.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\russian_du_ru.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\spanish_du_es.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\swedish_du_sv.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\aptdu.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\danish_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Delimon.Win32.IO.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\DUContent.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Dutch_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\english_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\finish_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\French_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\german_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\italian_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\japanese_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\NAudio.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\norwegian_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\portuguese_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\russian_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\spanish_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\swedish_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\System.ServiceModel.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\TAFactory.IconPack.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\TaskScheduler.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\unins000.dat, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\unins000.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\unins000.msg, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.AdvancedPCCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER UPDATER\BUY DRIVER UPDATER.LNK, Delete-on-Reboot, [58], [412123],1.0.2861
PUP.Optional.AdvancedPCCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater\Driver Updater.lnk, Delete-on-Reboot, [58], [412123],1.0.2861
PUP.Optional.AdvancedPCCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater\Uninstall Driver Updater.lnk, Delete-on-Reboot, [58], [412123],1.0.2861
PUP.Optional.DriverUpdater, C:\USERS\{username}\APPDATA\ROAMING\EFIXDRIVERS.COM\DRIVER UPDATER\ERRORLOG.TXT, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\param.ini, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\res.bin, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\USERS\{username}\DESKTOP\DUEFIXSETUP.EXE, Delete-on-Reboot, [8849], [437560],1.0.2861

Physical Sector: 0
(No malicious items detected)



Tutoriel d'utilisation Malwarebytes en images


Source : Removal instructions for Driver Updater de Metallica - Malwarebytes Forums



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/
 

Security-X

Driver Updater
« le: octobre 19, 2017, 16:43:17 »