Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le octobre 19, 2017, 16:43:17

Titre: Driver Updater
Posté par: chantal11 le octobre 19, 2017, 16:43:17
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

Driver Updater est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)
Driver Updater est installé comme un faux scan en ligne.


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EfixDriverUpdater/main.png&key=481f49dff468d463da737a750abed4e66895f202ba15730e49545dfa222980bb)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EfixDriverUpdater/warning4.png&key=4499311b532b4675b6b941542ff859f2f541ed193fec8d29ad26df798c1438c5)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EfixDriverUpdater/warning1.png&key=b3ae0f4f98221133fe808689675fd9b52e30b74778cbe3bc981df64bd6511eac)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EfixDriverUpdater/warning2.png&key=d04b23e7da11c7ea5e130b9dbae265f0efeb6d99724447b6fa98ba17cfe7f8f0)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EfixDriverUpdater/buyme.png&key=183a8e0d0c8db6c251fc55c86d98862b20c0e61ba936733fb1fd766d9d653934)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EfixDriverUpdater/icons.png&key=658f65a17273c327ebf00a04fcf0c940f2c3dbfe543ea99b5dbf3de8763c6288)










**********

Détection de Driver Updater dans des rapports FRST :

Citer
Driver Updater (HKLM\...\{ACE83A3B-6AE9-485B-B11A-293BA26BC725}_is1) (Version: 1.0.1000.36735 - efixdrivers.com)
Task: {CF70F24D-AE4A-40B7-A8E9-4CD1D519F728} - System32\Tasks\Driver Updater_Logon => C:\Program Files\Driver Updater\aptdu.exe [2017-09-20] (efixdrivers.com)

(efixdrivers.com) C:\Program Files\Driver Updater\aptdu.exe
C:\Windows\System32\Tasks\Driver Updater_Logon
C:\Users\Public\Desktop\Driver Updater.lnk
C:\Users\{Nom_Utilisateur}\AppData\Roaming\efixdrivers.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater
C:\Program Files\Driver Updater

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès au domaine lp.efixdrivers.com et l'IP 184.173.21.164

Citer
-Scan Details-
Process: 1
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\aptdu.exe, Quarantined, [8849], [437562],1.0.2861

Module: 2
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\aptdu.exe, Quarantined, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Microsoft.Win32.TaskScheduler.dll, Quarantined, [8849], [437562],1.0.2861

Registry Key: 7
PUP.Optional.DriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ACE83A3B-6AE9-485B-B11A-293BA26BC725}_is1, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CF70F24D-AE4A-40B7-A8E9-4CD1D519F728}, Delete-on-Reboot, [58], [412119],1.0.2861
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Driver Updater_Logon, Delete-on-Reboot, [58], [412118],1.0.2861
PUP.Optional.DriverUpdater, HKLM\SOFTWARE\duefx-pr, Delete-on-Reboot, [8849], [437563],1.0.2861
PUP.Optional.DriverUpdater, HKLM\SOFTWARE\efixdrivers.com, Delete-on-Reboot, [8849], [437564],1.0.2861
PUP.Optional.DriverUpdater, HKLM\SOFTWARE\ZWZpeGRyaXZlcnMuY29t, Delete-on-Reboot, [8849], [437570],1.0.2861
PUP.Optional.DriverUpdater, HKCU\SOFTWARE\efixdrivers.com, Delete-on-Reboot, [8849], [437565],1.0.2861

Registry Value: 1
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CF70F24D-AE4A-40B7-A8E9-4CD1D519F728}|PATH, Delete-on-Reboot, [58], [412119],1.0.2861

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.AdvancedPCCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER UPDATER, Delete-on-Reboot, [58], [412123],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\Download, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\Backups, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\smico, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\USERS\{username}\APPDATA\ROAMING\EFIXDRIVERS.COM, Delete-on-Reboot, [8849], [437561],1.0.2861

File: 54
PUP.Optional.Carambis, C:\USERS\PUBLIC\DESKTOP\DRIVER UPDATER.LNK, Delete-on-Reboot, [1907], [351666],1.0.2861
PUP.Optional.AdvancedPCCare, C:\WINDOWS\SYSTEM32\TASKS\DRIVER UPDATER_LOGON, Delete-on-Reboot, [58], [412117],1.0.2861
PUP.Optional.DriverUpdater, C:\PROGRAM FILES\DRIVER UPDATER\APTDU.EXE.CONFIG, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\7z.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\7z.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\DPInst32.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\DPInst64.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\DriversPath.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\dp\FileValidator.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\danish_du_da.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\Dutch_du_nl.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\english_du_en.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\finish_du_fi.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\French_du_fr.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\german_du_de.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\italian_du_it.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\japanese_du_ja.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\norwegian_du_no.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\portuguese_du_ptbr.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\russian_du_ru.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\spanish_du_es.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Langs\swedish_du_sv.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\aptdu.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\danish_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Delimon.Win32.IO.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\DUContent.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Dutch_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\english_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\finish_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\French_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\german_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\italian_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\japanese_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\NAudio.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\norwegian_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\portuguese_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\russian_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\spanish_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\swedish_iss.ini, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\System.ServiceModel.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\TAFactory.IconPack.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\TaskScheduler.dll, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\unins000.dat, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\unins000.exe, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.DriverUpdater, C:\Program Files\Driver Updater\unins000.msg, Delete-on-Reboot, [8849], [437562],1.0.2861
PUP.Optional.AdvancedPCCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER UPDATER\BUY DRIVER UPDATER.LNK, Delete-on-Reboot, [58], [412123],1.0.2861
PUP.Optional.AdvancedPCCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater\Driver Updater.lnk, Delete-on-Reboot, [58], [412123],1.0.2861
PUP.Optional.AdvancedPCCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater\Uninstall Driver Updater.lnk, Delete-on-Reboot, [58], [412123],1.0.2861
PUP.Optional.DriverUpdater, C:\USERS\{username}\APPDATA\ROAMING\EFIXDRIVERS.COM\DRIVER UPDATER\ERRORLOG.TXT, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\param.ini, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\Users\{username}\AppData\Roaming\efixdrivers.com\Driver Updater\res.bin, Delete-on-Reboot, [8849], [437561],1.0.2861
PUP.Optional.DriverUpdater, C:\USERS\{username}\DESKTOP\DUEFIXSETUP.EXE, Delete-on-Reboot, [8849], [437560],1.0.2861

Physical Sector: 0
(No malicious items detected)



Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for Driver Updater de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/211208-removal-instructions-for-driver-updater/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/