Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)
echttwo est une extension Chrome imposée sur certains sites (forced extension (https://blog.malwarebytes.com/cybercrime/2016/11/forced-into-installing-a-chrome-extension/)) ou depuis le Chrome Web Store
- S'installe en tant qu'extension Chrome
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EchtTwo/main.png&key=c6086fa9f03811d41e9de158353bc89731585cd417edab348eae56a8bc38707c)
- Affiche ces alertes pendant l'installation
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EchtTwo/warning1.png&key=be90ccbc02e4a4aa5c2e214946018d5e4e775273cb641be3d7f8995bfda93fcd)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EchtTwo/warning2.png&key=face214ad7f02e69febfb5ee4110550dce15e6bbe518508037f6c62052fc4bf9)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/EchtTwo/warning3.png&key=f7736e794906947604288b0758fa57e251de46d1abb4c36b8444c8ed3b2c34a4)
**********
Détection de echttwo dans des rapports FRST :
CHR Extension: (echttwo) - C:\Users\{Nom_Utilisateur}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfpmoejdaklikbaakgibgacbkiegnjg [2017-08-28]
**********
Détecté et traité par Malwarebytes en tant que Rogue
Sous la version Premium, Malwarebytes bloque le domaine echttwo.com et l'IP 104.31.69.246
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 3
Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfpmoejdaklikbaakgibgacbkiegnjg\0.6_0\_metadata, Quarantined, [618], [428536],1.0.2671
Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfpmoejdaklikbaakgibgacbkiegnjg\0.6_0, Quarantined, [618], [428536],1.0.2671
Rogue.ForcedExtension, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LHFPMOEJDAKLIKBAAKGIBGACBKIEGNJG, Quarantined, [618], [428536],1.0.2671
File: 6
Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfpmoejdaklikbaakgibgacbkiegnjg\0.6_0\_metadata\computed_hashes.json, Quarantined, [618], [428536],1.0.2671
Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfpmoejdaklikbaakgibgacbkiegnjg\0.6_0\_metadata\verified_contents.json, Quarantined, [618], [428536],1.0.2671
Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfpmoejdaklikbaakgibgacbkiegnjg\0.6_0\echttwo.png, Quarantined, [618], [428536],1.0.2671
Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfpmoejdaklikbaakgibgacbkiegnjg\0.6_0\htmlcode.html, Quarantined, [618], [428536],1.0.2671
Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfpmoejdaklikbaakgibgacbkiegnjg\0.6_0\manifest.json, Quarantined, [618], [428536],1.0.2671
Rogue.ForcedExtension, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfpmoejdaklikbaakgibgacbkiegnjg\0.6_0\script.js, Quarantined, [618], [428536],1.0.2671
Physical Sector: 0
(No malicious items detected)
Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)
Source : Removal instructions for echttwo de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/209103-removal-instructions-for-echttwo/)
Toujours infecté ? Une question avant de faire des manipulations ?
Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/