Imprimer la page

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le juillet 20, 2017, 15:53:41

Titre: GenlT
Posté par: chantal11 le juillet 20, 2017, 15:53:41

Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

GenlT est un adware (https://blog.malwarebytes.com/threats/adware/) (logiciel publicitaire) qui affiche des publicités intempestives indépendantes des sites visités.

S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GenITMewishid/warning4.png&key=4ef8b4107a032b22921d83129df366dd18741c12a3068a821a903470b6ccc68c)

**********

Détection de GenlT dans des rapports FRST :

Citer

Genl Tybie Trossachs (HKLM-x32\...\Genl Tybie Trossachs) (Version: 2.17 - Exundancy Co.)
() C:\Program Files (x86)\GenlTybros\libcef.dll

(Exundancy Co.) C:\Program Files (x86)\GenlTybros\GenlT.exe
(Exundancy Co.) C:\Program Files (x86)\GenlTybros\GenlTybros_.exe
(Exundancy Co.) C:\Program Files (x86)\GenlTybros\GenlTybros.exe
R2 GenlT; C:\Program Files (x86)\GenlTybros\GenlT.exe [110080 2017-06-21] (Exundancy Co.) [File not signed]
C:\Program Files (x86)\GenlTybros

**********

Détecté et traité par Malwarebytes en tant que Adware (logiciel publicitaire)
Sous la version Premium, Malwarebytes bloque le domaine stats.countstatsregion.com et l'IP 162.221.224.45

Citer

Adware.Mewishid

Citer

-Scan Details-
Process: 5
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLT.EXE, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Quarantined, [1181], [411529],1.0.2390

Module: 17
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLT.EXE, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Quarantined, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Quarantined, [1181], [411529],1.0.2390

Registry Key: 3
Adware.Mewishid, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GenlT, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Genl Tybie Trossachs, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, HKLM\SOFTWARE\GenlT, Delete-on-Reboot, [1181], [411537],1.0.2390

Registry Value: 1
Adware.Mewishid, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GENLT|IMAGEPATH, Delete-on-Reboot, [1181], [411540],1.0.2390

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\Update, Delete-on-Reboot, [1181], [411529],1.0.2390

File: 72
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLT.EXE, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS.EXE, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\CHROME_ELF.DLL, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\LIBCURL.DLL, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\PROGRAM FILES (X86)\GENLTYBROS\GENLTYBROS_.EXE, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\hi.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\am.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ar.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\bg.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\bn.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ca.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\cs.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\da.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\de.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\el.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\en-GB.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\en-US.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\es-419.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\es.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\et.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\fa.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\fi.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\fil.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\fr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\gu.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\he.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\hr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\hu.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\id.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\it.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ja.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\kn.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ko.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\lt.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\lv.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ml.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\mr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ms.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\nb.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\nl.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\pl.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\pt-BR.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\pt-PT.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ro.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ru.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sk.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sl.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sv.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\sw.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\ta.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\te.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\th.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\tr.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\uk.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\vi.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\zh-CN.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\locales\zh-TW.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\cef.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\cef_100_percent.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\cef_200_percent.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\cef_extensions.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\devtools_resources.pak, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\icudtl.dat, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libcef.dll, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libEGL.dll, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\libGLESv2.dll, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\natives_blob.bin, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\snapshot_blob.bin, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\Uninstall.exe, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid, C:\Program Files (x86)\GenlTybros\widevinecdmadapter.dll, Delete-on-Reboot, [1181], [411529],1.0.2390
Adware.Mewishid.Generic, C:\USERS\{username}\DESKTOP\INSTALLP.EXE, Delete-on-Reboot, [9520], [410362],1.0.2390

Physical Sector: 0
(No malicious items detected)

Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)

Source : Removal instructions for GenlT de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/204836-removal-instructions-for-genlt/)

Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/