Auteur Sujet: goPlay Search  (Lu 634 fois)

0 Membres et 1 Invité sur ce sujet

Hors ligne chantal11

  • Admin Formation
  • Mega Power Members
  • ****
  • Messages: 22871
    • Windows 10 - Windows 8 - Windows 7 - Windows Vista
goPlay Search
« le: juillet 21, 2017, 14:39:48 »
Contenu republié avec la permission de Malwarebytes

goPlay Search est un Browser Hijacker (pirate de navigateur) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
goPlay Search détourne la recherche sous Chrome (search hijacker).


  • Affiche ces alertes pendant l'installation


  • S'installe en tant qu'extension/add-on du navigateur Chrome

  • Modifie les paramètres de recherche










**********

Détection de goPlay Search dans des rapports FRST :

Citer
CHR DefaultSearchURL: Default -> hxxp://games.eanswers.com/search/?category=web&s=pgds&vert=games&q={searchTerms}
CHR DefaultSearchKeyword: Default -> goPlay
CHR DefaultSuggestURL: Default -> hxxp://sug.eanswers.com/search/index_sg.php?q={searchTerms}
CHR Extension: (goPlay Search) - C:\Users\{Nom_Utilisateur}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd [2017-06-21]



**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès à leur domaine api.bettersearchtools.com.


Citer
PUP.Optional.GoPlay
PUP.Optional.BetterSearchTools
PUP.Optional.InstallCore

Citer
-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 10
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\official, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\_metadata, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\vertical, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FCLNCBFOKJDOMMEFILGJLCPOKDPODJMD, Delete-on-Reboot, [9416], [399151],1.0.2198

File: 33
PUP.Optional.GoPlay, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_fclncbfokjdommefilgjlcpokdpodjmd_0.localstorage, Delete-on-Reboot, [9527], [409278],1.0.2198
PUP.Optional.GoPlay, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_fclncbfokjdommefilgjlcpokdpodjmd_0.localstorage-journal, Delete-on-Reboot, [9527], [409278],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FCLNCBFOKJDOMMEFILGJLCPOKDPODJMD\1.0.1_0\MANIFEST.JSON, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\material-icons.css, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.eot, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.ijmap, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.svg, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.ttf, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.woff, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.woff2, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\RobotoCondensed-Light.ttf, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\RobotoCondensed-Regular.ttf, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\style.css, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\close.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\rate.jpg, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\rate1.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\share.jpg, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\share1.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\icon128.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\icon16.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\icon38.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\official\bootstrap.min.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\official\jquery.min.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\official\material.min.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\base.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\init.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\main.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\vertical\440x280.jpg, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\vertical\init.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\vertical\pop.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\_metadata\computed_hashes.json, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\_metadata\verified_contents.json, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\popup.html, Delete-on-Reboot, [9416], [399151],1.0.2198

Physical Sector: 0
(No malicious items detected)


Tutoriel d'utilisation Malwarebytes en images


Source : Removal instructions for goPlay Search de Metallica - Malwarebytes Forums



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/
 

Security-X

goPlay Search
« le: juillet 21, 2017, 14:39:48 »