Imprimer la page - goPlay Search

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le juillet 21, 2017, 14:39:48

Titre: goPlay Search
Posté par: chantal11 le juillet 21, 2017, 14:39:48

Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

goPlay Search est un Browser Hijacker (pirate de navigateur) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
goPlay Search détourne la recherche sous Chrome (search hijacker (https://blog.malwarebytes.org/security-threat/2015/03/adware-delivery-methods/)).

Affiche ces alertes pendant l'installation

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GoPlaySearch/warning1.png&key=3432566f31a9096a27d0c0e8e767af26a55695668783cda58deda736afafcb7f)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GoPlaySearch/startpage.png&key=fb7c3d4c2849c904d577da795f3e4f64ea7328f4264d4df673847ab65f91f1d0)

S'installe en tant qu'extension/add-on du navigateur Chrome

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GoPlaySearch/warning2.png&key=a8e5a976acc2e8b5530dbd4af6b2ee26858ba8bedb91f6971fb04bab22b84204)

Modifie les paramètres de recherche

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GoPlaySearch/warning3.png&key=c34f38dec492588a5c1a6832cdf2f064ead72a108ae2eccbfc9584b2dc6c03bf)

**********

Détection de goPlay Search dans des rapports FRST :

Citer

CHR DefaultSearchURL: Default -> hxxp://games.eanswers.com/search/?category=web&s=pgds&vert=games&q={searchTerms}
CHR DefaultSearchKeyword: Default -> goPlay
CHR DefaultSuggestURL: Default -> hxxp://sug.eanswers.com/search/index_sg.php?q={searchTerms}
CHR Extension: (goPlay Search) - C:\Users\{Nom_Utilisateur}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd [2017-06-21]

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès à leur domaine api.bettersearchtools.com.

Citer

PUP.Optional.GoPlay
PUP.Optional.BetterSearchTools
PUP.Optional.InstallCore

Citer

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 10
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\official, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\_metadata, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\vertical, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FCLNCBFOKJDOMMEFILGJLCPOKDPODJMD, Delete-on-Reboot, [9416], [399151],1.0.2198

File: 33
PUP.Optional.GoPlay, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_fclncbfokjdommefilgjlcpokdpodjmd_0.localstorage, Delete-on-Reboot, [9527], [409278],1.0.2198
PUP.Optional.GoPlay, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_fclncbfokjdommefilgjlcpokdpodjmd_0.localstorage-journal, Delete-on-Reboot, [9527], [409278],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FCLNCBFOKJDOMMEFILGJLCPOKDPODJMD\1.0.1_0\MANIFEST.JSON, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\material-icons.css, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.eot, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.ijmap, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.svg, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.ttf, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.woff, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\MaterialIcons-Regular.woff2, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\RobotoCondensed-Light.ttf, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\fonts\RobotoCondensed-Regular.ttf, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\css\style.css, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\close.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\rate.jpg, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\rate1.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\share.jpg, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\rateshare\share1.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\icon128.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\icon16.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\images\icon38.png, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\official\bootstrap.min.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\official\jquery.min.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\official\material.min.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\base.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\init.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\js\main.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\vertical\440x280.jpg, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\vertical\init.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\vertical\pop.js, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\_metadata\computed_hashes.json, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\_metadata\verified_contents.json, Delete-on-Reboot, [9416], [399151],1.0.2198
PUP.Optional.BetterSearchTools.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclncbfokjdommefilgjlcpokdpodjmd\1.0.1_0\popup.html, Delete-on-Reboot, [9416], [399151],1.0.2198

Physical Sector: 0
(No malicious items detected)

Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)

Source : Removal instructions for goPlay Search de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/203033-removal-instructions-for-goplay-search/)

Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/