Auteur Sujet: GreatZip  (Lu 1511 fois)

0 Membres et 1 Invité sur ce sujet

Hors ligne chantal11

  • Admin Formation
  • Mega Power Members
  • ****
  • Messages: 23102
    • Windows 10 - Windows 8 - Windows 7 - Windows Vista
GreatZip
« le: septembre 04, 2017, 17:15:20 »
Contenu republié avec la permission de Malwarebytes

GreatZip est un adware (logiciel publicitaire) qui affiche des publicités intempestives indépendantes des sites visités.


  • S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur

  • Affiche ces avertissements pendant l'installation




  • Crée cette icône dans le Menu Démarrer









**********

Détection de GreatZip dans des rapports FRST :

Citer
GreatZipInstaller (HKLM-x32\...\GreatZip) (Version:  - )

(T M R G  , INC.) C:\Users\{Nom_Utilisateur}\AppData\Roaming\DownloadGreatZip\rkverify.exe
C:\Users\{Nom_Utilisateur}\AppData\Roaming\DownloadGreatZip
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GreatZip
C:\Program Files (x86)\GreatZip



**********


Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine greatzip.com et l'IP 104.18.45.103

Citer
-Scan Details-
Process: 1
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\ROAMING\DOWNLOADGREATZIP\RKVERIFY.EXE, Quarantined, [1184], [294394],1.0.2628

Module: 1
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\ROAMING\DOWNLOADGREATZIP\RKVERIFY.EXE, Quarantined, [1184], [294394],1.0.2628

Registry Key: 7
PUP.Optional.MyBit, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{23170F69-40C1-278A-1000-000100020000}, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{23170F69-40C1-278A-1000-000100020000}, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GreatZip, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.GreatZip, HKCU\SOFTWARE\GreatZip, Delete-on-Reboot, [8653], [427200],1.0.2628
PUP.Optional.GreatZip, HKCU\SOFTWARE\GreatZip, Delete-on-Reboot, [8653], [427200],1.0.2628

Registry Value: 1
PUP.Optional.MyBit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{23170F69-40C1-278A-1000-000100020000}, Delete-on-Reboot, [1826], [361607],1.0.2628

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\Lang, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\PROGRAM FILES (X86)\GreatZip, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.GreatZip, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GREATZIP, Delete-on-Reboot, [8653], [427191],1.0.2628

File: 22
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\Lang\en.ttt, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7-zip.dll, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7z.dll, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7z.exe, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7z.sfx, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7zCon.sfx, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\descript.ion, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\GreatZIP.chm, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\GreatZIP.exe, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\GzG.exe, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\History.txt, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\License.txt, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\readme.txt, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\Uninstall.exe, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\ROAMING\DOWNLOADGREATZIP\RKVERIFY.EXE, Delete-on-Reboot, [1184], [294394],1.0.2628
PUP.Optional.RelevantKnowledge, C:\USERS\{username}1\APPDATA\LOCAL\TEMP\CSM6476.TMP, Delete-on-Reboot, [1184], [294396],1.0.2628
PUP.Optional.GreatZip, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GreatZip\GreatZip File Manager.lnk, Delete-on-Reboot, [8653], [427191],1.0.2628
PUP.Optional.GreatZip, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GreatZip\GreatZip Help.lnk, Delete-on-Reboot, [8653], [427191],1.0.2628
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\ROAMING\DOWNLOADGREATZIP\RKINSTALLER.EXE, Delete-on-Reboot, [1184], [296186],1.0.2628
PUP.Optional.GreatZip, C:\USERS\{username}\DESKTOP\GREATZIP.EXE, Delete-on-Reboot, [8653], [427190],1.0.2628
PUP.Optional.MyBit, C:\USERS\{username}\DESKTOP\SETUP.EXE, Delete-on-Reboot, [1826], [361606],1.0.2628
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\LOCAL\TEMP\CSM6476.TMP, Delete-on-Reboot, [1184], [294396],1.0.2628

Physical Sector: 0
(No malicious items detected)




Tutoriel d'utilisation Malwarebytes en images


Source : Removal instructions for GreatZip de Metallica - Malwarebytes Forums



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/
 

Security-X

GreatZip
« le: septembre 04, 2017, 17:15:20 »