Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le septembre 04, 2017, 17:15:20

Titre: GreatZip
Posté par: chantal11 le septembre 04, 2017, 17:15:20
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

GreatZip est un adware (https://blog.malwarebytes.com/threats/adware/) (logiciel publicitaire) qui affiche des publicités intempestives indépendantes des sites visités.


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GreatZip/warning4.png&key=9fe5b7e999a125adaa92271f84a348342e10f1277816c3294f0c444c0dabdbe9)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GreatZip/warning1.png&key=f7bb6e7f66daace3c26b8f0038c26cca77866010f812a47fbea1e6824c2dba4c)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GreatZip/warning2.png&key=0943572823e1c81d7776a8e0134f1db0dc059d48256247951b354922a77e07c1)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GreatZip/warning3.png&key=45549f2d33b37ea06b96ae7c1dbb0303fa02d5603c28265271c2352e2de379c7)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GreatZip/warning5.png&key=2e42d2dd7ac7c75cf9c0daf065e40d0ffb707ee50bcaa94ea629aeb6423774af)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/GreatZip/icons.png&key=a41ae0341b9c3013e4943e737d2d8e828050d5a5c9f13cb557c18fdd59c37dc9)








**********

Détection de GreatZip dans des rapports FRST :

Citer
GreatZipInstaller (HKLM-x32\...\GreatZip) (Version:  - )

(T M R G  , INC.) C:\Users\{Nom_Utilisateur}\AppData\Roaming\DownloadGreatZip\rkverify.exe
C:\Users\{Nom_Utilisateur}\AppData\Roaming\DownloadGreatZip
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GreatZip
C:\Program Files (x86)\GreatZip



**********


Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine greatzip.com et l'IP 104.18.45.103

Citer
-Scan Details-
Process: 1
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\ROAMING\DOWNLOADGREATZIP\RKVERIFY.EXE, Quarantined, [1184], [294394],1.0.2628

Module: 1
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\ROAMING\DOWNLOADGREATZIP\RKVERIFY.EXE, Quarantined, [1184], [294394],1.0.2628

Registry Key: 7
PUP.Optional.MyBit, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{23170F69-40C1-278A-1000-000100020000}, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{23170F69-40C1-278A-1000-000100020000}, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GreatZip, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.GreatZip, HKCU\SOFTWARE\GreatZip, Delete-on-Reboot, [8653], [427200],1.0.2628
PUP.Optional.GreatZip, HKCU\SOFTWARE\GreatZip, Delete-on-Reboot, [8653], [427200],1.0.2628

Registry Value: 1
PUP.Optional.MyBit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{23170F69-40C1-278A-1000-000100020000}, Delete-on-Reboot, [1826], [361607],1.0.2628

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\Lang, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\PROGRAM FILES (X86)\GreatZip, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.GreatZip, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GREATZIP, Delete-on-Reboot, [8653], [427191],1.0.2628

File: 22
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\Lang\en.ttt, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7-zip.dll, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7z.dll, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7z.exe, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7z.sfx, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\7zCon.sfx, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\descript.ion, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\GreatZIP.chm, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\GreatZIP.exe, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\GzG.exe, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\History.txt, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\License.txt, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\readme.txt, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.MyBit, C:\Program Files (x86)\GreatZip\Uninstall.exe, Delete-on-Reboot, [1826], [361607],1.0.2628
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\ROAMING\DOWNLOADGREATZIP\RKVERIFY.EXE, Delete-on-Reboot, [1184], [294394],1.0.2628
PUP.Optional.RelevantKnowledge, C:\USERS\{username}1\APPDATA\LOCAL\TEMP\CSM6476.TMP, Delete-on-Reboot, [1184], [294396],1.0.2628
PUP.Optional.GreatZip, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GreatZip\GreatZip File Manager.lnk, Delete-on-Reboot, [8653], [427191],1.0.2628
PUP.Optional.GreatZip, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GreatZip\GreatZip Help.lnk, Delete-on-Reboot, [8653], [427191],1.0.2628
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\ROAMING\DOWNLOADGREATZIP\RKINSTALLER.EXE, Delete-on-Reboot, [1184], [296186],1.0.2628
PUP.Optional.GreatZip, C:\USERS\{username}\DESKTOP\GREATZIP.EXE, Delete-on-Reboot, [8653], [427190],1.0.2628
PUP.Optional.MyBit, C:\USERS\{username}\DESKTOP\SETUP.EXE, Delete-on-Reboot, [1826], [361606],1.0.2628
PUP.Optional.RelevantKnowledge, C:\USERS\{username}\APPDATA\LOCAL\TEMP\CSM6476.TMP, Delete-on-Reboot, [1184], [294396],1.0.2628

Physical Sector: 0
(No malicious items detected)




Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for GreatZip de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/208597-removal-instructions-for-greatzip/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/