Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le mai 15, 2017, 14:28:25

Titre: Magic Pc Cleaner
Posté par: chantal11 le mai 15, 2017, 14:28:25
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

Magic Pc Cleaner est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MagicPcCleaner/main.png&key=ba8b60e8be555a254db9c3db4fec8cbe5e12739d3cce8fcdb2d2140b8fc408e9)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MagicPcCleaner/warning4.png&key=58636afe7297d763ede6d52092861cc1aa60fe3d0e4337e91b1df6d123d24965)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MagicPcCleaner/warning2.png&key=a919d6dfd2a81937c8b242b3d5619711e56887b82f3f3c1795c627aaa6d39b44)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MagicPcCleaner/warning1.png&key=f1777eb382b522c0651bf2bc9cd140e3dc3f0d1b2c7c96fe4e90a9ae072846b4)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MagicPcCleaner/clean.png&key=47ba0ae349a03703680765aa5ffaa32997283621d960c238d4c4320c606270ea)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCRegBoost/popup.png&key=9e5cef598a097a510fdb25965466cd3118f1632c26d89335406651c756f1e4c0)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MagicPcCleaner/icons.png&key=7bd3bbcf8d3b80654ea866f71e921ba26dc8f87793a7b7104421e9ca68f11e52)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MagicPcCleaner/warning3.png&key=ca895d6ec18e88d76e72f385a7e1b540d1913b47b9d770e0f9b3daa53d2b21c1)







**********

Détection de Magic Pc Cleaner dans des rapports FRST :

Citer
Magic Pc Cleaner (HKLM-x32\...\{5788EE0A-93E6-4958-AFBD-EB13D1B6558C}) (Version: 1.0.0 - Magic Pc Cleaner)
Task: {5E313F6C-5A9D-46F4-BDA7-8A7358B73F91} - System32\Tasks\Microsoft Essentials => C:\Program Files (x86)\SystemOptimizer\MagicPcCleaner.exe [2017-05-04] ()

() C:\Program Files (x86)\SystemOptimizer\MagicPcCleaner.exe
() C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\MagicPcCleaner.exe
InternetURL: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemCleaner.url -> file:///C:\Program Files (x86)\Magic Pc Cleaner\Magic Pc Cleaner\MagicPcCleaner.exe
C:\Users\{Nom_Utilisateur}\AppData\Local\MagicPcCleaner
C:\Users\Public\Desktop\Magic PC Cleaner.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Pc Cleaner
C:\Program Files (x86)\Magic Pc Cleaner
(Magic Pc Cleaner) C:\Users\{username}\Desktop\MPCSetup.exe
C:\Windows\System32\Tasks\Microsoft Essentials
C:\Users\{Nom_Utilisateur}\AppData\Roaming\Magic Pc Cleaner
C:\Program Files (x86)\SystemOptimizer

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)


Citer
PUP.Optional.MagicPCCleaner


Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for Magic Pc Cleaner de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/200606-removal-instructions-for-magic-pc-cleaner/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/