Imprimer la page - Master PC Cleaner

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le octobre 19, 2017, 16:50:45

Titre: Master PC Cleaner
Posté par: chantal11 le octobre 19, 2017, 16:50:45

Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

Master PC Cleaner est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MasterPCCleaner/main.png&key=00c2b415125dcf2d3a920ca2cd1122caf8135f48d34a957a0cde2973566ac1c9)

S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MasterPCCleaner/warning4.png&key=343d1461f046d49b092afcaaf6815a2b0649262778d65ce9c3064581664cde0e)

Affiche ces alertes pendant l'installation

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MasterPCCleaner/warning1.png&key=f5cd7514c31c2c20ebb22753cf6f4c74572ad119733430e511a9ac8d548d4a9d)

Affiche ces écrans pendant les opérations

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MasterPCCleaner/warning2.png&key=ae549ae2b35bbdded51894be9c15bdc87d94fcde39daf9b09e96ae9721950dea)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MasterPCCleaner/warning5.png&key=dbe2022ba10c042a19dd420271f3bf93c0fde7e6a3655482a09ff4197afaedf3)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MasterPCCleaner/warning6.png&key=053d5c43080589fca5a2b90e07022f13061b4f772d2453e1142679ac7523811e)

Crée cette icône dans la Barre des tâches, sur le Bureau et dans le Menu Démarrer

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MasterPCCleaner/icons.png&key=d73ee9e9a1af0a8f8ba289b98b562ad209755b561fe080be1b1b409c48279474)

Crée ces tâches planifiées

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MasterPCCleaner/warning3.png&key=19aa09b479344f8e46a61e403931ed63f3896a9cae9e199f6b0776138d89898f)

**********

Détection de Master PC Cleaner dans des rapports FRST :

Citer

Master PC Cleaner (HKLM\...\{A00DA73E-1842-4E5A-91A5-EFEE1186C744}_is1) (Version: 1.0.0.38701 - )
Task: {987D5555-0E87-4CF2-9765-524CFD68DE7B} - System32\Tasks\Master PC Cleaner_Logon => C:\Program Files\Master PC Cleaner on {Nom_PC}\mpc.exe [2017-09-27] ()

() C:\Program Files\Master PC Cleaner on {Nom_PC}\mpc.exe
C:\Users\{Nom_Utilisateur}\AppData\Roaming\Master PC Cleaner on {Nom_PC}
C:\Windows\System32\Tasks\Master PC Cleaner_Logon
C:\Users\Public\Desktop\Master PC Cleaner.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PC Cleaner on {Nom_PC}
C:\ProgramData\Master PC Cleaner on {Nom_PC}
C:\Program Files\Master PC Cleaner on {Nom_PC}

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès au domaine

Citer

-Scan Details-
Process: 1
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\mpc.exe, Quarantined, [7134], [440068],1.0.2912

Module: 7
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x64\SQLite.Interop.dll, Quarantined, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\mpc.exe, Quarantined, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\NAudio.dll, Quarantined, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\System.Data.SQLite.DLL, Quarantined, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\TAFactory.IconPack.dll, Quarantined, [7134], [440068],1.0.2912

Registry Key: 4
PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A00DA73E-1842-4E5A-91A5-EFEE1186C744}_is1, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\MPC-PR, Delete-on-Reboot, [7134], [440065],1.0.2912
PUP.Optional.MasterPCCleaner, HKCU\SOFTWARE\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440063],1.0.2912
PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440067],1.0.2912

Registry Value: 4
PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\MPC-PR|PHONE, Delete-on-Reboot, [7134], [440065],1.0.2912
PUP.Optional.MasterPCCleaner, HKCU\SOFTWARE\Master PC Cleaner on {computername}|INSTALLSTRING, Delete-on-Reboot, [7134], [440063],1.0.2912
PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\Master PC Cleaner on {computername}|PHONE_US, Delete-on-Reboot, [7134], [440067],1.0.2912
PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A00DA73E-1842-4E5A-91A5-EFEE1186C744}_is1|DISPLAYICON, Delete-on-Reboot, [7134], [440066],1.0.2912

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 8
PUP.Optional.MasterPCCleaner, C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername}\smico, Delete-on-Reboot, [7134], [440069],1.0.2912
PUP.Optional.MasterPCCleaner, C:\USERS\{username}\APPDATA\ROAMING\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440069],1.0.2912
PUP.Optional.MasterPCCleaner, C:\PROGRAMDATA\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440061],1.0.2912
PUP.Optional.MasterPCCleaner, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440070],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x64, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x86, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\PROGRAM FILES\Master PC Cleaner on {computername}, Delete-on-Reboot, [7134], [440068],1.0.2912

File: 40
PUP.Optional.MasterPCCleaner, C:\USERS\{username}\APPDATA\ROAMING\Master PC Cleaner on {computername}\Errorlog.txt, Delete-on-Reboot, [7134], [440069],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername}\exlist.bin, Delete-on-Reboot, [7134], [440069],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername}\param.ini, Delete-on-Reboot, [7134], [440069],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Users\{username}\AppData\Roaming\Master PC Cleaner on {computername}\res.xml, Delete-on-Reboot, [7134], [440069],1.0.2912
PUP.Optional.MasterPCCleaner, C:\PROGRAMDATA\Master PC Cleaner on {computername}\mpc.db, Delete-on-Reboot, [7134], [440061],1.0.2912
PUP.Optional.MasterPCCleaner, C:\ProgramData\Master PC Cleaner on {computername}\mpcstartrepair_en.mp3, Delete-on-Reboot, [7134], [440061],1.0.2912
PUP.Optional.MasterPCCleaner, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Master PC Cleaner on {computername}\Master PC Cleaner.lnk, Delete-on-Reboot, [7134], [440070],1.0.2912
PUP.Optional.MasterPCCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PC Cleaner on {computername}\Buy Master PC Cleaner.lnk, Delete-on-Reboot, [7134], [440070],1.0.2912
PUP.Optional.MasterPCCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PC Cleaner on {computername}\Uninstall Master PC Cleaner.lnk, Delete-on-Reboot, [7134], [440070],1.0.2912
PUP.Optional.MasterPCCleaner, C:\USERS\PUBLIC\DESKTOP\MASTER PC CLEANER.LNK, Delete-on-Reboot, [7134], [440071],1.0.2912
PUP.Optional.MasterPCCleaner, C:\PROGRAM FILES\Master PC Cleaner on {computername}\mpc.exe.config, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\danish_apc_da.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\Dutch_apc_nl.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\english_apc_en.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\finish_apc_fi.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\French_apc_fr.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\german_apc_de.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\italian_apc_it.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\japanese_apc_ja.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\norwegian_apc_no.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\portuguese_apc_ptbr.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\russian_apc_ru.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\spanish_apc_es.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\langs\swedish_apc_sv.ini, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x64\SQLite.Interop.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\x86\SQLite.Interop.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\AppRes.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\HtmlRenderer.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\HtmlRenderer.WinForms.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\mpc.exe, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\NAudio.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\System.Data.SQLite.DLL, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\TAFactory.IconPack.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\TaskScheduler.dll, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\unins000.dat, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\unins000.exe, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\Program Files\Master PC Cleaner on {computername}\unins000.msg, Delete-on-Reboot, [7134], [440068],1.0.2912
PUP.Optional.MasterPCCleaner, C:\USERS\{username}\DESKTOP\MPCLSETUP.EXE, Delete-on-Reboot, [7134], [440060],1.0.2912

Physical Sector: 0
(No malicious items detected)

Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)

Source : Removal instructions for Master PC Cleaner de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/211659-removal-instructions-for-master-pc-cleaner/)

Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/