Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)
My Defragmenter est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyDefragmenter/main.png&key=ef2b47715723db6d94bac761e07056179b8031cf37d9a32c0d3ad538df2f56df)
- S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyDefragmenter/warning4.png&key=11b8bdb207bfe12faf81c3bf80e2654591b94b88a87bf9228e1ac83c2fd72691)
- Affiche ces alertes pendant l'installation
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyDefragmenter/warning1.png&key=c431eb3c5c9a8ea52a6e99f1a8d529d419ef57dfad57baba5d70ff34e58ae619)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyDefragmenter/warning2.png&key=7178b141dc9473b2020069cf3f2dd1e038ea4af2e90c0c118038c987e38b30d9)
- Affiche ces écrans pendant les opérations
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyDefragmenter/warning5.png&key=dbab23b78076c661267617797b11e406dac174d7bdd1e7433a79567c207a9d0c)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyDefragmenter/warning7.png&key=c065dec7aeded0bc44d5adebb141417b716143d4b6f310a8b583ee3a5fab547a)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyDefragmenter/warning8.png&key=8026a80674f3c5e5756bf4fd236722a0c0b5bac99e6df62efa4c5f7667c86a0b)
- Crée cette icône dans la Barre des tâches, sur le Bureau et dans le Menu Démarrer
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyDefragmenter/icons.png&key=8d81700e9b8a75944cd449ff5cea44c531d4553cf4917615d98c6c778ae22e8e)
**********
Détection de My Defragmenter dans des rapports FRST :
My Defragmenter (HKLM-x32\...\{91566393-AD20-4B92-A81B-B17F31527DD4}) (Version: 1.0 - ConsumerSoft)
(ConsumerSoft) C:\Program Files (x86)\ConsumerSoft\My Defragmenter\Defrag.exe
HKCU\...\Run: [MyDefragReminder] => C:\Program Files (x86)\ConsumerSoft\My Defragmenter\DefragReminder.exe [918440 2012-07-06] (ConsumerSoft)
C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Defragmenter
C:\Program Files (x86)\ConsumerSoft
**********
Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès à leur site.
PUP.Optional.MyDefragmenter
-Scan Details-
Process: 1
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\DEFRAG.EXE, Quarantined, [9413], [404073],1.0.2214
Module: 4
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\UDEFRAG.DLL, Quarantined, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\ZENWINX.DLL, Quarantined, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\DEFRAG.EXE, Quarantined, [9413], [404073],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\UDEFRAG-KERNEL.DLL, Quarantined, [9413], [404066],1.0.2214
Registry Key: 1
PUP.Optional.MyDefragmenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{91566393-AD20-4B92-A81B-B17F31527DD4}, Delete-on-Reboot, [9413], [404066],1.0.2214
Registry Value: 1
PUP.Optional.MyDefragmenter, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MyDefragReminder, Delete-on-Reboot, [9413], [404066],1.0.2214
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 1
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER, Delete-on-Reboot, [9413], [404066],1.0.2214
File: 17
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\UDEFRAG.DLL, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\ZENWINX.DLL, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\DEFRAG.EXE, Delete-on-Reboot, [9413], [404073],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\UDEFRAG-KERNEL.DLL, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\DEFRAGREMINDER.EXE, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\USERS\{username}\DESKTOP\MY DEFRAGMENTER.LNK, Delete-on-Reboot, [9413], [404070],1.0.2214
PUP.Optional.MyPhoneSupport, C:\USERS\{username}\DESKTOP\MY PHONE SUPPORT.LNK, Delete-on-Reboot, [9416], [404069],1.0.2214
PUP.Optional.MyDefragmenter, C:\USERS\{username}\DESKTOP\INSTALL MY DEFRAGMENTER.EXE, Delete-on-Reboot, [9413], [404073],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\config, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\ddtimes.dat, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\drconfig, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\eula.txt, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\INSTALL.LOG, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\install.sss, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\MyPhoneSupport.exe, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\schd, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\Uninstall.exe, Delete-on-Reboot, [9413], [404066],1.0.2214
Physical Sector: 0
(No malicious items detected)
Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)
Source : Removal instructions for My Defragmenter de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/203150-removal-instructions-for-my-defragmenter/)
Toujours infecté ? Une question avant de faire des manipulations ?
Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/