Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le juillet 21, 2017, 13:58:50

Titre: MyTurboPC
Posté par: chantal11 le juillet 21, 2017, 13:58:50
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

MyTurboPC est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyTurboPC/main.png&key=31c7dba1a613dc68dd73c25a2d6bd4be3f7c1e8e4d9f2bc202e1f5f3b360de4a)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyTurboPC/warning4.png&key=5018f2642df0747ca95e4275e3cbcd684f09f752fad5207d615fa580f9aa26d4)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyTurboPC/warning1.png&key=32cf258ffd6a3264c569e234ea76e6514d7615fbc132b76c5796e76b1709f037)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyTurboPC/warning2.png&key=18320888ea79f35f091173a3677f46a0bdf144fc513673ac48bddaa7cdfda68a)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyTurboPC/warning5.png&key=822cb85f14aae52562210117a059cf2a4e9b81ec48b838ab3cb976f2c0ed20da)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyTurboPC/warning6.png&key=c1b6bb2ce652ba95e353d677851a564f00978caf8d943a7da9b82c5a1d2908d7)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyTurboPC/icons.png&key=7bc5932d3a28ecec96e1c8dbe92e62688b5b9e98e07580b952ae76be6e245632)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/MyTurboPC/warning3.png&key=6b47c4a971d633c29839895d981973a68822d9552b428144a7f6987c5a937a9e)







**********

Détection de MyTurboPC dans des rapports FRST :

Citer
MyTurboPC (HKLM-x32\...\{A2F37CA8-53F8-4594-B701-32AE64BAED1A}) (Version: 3.3.29.0 - MyTurboPC.com)
Task: {03A8F46B-2FB8-4C66-B42A-D3D87D32EA4D} - System32\Tasks\MyTurboPC Update => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe [2017-05-17] (MyTurboPC.com)
Task: {1FCE01C3-EC4C-4995-9641-237082D34C16} - System32\Tasks\MyTurboPC_sch_D0B8542C-5BD6-11E7-8DA7-080027750297 => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe [2017-05-17] (MyTurboPC.com) <==== ATTENTION
Task: {5772C617-3425-40FD-BF4E-AE19C1C5F472} - System32\Tasks\MyTurboPC.com Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll" RunUns
Task: {A4F2686A-45F8-4F98-A14C-52B4F63EF8F2} - System32\Tasks\MyTurboPC Startup => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe [2017-05-17] (MyTurboPC.com)
Task: C:\Windows\Tasks\MyTurboPC Startup.job => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe8C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe
Task: C:\Windows\Tasks\MyTurboPC Update.job => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe-update C:\Program Files (x86)\MyTurboPC.com
Task: C:\Windows\Tasks\MyTurboPC.com Registration3.job => C:\Windows\system32\rundll32.exeIC:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll RunUns7C:\Program Files (x86)\Common Files\MyTurboPC.com
Task: C:\Windows\Tasks\MyTurboPC_sch_D0B8542C-5BD6-11E7-8DA7-080027750297.job => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe2 /schedule:D0B8542C-5BD6-11E7-8DA7-080027750297 C:\Program Files (x86)\MyTurboPC.com <==== ATTENTION
() C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\7ZipDLL.dll
() C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\LiteZip.dll
() C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\ExtensionManager.dll
() C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\CommonLoggingExtension.pxt
() C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\CommonSpecialist.pxt
() C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\RegHookSpecialist.pxt
() C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\Utility.pxt
() C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\LiteUnzip.dll

(MyTurboPC.com) C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe
(Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1032192 2017-05-05] (Digital Care Solutions) [File not signed]
S3 scan; C:\Program Files\BDServices\scan.dll [652568 2017-05-05] (Bitdefender)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [442848 2017-05-05] (BitDefender S.R.L.)
C:\Windows\System32\Tasks\MyTurboPC_sch_D0B8542C-5BD6-11E7-8DA7-080027750297
C:\Windows\System32\Tasks\MyTurboPC Update
C:\Windows\System32\Tasks\MyTurboPC.com Registration3
C:\Windows\System32\Tasks\MyTurboPC Startup
C:\Users\{username}\Desktop\MyTurboPC.lnk
C:\Windows\Tasks\MyTurboPC_sch_D0B8542C-5BD6-11E7-8DA7-080027750297.job
C:\Windows\Tasks\MyTurboPC.com Registration3.job
C:\Windows\Tasks\MyTurboPC Update.job
C:\Windows\Tasks\MyTurboPC Startup.job
C:\Users\{Nom_Utilisateur}\AppData\Roaming\MyTurboPC.com
C:\ProgramData\MyTurboPC.com
C:\Program Files\BDServices
C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
C:\Program Files (x86)\MyTurboPC.com

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès à leur site myturbopc.com.

Citer
PUP.Optional.MyTurboPC

Exemple de rapport (https://up.security-x.fr/file.php?h=R40fddcf2cf5986db61448622fcda3300)



Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for MyTurboPC de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/203382-removal-instructions-for-myturbopc/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/