Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)
PC OptiClean est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCOptiClean/main.png&key=3883c69ae8940943102f757ccbedcf283f46e2ce18bf665175b20d2b3653faf7)
- S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCOptiClean/warning4.png&key=064f09b3f8728a268a2f2f99f0184429c795ae539cfa5b06a7c38840f52b7c5b)
- Affiche ces alertes pendant l'installation
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCOptiClean/warning1.png&key=d169e778ea36e7f626cc869fa47880fbdbe3ada47feabc1e1e4ecdf5165c8cfc)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCOptiClean/warning2.png&key=42693e8e538f24616d7da4c9cd65eb14e7cf62b6a59d0b756c37b1bff9ee3d95)
- Affiche ces écrans pendant les opérations
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCOptiClean/warning5.png&key=0d09befa25912ea3e50e2d349891840fee75bc649387533a07cf7820bef412b8)
- Crée cette icône dans la Barre des tâches, sur le Bureau et dans le Menu Démarrer
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCOptiClean/icons.png&key=4edeabc2e5ae26ae6ff7c2644b448a4f9b9aa4ba899c33204ecfa8d994ff53a5)
- Crée ces tâches planifiées
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCOptiClean/warning3.png&key=b4a06b16f2e805fed0e9a0ffe4378d16eac11df01e7b2ba08949a1a08d70de23)
**********
Détection de PC OptiClean dans des rapports FRST :
PC OptiClean v4.1 (HKLM-x32\...\PC OptiClean_is1) (Version: 4.1 - Seguro Software LLC)
Task: {F2205754-5038-4F3A-BEF6-CF56D96C31E6} - System32\Tasks\PC OptiClean Schedule => C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe [2016-12-14] (Seguro Software LLC)
(Seguro Software LLC) C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe
(Seguro Software LLC) C:\Program Files (x86)\PC OptiClean\PCOptiClean.exe
C:\Users\{Nom_Utilisateur}\Documents\PC OptiClean
C:\Windows\System32\Tasks\PC OptiClean Schedule
C:\Users\{Nom_Utilisateur}\AppData\Roaming\PC OptiClean
C:\Users\{Nom_Utilisateur}\Desktop\PC OptiClean.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean
C:\Program Files (x86)\PC OptiClean
**********
Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès au domaine pcopticlean.com et l'IP 184.106.55.85
-Scan Details-
Process: 2
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe, Quarantined, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOptiClean.exe, Quarantined, [4109], [445649],1.0.3020
Module: 3
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe, Quarantined, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOptiClean.exe, Quarantined, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\sqlite3.dll, Quarantined, [4109], [445649],1.0.3020
Registry Key: 2
PUP.Optional.PCOptiClean, HKCU\SOFTWARE\PC OptiClean, Delete-on-Reboot, [4109], [445662],1.0.3020
PUP.Optional.PCOptiClean, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC OptiClean_is1, Delete-on-Reboot, [4109], [445660],1.0.3020
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 6
PUP.Optional.PCOptiClean, C:\PROGRAM FILES (X86)\PC OPTICLEAN, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC OPTICLEAN, Delete-on-Reboot, [4109], [445651],1.0.3020
PUP.Optional.PCOptiClean, C:\Users\{username}\AppData\Roaming\PC OptiClean\Backup, Delete-on-Reboot, [4109], [445654],1.0.3020
PUP.Optional.PCOptiClean, C:\Users\{username}\AppData\Roaming\PC OptiClean\Undo, Delete-on-Reboot, [4109], [445654],1.0.3020
PUP.Optional.PCOptiClean, C:\Users\{username}\AppData\Roaming\PC OptiClean\Log, Delete-on-Reboot, [4109], [445654],1.0.3020
PUP.Optional.PCOptiClean, C:\USERS\{username}\APPDATA\ROAMING\PC OPTICLEAN, Delete-on-Reboot, [4109], [445654],1.0.3020
File: 20
PUP.Optional.PCOptiClean, C:\WINDOWS\SYSTEM32\TASKS\PC OptiClean Schedule, Delete-on-Reboot, [4109], [445658],1.0.3020
PUP.Optional.PCOptiClean, C:\USERS\{username}\DESKTOP\PC OPTICLEAN.LNK, Delete-on-Reboot, [4109], [445657],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\Animation.gif, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\CookieExclusions.txt, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\English.ini, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\file_id.diz, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\HomePage.url, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOCSchedule.exe, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOptiClean.chm, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\PCOptiClean.exe, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\Scanning.gif, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\SDesc.txt, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\sqlite3.dll, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\unins000.dat, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\Program Files (x86)\PC OptiClean\unins000.exe, Delete-on-Reboot, [4109], [445649],1.0.3020
PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\Check updates.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020
PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\Help.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020
PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\PC OptiClean on the Web.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020
PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\PC OptiClean.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020
PUP.Optional.PCOptiClean, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC OptiClean\Uninstall PC OptiClean.lnk, Delete-on-Reboot, [4109], [445651],1.0.3020
Physical Sector: 0
(No malicious items detected)
Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)
Source : Removal instructions for PC OptiClean de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/212788-removal-instructions-for-pc-opticlean/)
Toujours infecté ? Une question avant de faire des manipulations ?
Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/