Imprimer la page - PC Smart Cleanup

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le octobre 19, 2017, 16:20:57

Titre: PC Smart Cleanup
Posté par: chantal11 le octobre 19, 2017, 16:20:57

Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

PC Smart Cleanup est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCSmartCleanup/main.png&key=3265ea262aeab010364e3e9b5e84bfedc5c69ff4bf84545330c4757a9ca84f11)

S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCSmartCleanup/warning4.png&key=f5c3a09d2f5981f5481f363e7b2ab260ab9f54fab11de21a65b44f0418290b7a)

Affiche ces alertes pendant l'installation

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCSmartCleanup/warning1.png&key=2827d885e246710e6ed3e18f6fccba6ac0c267c38a5570d069d61db5fa2a149b)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCSmartCleanup/warning2.png&key=915d43b3e523b43574a625547271fb2417e4177a5685f95adb03ba0138c20499)

Affiche ces écrans pendant les opérations

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCSmartCleanup/warning6.png&key=f8465e3c96f5c90822f72ac9697b71d9f812c4196ff125be20df42cbeadff0f8)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCSmartCleanup/warning7.png&key=3826c82ab37bde04cc6b93ea450c9e3fd624d95a8d674c0f0a449031918cd36e)

Crée cette icône dans la Barre des tâches, sur le Bureau et dans le Menu Démarrer

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCSmartCleanup/icons.png&key=a001c18b20aeffa09adb445dd7ccace83e5122151a66001460de8ad021583ce5)

Crée ces tâches planifiées

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PCSmartCleanup/warning3.png&key=96dc5c3f1844b402676a4c5dab6fb04be22d655101b8bc91c723278b501832ac)

**********

Détection de PC Smart Cleanup dans des rapports FRST :

Citer

PC Smart Cleanup Installer version 3.0 (HKLM-x32\...\{6706DF9F-E1C8-5C4E-AB48-80452QEQ1277}_is1) (Version: 3.0 - PC Smart Cleanup Installer)
PC Smart Cleanup version 3.0 (HKLM-x32\...\{6406DF9F-E9C8-4C2E-AB48-80352BDR8529}_is1) (Version: 3.0 - PC Smart Cleanup)
Task: {E7E51E6B-EF09-45D7-9CDE-4F393D80A136} - System32\Tasks\pcsmartcleanup_onstartup => C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup.exe [2017-08-26] ()

() C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup.exe
() C:\Program Files (x86)\PC Smart Cleanup\mswin.exe
() C:\Program Files (x86)\PC Smart Cleanup\pcsmartcleanup_popup.exe
HKCU\...\Run: [PC Smart Cleanup] => C:\Program Files (x86)\PC Smart Cleanup\PCSmart.bat [55 2017-07-19] ()
C:\Windows\System32\Tasks\pcsmartcleanup_onstartup
C:\Users\Public\Desktop\PC Smart Cleanup.lnk
C:\ProgramData\PC Smart Cleanup
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Smart Cleanup
C:\Program Files\PC Smart Cleanup Installer
C:\Program Files (x86)\PC Smart Cleanup
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Smart Cleanup Installer
C:\Program Files (x86)\PC Smart Cleanup Installer

**********

Détecté et traité par Malwarebytes en tant que Rogue
Sous la version Premium, Malwarebytes bloque l'accès au domaine pcsmartcleanup.com et l'IP 184.95.32.178

Citer

-Scan Details-
Process: 3
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\mswin.exe, Quarantined, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup.exe, Quarantined, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pcsmartcleanup_popup.exe, Quarantined, [748], [433236],1.0.2771

Module: 4
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\x64\SQLite.Interop.dll, Quarantined, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\mswin.exe, Quarantined, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup.exe, Quarantined, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pcsmartcleanup_popup.exe, Quarantined, [748], [433236],1.0.2771

Registry Key: 4
Rogue.PCSmartCleanup, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6406DF9F-E9C8-4C2E-AB48-80352BDR8529}_is1, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6706DF9F-E1C8-5C4E-AB48-80452QEQ1277}_is1, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E7E51E6B-EF09-45D7-9CDE-4F393D80A136}, Delete-on-Reboot, [748], [433241],1.0.2771
Rogue.PCSmartCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\pcsmartcleanup_onstartup, Delete-on-Reboot, [748], [433240],1.0.2771

Registry Value: 2
Rogue.PCSmartCleanup, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PC Smart Cleanup, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E7E51E6B-EF09-45D7-9CDE-4F393D80A136}|PATH, Delete-on-Reboot, [748], [433241],1.0.2771

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 18
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\Sounds, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\x64, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\x86, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\br, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\db, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\de, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\en, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\es, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\fr, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\it, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\ja, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\ProgramData\PC Smart Cleanup\db, Delete-on-Reboot, [748], [433243],1.0.2771
Rogue.PCSmartCleanup, C:\PROGRAMDATA\PC SMART CLEANUP, Delete-on-Reboot, [748], [433243],1.0.2771
Rogue.PCSmartCleanup, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC SMART CLEANUP, Delete-on-Reboot, [748], [433244],1.0.2771
Rogue.PCSmartCleanup, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC SMART CLEANUP INSTALLER, Delete-on-Reboot, [748], [433245],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files\PC Smart Cleanup Installer\softupdate, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\PROGRAM FILES\PC SMART CLEANUP INSTALLER, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\softupdate, Delete-on-Reboot, [748], [433246],1.0.2771

File: 63
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\br\pc-smart-cleanup-uninstaller.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\br\pc-smart-cleanup.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\de\pc-smart-cleanup-uninstaller.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\de\pc-smart-cleanup.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\en\pc-smart-cleanup-uninstaller.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\en\pc-smart-cleanup.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\es\pc-smart-cleanup-uninstaller.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\es\pc-smart-cleanup.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\fr\pc-smart-cleanup-uninstaller.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\fr\pc-smart-cleanup.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\it\pc-smart-cleanup-uninstaller.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\it\pc-smart-cleanup.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\ja\pc-smart-cleanup-uninstaller.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\ja\pc-smart-cleanup.resources.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\Sounds\English-Audio.wav, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\Sounds\French-Audio-men.wav, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\Sounds\French-Audio.wav, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\Sounds\popupp.wav, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\Sounds\scan_completed.wav, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\x64\SQLite.Interop.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\x86\SQLite.Interop.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\favicon.ico, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\Ionic.Zip.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\mswin.exe, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\Newtonsoft.Json.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\NUnrar.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup-uninstaller.exe, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup.exe, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup.exe.config, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup.pdb, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup.vshost.exe.config, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pc-smart-cleanup.vshost.exe.manifest, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\PCSmart.bat, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\pcsmartcleanup_popup.exe, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\SQLiteHelper.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\SQLiteHelper.pdb, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\System.Data.SQLite.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\System.Data.SQLite.Linq.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\unins000.dat, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\unins000.exe, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\unins000.msg, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\web_reference.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\WpfAnimatedGif.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup\WpfPageTransitions.dll, Delete-on-Reboot, [748], [433236],1.0.2771
Rogue.PCSmartCleanup, C:\ProgramData\PC Smart Cleanup\db\BT.jmps, Delete-on-Reboot, [748], [433243],1.0.2771
Rogue.PCSmartCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Smart Cleanup\PC Smart Cleanup.lnk, Delete-on-Reboot, [748], [433244],1.0.2771
Rogue.PCSmartCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Smart Cleanup\Uninstall PC Smart Cleanup.lnk, Delete-on-Reboot, [748], [433244],1.0.2771
Rogue.PCSmartCleanup, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Smart Cleanup Installer\PC Smart Cleanup Installer.lnk, Delete-on-Reboot, [748], [433245],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files\PC Smart Cleanup Installer\softupdate\pc-smart-cleanup.exe, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\favicon.ico, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\pc-smart-cleanup-installer.exe, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\pc-smart-cleanup-installer.exe.config, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\pc-smart-cleanup-installer.pdb, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\pc-smart-cleanup-installer.vshost.exe.config, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\pc-smart-cleanup-installer.vshost.exe.manifest, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\unins000.dat, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\unins000.exe, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\unins000.msg, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\Program Files (x86)\PC Smart Cleanup Installer\web_reference.dll, Delete-on-Reboot, [748], [433246],1.0.2771
Rogue.PCSmartCleanup, C:\USERS\PUBLIC\DESKTOP\PC SMART CLEANUP.LNK, Delete-on-Reboot, [748], [433242],1.0.2771
Rogue.PCSmartCleanup, C:\WINDOWS\SYSTEM32\TASKS\PCSMARTCLEANUP_ONSTARTUP, Delete-on-Reboot, [748], [433239],1.0.2771
Rogue.PCSmartCleanup, C:\USERS\{username}\DESKTOP\PC-SMART-CLEANUP-EN.EXE, Delete-on-Reboot, [748], [433248],1.0.2771

Physical Sector: 0
(No malicious items detected)

Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)

Source : Removal instructions for PC Smart Cleanup de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/210361-removal-instructions-for-pc-smart-cleanup/)

Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/