Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)
Privacy Search Plus est une extension Chrome imposée sur certains sites (forced extension (https://blog.malwarebytes.com/cybercrime/2016/11/forced-into-installing-a-chrome-extension/))
- S'installe en tant qu'extension Chrome
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearchPlus/main.png&key=7febb6ac461b935440fbaddf3b3aeaedbcd5c817d61096f58c27e5f9f9c49653)
- Affiche ces alertes pendant l'installation
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearchPlus/warning1.png&key=af440843127821a53dda4c474bb6836d66316cc91ded9a5417bcb4c9d5b091c0)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearchPlus/warning2.png&key=8296d36d3df07a13995f25a6f2bf732c5952278613b573b57e959e8aaea2d16d)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearchPlus/warning3.png&key=e656e49710ed43aba03a12ad961d32f428eaf506deabead928036b48afe7c75f)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearchPlus/warning4.png&key=17b4b57e4a7b2aad411b80d85a2a5f8b58f7844d104d90ffc9123179cef671ae)
- Affiche ces alertes après l'installation
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearchPlus/warning5.png&key=20b677467f14f68c123ced7d3717b75950cb9f9868360be1ee324272c8a465c1)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearchPlus/warning6.png&key=b12f781010eb56e4e4d3b1f89b9f4145e104455e3b615129e2aad656167f5cf7)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearchPlus/warning7.png&key=e464703e8b1315d9cb9e457ade819077e902eade02f4b242e346f7a5798e6d2d)
**********
Détection de Privacy Search Plus dans des rapports FRST :
CHR Extension: (Privacy Search Plus) - C:\Users\{Nom_Utilisateur}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl [2017-08-10]
**********
Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine quickprivacycheck.com et l'IP 209.87.144.33
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 9
PUP.Optional.PrivateSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL EXTENSION SETTINGS\KHMHEDBBLHEJONLHEDMEJHFCDJEJCODL, Delete-on-Reboot, [466], [389265],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\about\css, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\about\img, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\_metadata, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\scripts, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\images, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\about, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KHMHEDBBLHEJONLHEDMEJHFCDJEJCODL, Delete-on-Reboot, [466], [389262],1.0.2551
File: 20
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khmhedbblhejonlhedmejhfcdjejcodl\000003.log, Delete-on-Reboot, [466], [389265],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khmhedbblhejonlhedmejhfcdjejcodl\CURRENT, Delete-on-Reboot, [466], [389265],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khmhedbblhejonlhedmejhfcdjejcodl\LOCK, Delete-on-Reboot, [466], [389265],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khmhedbblhejonlhedmejhfcdjejcodl\LOG, Delete-on-Reboot, [466], [389265],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khmhedbblhejonlhedmejhfcdjejcodl\MANIFEST-000001, Delete-on-Reboot, [466], [389265],1.0.2551
PUP.Optional.PrivateSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KHMHEDBBLHEJONLHEDMEJHFCDJEJCODL\1.0_0\MANIFEST.JSON, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\about\css\style.css, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\about\img\close.png, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\about\img\setting.png, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\about\index.html, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\images\icon128.png, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\images\icon38.png, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\images\icon48.png, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\images\logo_disable.png, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\images\logo_enable.png, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\scripts\background.js, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\scripts\foreground.js, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\_metadata\computed_hashes.json, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\_metadata\verified_contents.json, Delete-on-Reboot, [466], [389262],1.0.2551
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmhedbblhejonlhedmejhfcdjejcodl\1.0_0\options.js, Delete-on-Reboot, [466], [389262],1.0.2551
Physical Sector: 0
(No malicious items detected)
Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)
Source : Removal instructions for Privacy Search Plus de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/207479-removal-instructions-for-privacy-search-plus/)
Toujours infecté ? Une question avant de faire des manipulations ?
Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/