Auteur Sujet: Privacy-Search  (Lu 7338 fois)

0 Membres et 1 Invité sur ce sujet

Hors ligne chantal11

  • Admin Formation
  • Mega Power Members
  • ****
  • Messages: 25002
    • Windows 10 - Windows 8 - Windows 7 - Windows Vista
Privacy-Search
« le: septembre 13, 2017, 15:58:22 »
Contenu republié avec la permission de Malwarebytes

Privacy-Search est un Browser Hijacker (pirate de navigateur) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
Privacy-Search détourne la recherche sous Chrome (search hijacker).


  • Affiche ces alertes pendant l'installation



  • S'installe en tant qu'extension/add-on du navigateur Chrome

  • Affiche cette icône dans la Barre Chrome

  • Affiche ce commutateur en cliquant sur l'icône

  • Modifie les paramètres de recherche










**********

Détection de Privacy-Search dans des rapports FRST :

Citer
CHR DefaultSearchURL: Default -> hxxp://www.privacy-search.company/spsearch/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Privacy
CHR DefaultSuggestURL: Default -> hxxp://www.privacy-search.company/spauto/?kwd={searchTerms}
CHR Extension: (Search Privacy) - C:\Users\{Nom_Utilisateur}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb [2017-08-15]



**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine info.searchprivacy.co et l'IP 104.24.105.22


Citer
-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 10
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\plugin, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\core, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\_metadata, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\icon, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\css, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\img, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GEJLDKALBGEJPJMAGGIHGGJFFHOONJDB, Quarantined, [466], [379317],1.0.2589

File: 23
PUP.Optional.PrivateSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GEJLDKALBGEJPJMAGGIHGGJFFHOONJDB\1.24.14.2_0\MANIFEST.JSON, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\css\style.css, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\icon\icon.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\icon\icon16.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\icon\icon48.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\img\mob1.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\img\tick_green.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\img\Warning.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\core\background.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\core\content.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\core\popup.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\constant.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\fingerprint.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\listeners.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\md5.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\user.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\util.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\variables.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\plugin\jquery.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\_metadata\computed_hashes.json, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\_metadata\verified_contents.json, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\background.html, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\popup.html, Quarantined, [466], [379317],1.0.2589

Physical Sector: 0
(No malicious items detected)


Tutoriel d'utilisation Malwarebytes en images


Source : Removal instructions for Privacy-Search de Metallica - Malwarebytes Forums



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/
 

Security-X

Privacy-Search
« le: septembre 13, 2017, 15:58:22 »