Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)
Privacy-Search est un Browser Hijacker (pirate de navigateur) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
Privacy-Search détourne la recherche sous Chrome (search hijacker (https://blog.malwarebytes.org/security-threat/2015/03/adware-delivery-methods/)).
- Affiche ces alertes pendant l'installation
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearch/warning1.png&key=cdfa90dbb142d8e323eabb1fa493e77778da25a77f1ecaa7b6144d614a965bb4)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearch/warning2.png&key=81f508a09bac75938fb29ab427e824257e3139f1377c2ac2a34eeafcb58c1521)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearch/warning3.png&key=87373505f7e49b3218fdaf3f8ef3a4aa7da2e4dc716ba1af2ffcc6ded1394ca4)
- S'installe en tant qu'extension/add-on du navigateur Chrome
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearch/main.png&key=9a9a459d438f9a5d1a211b366fae9a0bfa7ba5efd8bcfc029b5ea31e6dab4f2c)
- Affiche cette icône dans la Barre Chrome
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearch/icons.png&key=99990d776fa7b1afd7bf358d7bd8e50dbc6455d5f6f0cab2b6f4e268311c263e)
- Affiche ce commutateur en cliquant sur l'icône
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearch/warning5.png&key=befe7d2b46c0613344b20d6d978b37a2b96e20fad493a98a123d32ae63930666)
- Modifie les paramètres de recherche
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/PrivacySearch/warning4.png&key=3586315e763a40f70cf5cb350ef8c6b423318223caed559fd0a7ca6a37bd1db3)
**********
Détection de Privacy-Search dans des rapports FRST :
CHR DefaultSearchURL: Default -> hxxp://www.privacy-search.company/spsearch/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Privacy
CHR DefaultSuggestURL: Default -> hxxp://www.privacy-search.company/spauto/?kwd={searchTerms}
CHR Extension: (Search Privacy) - C:\Users\{Nom_Utilisateur}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb [2017-08-15]
**********
Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine info.searchprivacy.co et l'IP 104.24.105.22
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 10
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\plugin, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\core, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\_metadata, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\icon, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\css, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\img, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GEJLDKALBGEJPJMAGGIHGGJFFHOONJDB, Quarantined, [466], [379317],1.0.2589
File: 23
PUP.Optional.PrivateSearch, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GEJLDKALBGEJPJMAGGIHGGJFFHOONJDB\1.24.14.2_0\MANIFEST.JSON, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\css\style.css, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\icon\icon.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\icon\icon16.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\icon\icon48.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\img\mob1.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\img\tick_green.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\img\Warning.png, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\core\background.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\core\content.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\core\popup.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\constant.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\fingerprint.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\listeners.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\md5.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\user.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\util.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\modules\variables.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\scripts\plugin\jquery.js, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\_metadata\computed_hashes.json, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\_metadata\verified_contents.json, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\background.html, Quarantined, [466], [379317],1.0.2589
PUP.Optional.PrivateSearch, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejldkalbgejpjmaggihggjffhoonjdb\1.24.14.2_0\popup.html, Quarantined, [466], [379317],1.0.2589
Physical Sector: 0
(No malicious items detected)
Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)
Source : Removal instructions for Privacy-Search de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/208105-removal-instructions-for-privacy-search/)
Toujours infecté ? Une question avant de faire des manipulations ?
Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/