Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)
ScreenUp est un adware (logiciel publicitaire), qui affiche des publicités intempestives indépendantes des sites visités.
- S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/ScreenUp/warning4.png&key=1e5d4077974ecf498bda391f57f3a2d8ec6638448ae6eebea3a3adb3a45d950c)
- Affiche ces alertes pendant l'installation
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/ScreenUp/warning1.png&key=915988fe4cfee500bade9844e059d5c31cbdbb9769cfea5f73829a8e333cf2c0)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/ScreenUp/warning2.png&key=4df27ca61c5ff21331e6a5ba4b8c65a89533dad7fcd90c576413479cb5571ee6)
- Affiche ces écrans pendant l'opération
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/ScreenUp/warning5.png&key=964426478e602f05c7e23fb1df4cc9b799877ae2738ee976911b240d30ad7ba9)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/ScreenUp/main.png&key=e02a7ee58899f0a623ff5c4d6fd3346692d5753e86bf2bfc2806af0c5b3ee93e)
**********
Détection de ScreenUp dans des rapports FRST :
ScreenUp (HKLM-x32\...\ScreenUp) (Version: - DoLab LLC)
(DoLab LLC) C:\Users\{Nom_Utilisateur}\AppData\Roaming\ScreenUp\ScreenUp.exe
HKCU\...\Run: [ScreenUp] => C:\Users\{Nom_Utilisateur}\AppData\Roaming\ScreenUp\ScreenUp.exe [1598976 2015-09-14] (DoLab LLC)
C:\Users\Public\Desktop\ScreenUp.lnk
C:\Users\{Nom_Utilisateur}\AppData\Roaming\ScreenUp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenUp
**********
Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine screenup.ru et l'IP 37.59.177.44
PUP.Optional.ScreenUp
-Scan Details-
Process: 1
PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP\SCREENUP.EXE, Quarantined, [9235], [398730],1.0.1963
Module: 1
PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP\SCREENUP.EXE, Quarantined, [9235], [398730],1.0.1963
Registry Key: 4
PUP.Optional.ScreenUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ScreenUp, Delete-on-Reboot, [9235], [399043],1.0.1963
PUP.Optional.ScreenUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\ScreenUp.exe, Delete-on-Reboot, [9235], [399042],1.0.1963
PUP.Optional.ScreenUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\ScreenUp.exe, Delete-on-Reboot, [9235], [399042],1.0.1963
PUP.Optional.ScreenUp, HKCU\SOFTWARE\SCREENUP, Delete-on-Reboot, [9235], [399040],1.0.1963
Registry Value: 3
PUP.Optional.ScreenUp, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ScreenUp, Delete-on-Reboot, [9235], [398730],1.0.1963
PUP.Optional.ScreenUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SCREENUP|URLINFOABOUT, Delete-on-Reboot, [9235], [399041],1.0.1963
PUP.Optional.ScreenUp, HKCU\SOFTWARE\SCREENUP|AUTOUPDATE, Delete-on-Reboot, [9235], [399040],1.0.1963
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 2
PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP, Delete-on-Reboot, [9235], [399043],1.0.1963
PUP.Optional.ScreenUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SCREENUP, Delete-on-Reboot, [9235], [399134],1.0.1963
File: 8
PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP\SCREENUP.EXE, Delete-on-Reboot, [9235], [398730],1.0.1963
PUP.Optional.ScreenUp, C:\USERS\{username}\APPDATA\ROAMING\SCREENUP\SCREENUP.URL, Delete-on-Reboot, [9235], [399043],1.0.1963
PUP.Optional.ScreenUp, C:\Users\{username}\AppData\Roaming\ScreenUp\uninst.exe, Delete-on-Reboot, [9235], [399043],1.0.1963
PUP.Optional.ScreenUp, C:\USERS\{username}\DESKTOP\SCNMASTERSETUP.EXE, Delete-on-Reboot, [9235], [398730],1.0.1963
PUP.Optional.ScreenUp, C:\USERS\PUBLIC\DESKTOP\SCREENUP.LNK, Delete-on-Reboot, [9235], [399045],1.0.1963
PUP.Optional.ScreenUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SCREENUP\WEBSITE.LNK, Delete-on-Reboot, [9235], [399134],1.0.1963
PUP.Optional.ScreenUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenUp\ScreenUp.lnk, Delete-on-Reboot, [9235], [399134],1.0.1963
PUP.Optional.ScreenUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenUp\Uninstall.lnk, Delete-on-Reboot, [9235], [399134],1.0.1963
Physical Sector: 0
(No malicious items detected)
Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)
Source : Removal instructions for ScreenUp de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/201122-removal-instructions-for-screenup/)
Toujours infecté ? Une question avant de faire des manipulations ?
Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/