Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le juillet 21, 2017, 14:26:29

Titre: Super Optimizer
Posté par: chantal11 le juillet 21, 2017, 14:26:29
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

Super Optimizer est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SuperOptimizer/main.png&key=634684adcef205ee10cce5641c46e7279f38f4b98ebab49269572ac53c1fe5fd)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SuperOptimizer/warning4.png&key=09e135602aaa54ee9dd3964fa455e25a7fb5fa4d193f927ac5ffe3bd9e83bfac)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SuperOptimizer/warning1.png&key=8c81e799e57cce2b064596d599c19eae362ca3412ff12a8c7993d21ee974ff11)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SuperOptimizer/warning2.png&key=83c2d43216a89b812bfad82a0567feb1e4ce030faf58e62ce42a9ec5bb6ecd89)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SuperOptimizer/warning5.png&key=3c409d6470e0a22de91555fdab9f2a160370f77a5e710d69c0ccf335796a3cd4)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SuperOptimizer/warning6.png&key=0e735f074d69d6a0938d2394fd4bae922ca067b71165e4c82c53c1d4a1e9fcb9)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SuperOptimizer/icons.png&key=47c758ff5cea0e8e487ea8064f13138e81e623761384c5d4c90bf0ae1ba4dc1a)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SuperOptimizer/warning3.png&key=0c8f059a453e75430e74abeeec501fd1d5a2a8cc90890ac5e505c396ef4e1cf0)







**********

Détection de Super Optimizer dans des rapports FRST :

Citer
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
Task: {BD62A773-E750-4B3B-871B-1FEAB0D39955} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-12-30] () <==== ATTENTION
() C:\Program Files (x86)\Super Optimizer\SuperOptimizer.exe
() C:\Program Files (x86)\Super Optimizer\sqlite3.dll

() C:\Program Files (x86)\Super Optimizer\SuperOptimizer.exe
HKCU\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [675488 2015-12-30] ()
C:\Windows\System32\Tasks\Super Optimizer Schedule
C:\Users\{Nom_Utilisateur}\Documents\Super Optimizer
C:\Users\{Nom_Utilisateur}\AppData\Roaming\Super Optimizer
C:\Users\{Nom_Utilisateur}\Desktop\Super Optimizer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
C:\Program Files (x86)\Super Optimizer
C:\Users\{Nom_Utilisateur}\AppData\Local\Temp\supoptsetup.exe

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès à leur site safecart.com.

Citer
PUP.Optional.SuperOptimizer
PUP.Optional.OptimizerPro

Citer
-Scan Details-
Process: 1
PUP.Optional.OptimizerPro, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPEROPTIMIZER.EXE, Quarantined, [847], [69876],1.0.2352

Module: 2
PUP.Optional.OptimizerPro, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPEROPTIMIZER.EXE, Quarantined, [847], [69876],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\sqlite3.dll, Quarantined, [2658], [243664],1.0.2352

Registry Key: 3
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Super Optimizer_is1, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, HKCU\SOFTWARE\SUPER OPTIMIZER, Delete-on-Reboot, [2658], [243670],1.0.2352
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Super Optimizer Schedule, Delete-on-Reboot, [2658], [186768],1.0.2352

Registry Value: 3
PUP.Optional.SpeedingUpMyPC, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Super Optimizer, Delete-on-Reboot, [942], [363543],1.0.2352
PUP.Optional.SuperOptimizer, HKCU\SOFTWARE\SUPER OPTIMIZER|SETUPNAME, Delete-on-Reboot, [2658], [243670],1.0.2352
PUP.Optional.SuperOptimizer, HKCU\SOFTWARE\SUPER OPTIMIZER|ADSBUYNOWURL, Delete-on-Reboot, [2658], [243669],1.0.2352

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.SuperOptimizer, C:\Users\{username}\AppData\Roaming\Super Optimizer\Backup, Delete-on-Reboot, [2658], [179873],1.0.2352
PUP.Optional.SuperOptimizer, C:\Users\{username}\AppData\Roaming\Super Optimizer\Undo, Delete-on-Reboot, [2658], [179873],1.0.2352
PUP.Optional.SuperOptimizer, C:\Users\{username}\AppData\Roaming\Super Optimizer\Log, Delete-on-Reboot, [2658], [179873],1.0.2352
PUP.Optional.SuperOptimizer, C:\USERS\{username}\APPDATA\ROAMING\Super Optimizer, Delete-on-Reboot, [2658], [179873],1.0.2352
PUP.Optional.SuperOptimizer, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\USERS\{username}\DOCUMENTS\SUPER OPTIMIZER, Delete-on-Reboot, [2658], [243663],1.0.2352
PUP.Optional.SuperOptimizer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPER OPTIMIZER, Delete-on-Reboot, [2658], [243665],1.0.2352

File: 40
PUP.Optional.OptimizerPro, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPEROPTIMIZER.EXE, Delete-on-Reboot, [847], [69876],1.0.2352
PUP.Optional.SpeedingUpMyPC, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPOPTLAUNCHER.EXE, Delete-on-Reboot, [942], [363543],1.0.2352
PUP.Optional.SuperOptimizer, C:\USERS\{username}\DESKTOP\SUPER OPTIMIZER.LNK, Delete-on-Reboot, [2658], [243662],1.0.2352
PUP.Optional.SpeedingUpMyPC, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\SUPOPTSCHEDULE.EXE, Delete-on-Reboot, [942], [363543],1.0.2352
PUP.Optional.SuperOptimizer, C:\PROGRAM FILES (X86)\SUPER OPTIMIZER\UNINS000.MSG, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new4.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new5.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_en.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_es.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_fr.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\bg_new_it.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\cancel.bmp, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\CookiesException.txt, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\English.ini, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\file_id.diz, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\HomePage.url, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\idp.dll, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\itdownload.dll, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\QuickCheckout.exe, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\scan.gif, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\sqlite3.dll, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\StartupList.txt, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SuperOptimizer.chm, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptGuard.exe, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptHelper.dll, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptReminder.exe, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptStart.exe, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\SupOptUninstaller.exe, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\unins000.dat, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\Program Files (x86)\Super Optimizer\unins000.exe, Delete-on-Reboot, [2658], [243664],1.0.2352
PUP.Optional.SuperOptimizer, C:\USERS\{username}\DESKTOP\SUPEROPTIMIZER.EXE, Delete-on-Reboot, [2658], [77288],1.0.2352
PUP.Optional.SuperOptimizer, C:\USERS\{username}\APPDATA\LOCAL\TEMP\SUPOPTSETUP.EXE, Delete-on-Reboot, [2658], [77287],1.0.2352
PUP.Optional.SuperOptimizer, C:\USERS\{username}\DOCUMENTS\SUPER OPTIMIZER\COOKIESEXCEPTION.TXT, Delete-on-Reboot, [2658], [243663],1.0.2352
PUP.Optional.SuperOptimizer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SUPER OPTIMIZER\SUPER OPTIMIZER ON THE WEB.LNK, Delete-on-Reboot, [2658], [243665],1.0.2352
PUP.Optional.SuperOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer\Check updates.lnk, Delete-on-Reboot, [2658], [243665],1.0.2352
PUP.Optional.SuperOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer\Help.lnk, Delete-on-Reboot, [2658], [243665],1.0.2352
PUP.Optional.SuperOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer\Super Optimizer.lnk, Delete-on-Reboot, [2658], [243665],1.0.2352
PUP.Optional.SuperOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer\Uninstall Super Optimizer.lnk, Delete-on-Reboot, [2658], [243665],1.0.2352
PUP.Optional.SuperOptimizer, C:\WINDOWS\SYSTEM32\TASKS\SUPER OPTIMIZER SCHEDULE, Delete-on-Reboot, [2658], [234121],1.0.2352

Physical Sector: 0
(No malicious items detected)



Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for Super Optimizer de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/204278-removal-instructions-for-super-optimizer/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/