Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le octobre 19, 2017, 16:29:20

Titre: System Healer
Posté par: chantal11 le octobre 19, 2017, 16:29:20
Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)

System Healer est un faux nettoyeur/optimiseur, affiche intentionnellement des faux-positifs pour convaincre l'utilisateur que son système a des problèmes et lui faire acheter le logiciel.
Plus d'infos : Registry Cleaners: Digital Snake Oil | Malwarebytes Labs (https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SystemHealer2/main.png&key=e91edf6a437208c390c8029be7c05edcf7344fbe5f76f5b5d552922418994528)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SystemHealer2/warning4.png&key=c0dbba792fb5824c1af870082ca965b84ca4cba3a0fdf69023e33956aa4905bf)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SystemHealer2/warning2.png&key=89ce18a3a0aae05086549937501843f5deb1bde580ccd9902b5f35099015ec04)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SystemHealer2/warning5.png&key=4fed11010f6227dda909e4ff3ff6602d648064b1e512b9286d1422315381aadd)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SystemHealer2/warning6.png&key=9a4ab0f5eafedb922b96190de83fe0b2c941521ad8ea3e8333b8e8cb2f295129)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SystemHealer2/warning7.png&key=9ddddf98966c3973a391ee7e8425169053d339423818731636d8f452397b4e1f)

(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SystemHealer2/icons.png&key=ccf2bee3643141c2a96e780645b184dd61c962a438e09d9c7b001b5b39417a13)


(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/SystemHealer2/warning3.png&key=79506a0f364b92eebbecc97f3422c8e187cc13d5ae2fd78131b5f57fd9528113)







**********

Détection de System Healer dans des rapports FRST :

Citer
System Healer (HKLM-x32\...\SystemHealer_is1) (Version: 4.4.0.3 - SystemHealer)
Task: {380B6879-EC7D-43F3-ABAF-3E445AE73FE1} - System32\Tasks\{797E7947-080C-7D79-7E11-790C0C791179} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgADsAOwA7ACAAOwA7ACAAOwA7ADsAIAA7ACAAOwAgACAAIAAgADsAOwAgADsAIAA7ACAAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUA (the data entry has 10112 more characters).
Task: {64630517-7171-4191-851F-CB0FD50AEDD4} - System32\Tasks\SystemHealer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2017-09-12] ()
Task: {92F7FABC-FAAB-434B-9BF3-302E5C4C7195} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2017-09-12] ()
Task: {99A76278-74FF-462F-9D05-232DD1F1C3C6} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2017-09-12] ()
Task: {B544A224-833D-4E79-A01E-55F82594FF32} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2017-09-12] ()
Task: {E941C75D-D6B7-4742-8FFE-8630DF08C36E} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2017-09-12] ()
Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe

() C:\Program Files (x86)\SystemHealer\SystemHealer.exe
() C:\Program Files (x86)\SystemHealer\RescueMonitor.exe
C:\ProgramData\65502caa-4b67-0
C:\ProgramData\65502caa-2ca3-1
C:\Windows\System32\Tasks\System HealerPeriod
C:\Windows\System32\Tasks\System HealerStartUp
C:\Windows\Tasks\System HealerStartUp.job
C:\Windows\Tasks\System HealerPeriod.job
C:\Users\{Nom_Utilisateur}\AppData\Roaming\System Healer
C:\Program Files (x86)\SystemHealer
C:\Windows\System32\Tasks\{797E7947-080C-7D79-7E11-790C0C791179}
C:\Windows\System32\Tasks\SystemHealer Task
C:\Windows\System32\Tasks\SystemHealer Monitor
C:\Windows\System32\Tasks\SystemHealer Run Delay
C:\Users\{Nom_Utilisateur}\Desktop\Launch System Healer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
C:\ProgramData\65502caa-60f3-1
C:\ProgramData\65502caa-1aa1-0

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque l'accès au domaine ukhealer.net et l'IP 81.171.14.67

Citer
-Scan Details-
Process: 3
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\RescueMonitor.exe, Quarantined, [980], [182463],1.0.2811
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\SystemHealer.exe, Quarantined, [980], [182463],1.0.2811
PUP.Optional.SystemHealer, C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE, Quarantined, [980], [116850],1.0.2811

Module: 1
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\SystemHealer.exe, Quarantined, [980], [182463],1.0.2811

Registry Key: 18
PUP.Optional.SystemHealer, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{797E7947-080C-7D79-7E11-790C0C791179}, Quarantined, [980], [-1],0.0.0
PUP.Optional.SystemHealer, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{380B6879-EC7D-43F3-ABAF-3E445AE73FE1}, Quarantined, [980], [-1],0.0.0
PUP.Optional.SystemHealer, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{380B6879-EC7D-43F3-ABAF-3E445AE73FE1}, Quarantined, [980], [-1],0.0.0
PUP.Optional.SystemHealer, HKCU\SOFTWARE\SYSTEM HEALER, Quarantined, [980], [261796],1.0.2811
Adware.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564, Quarantined, [1728], [424293],1.0.2811
PUP.Optional.PSScriptLoad.ACMB3, HKCU\CONSOLE\TASKENG.EXE, Quarantined, [5380], [425125],1.0.2811
PUP.Optional.PSScriptLoad.ACMB3, HKCU\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Quarantined, [5380], [425124],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{64630517-7171-4191-851F-CB0FD50AEDD4}, Quarantined, [980], [258707],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{92F7FABC-FAAB-434B-9BF3-302E5C4C7195}, Quarantined, [980], [258707],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System HealerPeriod, Quarantined, [980], [252787],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99A76278-74FF-462F-9D05-232DD1F1C3C6}, Quarantined, [980], [258707],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B544A224-833D-4E79-A01E-55F82594FF32}, Quarantined, [980], [258706],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E941C75D-D6B7-4742-8FFE-8630DF08C36E}, Quarantined, [980], [258706],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System HealerStartUp, Quarantined, [980], [252787],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SystemHealer Monitor, Quarantined, [980], [252788],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SystemHealer Run Delay, Quarantined, [980], [252788],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SystemHealer_is1, Quarantined, [980], [182463],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SystemHealer Task, Quarantined, [980], [252788],1.0.2811

Registry Value: 9
PUP.Optional.PSScriptLoad.ACMB3, HKCU\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Quarantined, [5380], [425126],1.0.2811
PUP.Optional.SystemHealer, HKCU\SOFTWARE\SYSTEM HEALER|CARTURL, Quarantined, [980], [261796],1.0.2811
PUP.Optional.PSScriptLoad.ACMB3, HKCU\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Quarantined, [5380], [425125],1.0.2811
PUP.Optional.PSScriptLoad.ACMB3, HKCU\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Quarantined, [5380], [425124],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{64630517-7171-4191-851F-CB0FD50AEDD4}|PATH, Quarantined, [980], [258707],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{92F7FABC-FAAB-434B-9BF3-302E5C4C7195}|PATH, Quarantined, [980], [258707],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99A76278-74FF-462F-9D05-232DD1F1C3C6}|PATH, Quarantined, [980], [258707],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B544A224-833D-4E79-A01E-55F82594FF32}|PATH, Quarantined, [980], [258706],1.0.2811
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E941C75D-D6B7-4742-8FFE-8630DF08C36E}|PATH, Quarantined, [980], [258706],1.0.2811

Registry Data: 4
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, [1728], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, [1728], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|NameServer, Replaced, [1728], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{EDB0D6D8-B1F7-496F-A023-44DF7155F1CD}|DhcpNameServer, Replaced, [1728], [-1],0.0.0

Data Stream: 0
(No malicious items detected)

Folder: 9
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\WL, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\USERS\{username}\APPDATA\ROAMING\SYSTEM HEALER, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM HEALER, Quarantined, [980], [181295],1.0.2811
PUP.Optional.SystemHealer, C:\PROGRAM FILES (X86)\SYSTEMHEALER, Quarantined, [980], [182463],1.0.2811
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\65502caa-1aa1-0, Quarantined, [8358], [407181],1.0.2811
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\65502caa-2ca3-1, Quarantined, [8358], [407181],1.0.2811
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\65502caa-4b67-0, Quarantined, [8358], [407181],1.0.2811
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\65502caa-60f3-1, Quarantined, [8358], [407181],1.0.2811

File: 44
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\System HealerPeriod, Quarantined, [980], [252783],1.0.2811
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\{797E7947-080C-7D79-7E11-790C0C791179}, Quarantined, [980], [-1],0.0.0
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\System HealerStartUp, Quarantined, [980], [252783],1.0.2811
PUP.Optional.SystemHealer, C:\USERS\{username}\DESKTOP\LAUNCH SYSTEM HEALER.LNK, Quarantined, [980], [252782],1.0.2811
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\SystemHealer Monitor, Quarantined, [980], [252784],1.0.2811
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\SystemHealer Run Delay, Quarantined, [980], [252784],1.0.2811
PUP.Optional.SystemHealer, C:\WINDOWS\SYSTEM32\TASKS\SystemHealer Task, Quarantined, [980], [252784],1.0.2811
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\65502caa-2ca3-1\BITD931.tmp, Quarantined, [14727], [257931],1.0.2811
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\65502caa-4b67-0\BITD961.tmp, Quarantined, [14727], [257931],1.0.2811
PUP.Optional.SystemHealer, C:\WINDOWS\TASKS\System HealerPeriod.job, Quarantined, [980], [252785],1.0.2811
PUP.Optional.SystemHealer, C:\WINDOWS\TASKS\System HealerStartUp.job, Quarantined, [980], [252785],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\Danish.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\Dutch.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\English.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\EnglishPC.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\French.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\German.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\Italian.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\Norwegian.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\Parameters.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\Portuguese.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\Spanish.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\Swedish.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\Languages\tmpLang.json, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\CallBanner.png, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\Users\{username}\AppData\Roaming\System Healer\FinishedScan.png, Quarantined, [980], [181294],1.0.2811
PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer\Launch System Healer.lnk, Quarantined, [980], [181295],1.0.2811
PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer\System Healer on the Web.url, Quarantined, [980], [181295],1.0.2811
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\HealerConsole.exe, Quarantined, [980], [182463],1.0.2811
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\RescueMonitor.exe, Quarantined, [980], [182463],1.0.2811
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\SystemHealer.exe, Quarantined, [980], [182463],1.0.2811
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\SystemHealer.ini, Quarantined, [980], [182463],1.0.2811
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\unins000.dat, Quarantined, [980], [182463],1.0.2811
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\unins000.exe, Quarantined, [980], [182463],1.0.2811
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\unins000.msg, Quarantined, [980], [182463],1.0.2811
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\65502caa-1aa1-0\65502caa-1aa1-0.d, Quarantined, [8358], [407181],1.0.2811
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Delete-on-Reboot, [8358], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Delete-on-Reboot, [8358], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarantined, [8358], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarantined, [8358], [-1],0.0.0
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\65502caa-60f3-1\65502caa-60f3-1.d, Quarantined, [8358], [407181],1.0.2811
PUP.Optional.SystemHealer, C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE, Quarantined, [980], [116850],1.0.2811
PUP.Optional.SystemHealer, C:\USERS\{username}\DESKTOP\SYSTEMHEALER.EXE, Quarantined, [980], [434913],1.0.2811
PUP.Optional.SystemHealer, C:\USERS\{username}\DESKTOP\SYSTEMHEALERSETUP.EXE, Quarantined, [980], [424479],1.0.2811

Physical Sector: 0
(No malicious items detected)



Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)


Source : Removal instructions for System Healer de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/210648-removal-instructions-for-system-healer/)



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/