Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)
TubeTab est un Browser Hijacker (pirate de navigateur) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
TubeTab appartient à la famille Spigot (Spigot browser hijackers (https://blog.malwarebytes.com/puppum/2017/02/spigot-browser-hijackers/))
- S'installe en tant qu'extension/add-on du navigateur
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/TubeTab/main.png&key=19ceb9d9e9d2bf52f3039cce1356ccc25ef803c8dc674b662dee971cf7e58e42)
- Affiche cette icône dans la Barre Chrome
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/TubeTab/icons.png&key=ed877888aedef3727c549b0535fd454fc5461020b06252b53b06f403f17878e2)
- Affiche ces alertes à l'ouverture de Chrome pendant ou après l'installation
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/TubeTab/warning1.png&key=5ecfa5fb9dbb6fc039db04e05f90c959b41194c8762800252a1da91ff99353d0)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/TubeTab/warning2.png&key=c3fe0246f2edbb0942a92579003c8300b5400784b443517c903bdac58ac1fdbb)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/TubeTab/warning3.png&key=fee1faffc8df54b91c7e6569cf92878064961b15f8a5df3572c2b0e39ce8b8a1)
- Affiche cette page de démarrage dans le navigateur
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/TubeTab/startpage.png&key=84e11298a64186ca063560130be0240c009f6b861eb1e1fd1ef9367cb1911b6b)
**********
Détection de TubeTab dans des rapports FRST :
CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms}
CHR DefaultSearchKeyword: Default -> ut
CHR Extension: (TubeTab) - C:\Users\{Nom_Utilisateur}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce [2017-08-14]
CHR HKCU\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx
**********
Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine searchytdvta.com et l'IP 34.200.182.93
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 11
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_locales\en, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\html\popup, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_metadata, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js\popup, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_locales, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\newtab, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\html, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\css, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JLHPIJOLPCIMADHJINGADNBCJNCMJDCE, Quarantined, [1902], [362981],1.0.2581
File: 14
PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JLHPIJOLPCIMADHJINGADNBCJNCMJDCE\2.4_0\BACKGROUND.JS, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\css\description.css, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\css\popup.css, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\html\popup\description.html, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\html\popup\popup.html, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js\popup\popup.js, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\js\userNewTab.js, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\newtab\newtab.html, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_locales\en\messages.json, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_metadata\computed_hashes.json, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\_metadata\verified_contents.json, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\contentscript.js, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\icon.png, Quarantined, [1902], [362981],1.0.2581
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhpijolpcimadhjingadnbcjncmjdce\2.4_0\manifest.json, Quarantined, [1902], [362981],1.0.2581
Physical Sector: 0
(No malicious items detected)
Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)
Source : Removal instructions for TubeTab de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/207952-removal-instructions-for-tubetab/)
Toujours infecté ? Une question avant de faire des manipulations ?
Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/