Auteur Sujet: VideoDownloadConverter (Lu 4909 fois)

chantal11 · « **le:** septembre 26, 2017, 17:08:12 »

Contenu republié avec la permission de Malwarebytes

VideoDownloadConverter est un Browser Hijacker NewTab (pirate de navigateur nouvel onglet) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, nouvel onglet ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
VideoDownloadConverter appartient à la famille Mindspark/Ask maintenant connu comme des Applications IAC.

S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur

Affiche ces alertes pendant l'installation

S'installe en tant qu'extension/add-on du navigateur

Affiche cette nouvelle page de démarrage dans les navigateurs infectés

**********

Détection de VideoDownloadConverter dans des rapports FRST :

Citer

VideoDownloadConverter Internet Explorer Homepage and New Tab (HKCU\...\VideoDownloadConverterTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/videodownloadconverter/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1}&si={si1}&coid={coid1}
FF Homepage: hxxp://hp.myway.com/videodownloadconverter/ttab02/index.html?coId={coid2}&subId={si1}&ln=en&n={n2}&ptb={ptb2}&st&p2={p21}&si={si1}
FF Extension: VideoDownloadConverter - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_4zMembers_@www.videodownloadconverter.com [2017-07-27]

**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine free.videodownloadconverter.com et l'IP 74.113.237.180

Citer

-Scan Details-
Process: 0
(No malicious items detected)

Module: 1
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\VIDEODOWNLOADCONVERTERTOOLTAB\TOOLTABEXTENSION.DLL, Quarantined, [251], [301125],1.0.2447

Registry Key: 1
PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoDownloadConverterTooltab Uninstall Internet Explorer, Delete-on-Reboot, [251], [301125],1.0.2447

Registry Value: 1
PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoDownloadConverterTooltab Uninstall Internet Explorer|PUBLISHER, Delete-on-Reboot, [251], [352442],1.0.2447

Registry Data: 1
PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [251], [293497],1.0.2447

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\VideoDownloadConverterTooltab, Delete-on-Reboot, [814], [356944],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\VideoDownloadConverter_4z, Delete-on-Reboot, [251], [240302],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\META-INF, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\chrome, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_4ZMEMBERS_@WWW.VIDEODOWNLOADCONVERTER.COM, Delete-on-Reboot, [251], [302304],1.0.2447

File: 57
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\VIDEODOWNLOADCONVERTERTOOLTAB\TOOLTABEXTENSION.DLL, Delete-on-Reboot, [251], [301125],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [356946],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\VIDEODOWNLOADCONVERT.{coid1}.EXE, Delete-on-Reboot, [251], [365288],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\VideoDownloadConverter_4z\{ptb2}.sqlite, Delete-on-Reboot, [251], [240302],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage, Delete-on-Reboot, [251], [240305],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage-journal, Delete-on-Reboot, [251], [240305],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_4ZMEMBERS_@WWW.VIDEODOWNLOADCONVERTER.COM\INSTALL.RDF, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\chrome\ffxtbr.jar, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\META-INF\manifest.mf, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\META-INF\mozilla.rsa, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\META-INF\mozilla.sf, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\bootstrap.js, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\chrome.manifest, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\chrome.manifest.restartless, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, [251], [240306],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, [251], [240306],1.0.2447

Physical Sector: 0
(No malicious items detected)

Tutoriel d'utilisation Malwarebytes en images

Source : Removal instructions for VideoDownloadConverter de Metallica - Malwarebytes Forums

Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/

Security-X · « **le:** septembre 26, 2017, 17:08:12 »

Auteur Sujet: VideoDownloadConverter (Lu 4909 fois)

chantal11

VideoDownloadConverter

Security-X

VideoDownloadConverter