Contenu republié avec la permission de Malwarebytes (https://forums.malwarebytes.org/index.php?showforum=39)
VideoDownloadConverter est un Browser Hijacker NewTab (https://blog.malwarebytes.com/glossary/NewTab/) (pirate de navigateur nouvel onglet) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, nouvel onglet ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
VideoDownloadConverter appartient à la famille Mindspark/Ask (https://blog.malwarebytes.org/malvertising-2/2014/11/mindspark-toolbars/) maintenant connu comme des Applications IAC.
- S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/VideoDownloadConverter/warning4.png&key=291a146c3711e8dd1765684889a3551fd804a904b1ee84259b68ab39402daf53)
- Affiche ces alertes pendant l'installation
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/VideoDownloadConverter/warning5.png&key=520f386605a03a2004df39797d7b4d287da5463da23dd0c43e55d8ff76648fbf)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/VideoDownloadConverter/warning6.png&key=30ba301097a5cac7d9491ed425218d3f16b6627ea08b4ac7d56936905ee9fd3d)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/VideoDownloadConverter/warning7.png&key=022a5056993e8d8b820d112c66a53841c4f29f3ed223adf45aee50cf18f5d376)
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/VideoDownloadConverter/warning8.png&key=236dedc5d374eb06e6669df9a0cc6259675d3486a41f6e30f2b66c7b5734a407)
- S'installe en tant qu'extension/add-on du navigateur
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/VideoDownloadConverter/warning1.png&key=3a266ae0e483d9baa5a5684fcbdc390025111a6be1ce3cc565133d5b88f9e6f9)
- Affiche cette nouvelle page de démarrage dans les navigateurs infectés
(https://forums.malwarebytes.com/applications/core/interface/imageproxy/imageproxy.php?img=https://static-cdn.malwarebytes.org/pub_images/VideoDownloadConverter/startpage.png&key=e93b4685cc3aa6064000165237c146b625d3dbdae90c17c8b55b5fd5f5b93c20)
**********
Détection de VideoDownloadConverter dans des rapports FRST :
VideoDownloadConverter Internet Explorer Homepage and New Tab (HKCU\...\VideoDownloadConverterTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/videodownloadconverter/ttab02/index.html?n={n1}&p2={p21}&ptb={ptb1}&si={si1}&coid={coid1}
FF Homepage: hxxp://hp.myway.com/videodownloadconverter/ttab02/index.html?coId={coid2}&subId={si1}&ln=en&n={n2}&ptb={ptb2}&st&p2={p21}&si={si1}
FF Extension: VideoDownloadConverter - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_4zMembers_@www.videodownloadconverter.com [2017-07-27]
**********
Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine free.videodownloadconverter.com et l'IP 74.113.237.180
-Scan Details-
Process: 0
(No malicious items detected)
Module: 1
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\VIDEODOWNLOADCONVERTERTOOLTAB\TOOLTABEXTENSION.DLL, Quarantined, [251], [301125],1.0.2447
Registry Key: 1
PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoDownloadConverterTooltab Uninstall Internet Explorer, Delete-on-Reboot, [251], [301125],1.0.2447
Registry Value: 1
PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoDownloadConverterTooltab Uninstall Internet Explorer|PUBLISHER, Delete-on-Reboot, [251], [352442],1.0.2447
Registry Data: 1
PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [251], [293497],1.0.2447
Data Stream: 0
(No malicious items detected)
Folder: 5
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\VideoDownloadConverterTooltab, Delete-on-Reboot, [814], [356944],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\VideoDownloadConverter_4z, Delete-on-Reboot, [251], [240302],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\META-INF, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\chrome, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_4ZMEMBERS_@WWW.VIDEODOWNLOADCONVERTER.COM, Delete-on-Reboot, [251], [302304],1.0.2447
File: 57
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\VIDEODOWNLOADCONVERTERTOOLTAB\TOOLTABEXTENSION.DLL, Delete-on-Reboot, [251], [301125],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [319354],1.0.2447
PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\PREFS.JS, Replaced, [814], [356946],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\VIDEODOWNLOADCONVERT.{coid1}.EXE, Delete-on-Reboot, [251], [365288],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\VideoDownloadConverter_4z\{ptb2}.sqlite, Delete-on-Reboot, [251], [240302],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage, Delete-on-Reboot, [251], [240305],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage-journal, Delete-on-Reboot, [251], [240305],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_4ZMEMBERS_@WWW.VIDEODOWNLOADCONVERTER.COM\INSTALL.RDF, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\chrome\ffxtbr.jar, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\META-INF\manifest.mf, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\META-INF\mozilla.rsa, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\META-INF\mozilla.sf, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\bootstrap.js, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\chrome.manifest, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions\_4zMembers_@www.videodownloadconverter.com\chrome.manifest.restartless, Delete-on-Reboot, [251], [302304],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, [251], [240306],1.0.2447
PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, [251], [240306],1.0.2447
Physical Sector: 0
(No malicious items detected)
Tutoriel d'utilisation Malwarebytes en images (https://forum.security-x.fr/tutoriels-317/tutoriel-malwarebytes-anti-malware-22723/)
Source : Removal instructions for VideoDownloadConverter de Metallica - Malwarebytes Forums (https://forums.malwarebytes.com/topic/205940-removal-instructions-for-videodownloadconverter/)
Toujours infecté ? Une question avant de faire des manipulations ?
Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/