Auteur Sujet: Weather Forecast Alerts  (Lu 10997 fois)

0 Membres et 1 Invité sur ce sujet

Hors ligne chantal11

  • Admin Formation
  • Mega Power Members
  • ****
  • Messages: 25002
    • Windows 10 - Windows 8 - Windows 7 - Windows Vista
Weather Forecast Alerts
« le: septembre 13, 2017, 16:26:56 »
Contenu republié avec la permission de Malwarebytes

Weather Forecast Alerts est un Browser Hijacker (pirate de navigateur) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
Weather Forecast Alerts appartient à la famille Spigot (Spigot browser hijackers)

  • S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur

  • Affiche ces alertes pendant l'installation



  • S'installe en tant qu'extension/add-on du navigateur


  • Affiche cette page de démarrage dans le navigateur

  • Paramètre un nouveau moteur de recherche par défaut








**********

Détection de Weather Forecast Alerts dans des rapports FRST :

Citer
Weather Forecast Alerts (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: 3.1.0.2 - Cloud Installer)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.searchwfa.com/?source=unknown-bb8&uid=4fd16a1b-cc85-4510-8a6a-868ac384fd31&uc=20170831&ap=appfocus5&i_id=weather__1.30
SearchScopes: HKCU -> DefaultScope {9351B432-8D1E-42E1-A839-C2CDE60408A6} URL = hxxp://search.searchwfa.com/s?source=unknown-bb8&uid=4fd16a1b-cc85-4510-8a6a-868ac384fd31&uc=20170831&ap=appfocus5&i_id=weather__1.30&query={searchTerms}
SearchScopes: HKCU -> {9351B432-8D1E-42E1-A839-C2CDE60408A6} URL = hxxp://search.searchwfa.com/s?source=unknown-bb8&uid=4fd16a1b-cc85-4510-8a6a-868ac384fd31&uc=20170831&ap=appfocus5&i_id=weather__1.30&query={searchTerms}
FF Homepage: hxxp://search.searchwfa.com?uid=c67e3171-e3cc-444f-a692-ceaa1910bbd6&uc=20170831&ap=appfocus5&source=unknown&page=homepage&implementation_id=weather_0.0.9
FF Extension: Weather - C:\Users\{Nom_Utilisateur}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\Extensions\@Weather.xpi [2017-08-31]
CHR Extension: (Weather Forecast Alerts) - C:\Users\{Nom_Utilisateur}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced [2017-08-31]
C:\Users\{Nom_Utilisateur}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}



**********

Détecté et traité par Malwarebytes en tant que PUP/LPI (Programme potentiellement Indésirable)
Sous la version Premium, Malwarebytes bloque le domaine weatherforecastalerts.com et l'IP 54.185.205.158


Citer
-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.Spigot, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{28e56cfb-e30e-4f66-85d8-339885b726b8}, Delete-on-Reboot, [633], [373879],1.0.2694
PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9351B432-8D1E-42E1-A839-C2CDE60408A6}, Delete-on-Reboot, [1921], [368913],1.0.2694

Registry Value: 1
PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9351B432-8D1E-42E1-A839-C2CDE60408A6}|URL, Delete-on-Reboot, [1921], [368913],1.0.2694

Registry Data: 1
PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [1921], [373048],1.0.2694

Data Stream: 0
(No malicious items detected)

Folder: 14
PUP.Optional.LocalWeatherPro, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\jetpack\@Weather\simple-storage, Delete-on-Reboot, [2680], [351474],1.0.2694
PUP.Optional.LocalWeatherPro, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\JETPACK\@WEATHER, Delete-on-Reboot, [2680], [351474],1.0.2694
PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\ROAMING\{28E56CFB-E30E-4F66-85D8-339885B726B8}, Delete-on-Reboot, [633], [373878],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\_locales\en, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\html\popup, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\_metadata, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\js\popup, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\_locales, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\newtab, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\html, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\css, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\js, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HOOKKLGBMGFFGEEFBNHHNBMCOBHCGCED, Delete-on-Reboot, [1921], [362981],1.0.2694

File: 21
Trojan.TechSupportScam, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\EXTENSIONS\@WEATHER.XPI, Delete-on-Reboot, [77], [351507],1.0.2694
PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_weatherforecastalerts.com_0.localstorage, Delete-on-Reboot, [633], [376102],1.0.2694
PUP.Optional.Spigot, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_weatherforecastalerts.com_0.localstorage-journal, Delete-on-Reboot, [633], [376102],1.0.2694
PUP.Optional.LocalWeatherPro, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\x82gpani.default-1491393116824\jetpack\@Weather\simple-storage\store.json, Delete-on-Reboot, [2680], [351474],1.0.2694
PUP.Optional.Spigot, C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe, Delete-on-Reboot, [633], [373878],1.0.2694
PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HOOKKLGBMGFFGEEFBNHHNBMCOBHCGCED\2.0_0\BACKGROUND.JS, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\css\description.css, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\css\popup.css, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\html\popup\description.html, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\html\popup\popup.html, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\js\popup\popup.js, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\js\userNewTab.js, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\newtab\newtab.html, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\_locales\en\messages.json, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\_metadata\computed_hashes.json, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\_metadata\verified_contents.json, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\contentscript.js, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\icon.png, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hookklgbmgffgeefbnhhnbmcobhcgced\2.0_0\manifest.json, Delete-on-Reboot, [1921], [362981],1.0.2694
PUP.Optional.Spigot.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X82GPANI.DEFAULT-1491393116824\PREFS.JS, Replaced, [1921], [361537],1.0.2694
Adware.Agent, C:\USERS\{username}\DESKTOP\WEATHERFORECASTALERTS.EXE, Delete-on-Reboot, [227], [421878],1.0.2694

Physical Sector: 0
(No malicious items detected)


Tutoriel d'utilisation Malwarebytes en images


Source : Removal instructions for Weather Forecast Alerts de Metallica - Malwarebytes Forums



Toujours infecté ? Une question avant de faire des manipulations ?

Venez poster un nouveau sujet dans ce forum : http://forum.security-x.fr/desinfections/  en prenant soin de suivre la procédure http://forum.security-x.fr/desinfections/procedure-preliminaire/
 

Security-X

Weather Forecast Alerts
« le: septembre 13, 2017, 16:26:56 »