YunPanSer est un
Browser Hijacker (pirate de navigateur) qui modifie les paramètres du navigateur (page d’accueil , page de recherche, ....) afin de forcer la consultation du site ciblé et affiche aussi des publicités.
YunPanSer détourne les raccourcis des navigateurs.
- S'installe en tant que programme, soit à l'insu de l'utilisateur ou parce qu'il n'a pas décoché les sponsors proposés lors de l'installation d'un logiciel gratuit légitime, soit depuis le site de l'éditeur
- Affiche ces alertes pendant l'installation
- Modifie les raccourcis des navigateurs
- Crée ces icônes dans le Menu Démarrer et le Bureau
**********Détection de
YunPanSer dans des rapports
FRST :
百度网盘种子综合搜索器版本V2.0.0 (HKLM-x32\...\{0E684690-1A6F-4E5B-AB49-9992958E460E}_is1) (Version: V2.0.0 - )
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao549.com/?r=y&m=8
ShortcutWithArgument: C:\Users\Public\Desktop\Opera Browser.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://hao549.com/?r=y&m=8
() C:\Program Files (x86)\YunPanSer\YunPanSer.exe
C:\Users\Public\Desktop\百度网盘种子综合搜索器.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度网盘种子综合搜索器
C:\Program Files (x86)\YunPanSer
C:\Users\{Nom_Utilisateur}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\Users\Public\Desktop\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
C:\Users\Public\Desktop\Opera Browser.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
C:\Users\Public\Desktop\Mozilla Firefox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\Users\Public\Desktop\Google Chrome.lnk
**********Détecté et traité par
Malwarebytes en tant que Adware (Programme publicitaire)
-Scan Details-
Process: 1
Adware.ChinAd.ShrtCln, C:\PROGRAM FILES (X86)\YUNPANSER\YUNPANSER.EXE, Quarantined, [9714], [419783],1.0.2433
Module: 2
Adware.HomeGuard, C:\PROGRAM FILES (X86)\YUNPANSER\SETHOMEPAGE.DLL, Quarantined, [3222], [387871],1.0.2433
Adware.ChinAd.ShrtCln, C:\PROGRAM FILES (X86)\YUNPANSER\YUNPANSER.EXE, Quarantined, [9714], [419783],1.0.2433
Registry Key: 3
Adware.ChinAd.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0E684690-1A6F-4E5B-AB49-9992958E460E}_is1, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\YunPanSer_RASAPI32, Delete-on-Reboot, [9714], [419784],1.0.2433
Adware.ChinAd.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\YunPanSer_RASMANCS, Delete-on-Reboot, [9714], [419784],1.0.2433
Registry Value: 1
Adware.ChinAd.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0E684690-1A6F-4E5B-AB49-9992958E460E}_is1|INSTALLLOCATION, Delete-on-Reboot, [9714], [419785],1.0.2433
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 1
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin, Delete-on-Reboot, [9714], [419783],1.0.2433
File: 33
Adware.HomeGuard, C:\PROGRAM FILES (X86)\YUNPANSER\SETHOMEPAGE.DLL, Delete-on-Reboot, [3222], [387871],1.0.2433
Adware.Agent, C:\USERS\{username}\DESKTOP\BDWPZZSSSQ.EXE, Delete-on-Reboot, [259], [419664],1.0.2433
Adware.ChinAd.ShrtCln, C:\PROGRAM FILES (X86)\YUNPANSER\YUNPANSER.EXE, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\b1.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\b2.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\bb1.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\bb2.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\bj.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\logo.ico, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\logo.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\sx1.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\sx2.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\xx1.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\xx2.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\分割线.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\箭头初始状态.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\箭头点击状态.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\类型选择常态.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\类型选择悬停状态.png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\skin\背景图(无文字).png, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\bannerdown.gif, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\bj.gif, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\HtmlAgilityPack.dll, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\HtmlAgilityPack.XML, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\Interop.ThunderAgentLib.dll, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\Newtonsoft.Json.dll, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\ThunderAgent.dll, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\unins000.dat, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\unins000.exe, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\YunPanSer.exe.config, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\YunPanSer.pdb, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\YunPanSer.vshost.exe.config, Delete-on-Reboot, [9714], [419783],1.0.2433
Adware.ChinAd.ShrtCln, C:\Program Files (x86)\YunPanSer\YunPanSer.vshost.exe.manifest, Delete-on-Reboot, [9714], [419783],1.0.2433
Physical Sector: 0
(No malicious items detected)
Tutoriel d'utilisation Malwarebytes en imagesSource : Removal instructions for YunPanSer de Metallica - Malwarebytes Forums
Toujours infecté ? Une question avant de faire des manipulations ?
Venez poster un
nouveau sujet dans ce forum :
http://forum.security-x.fr/desinfections/ en prenant soin de suivre la procédure
http://forum.security-x.fr/desinfections/procedure-preliminaire/