PC-ATI est une équipe de bénévoles qui vous apporte une assistance entièrement gratuite, inscrivez-vous pour participer au forum.

AnonymizerGadget

Guide d'auto-assistance pour la suppression des logiciels malveillants
Verrouillé
Avatar du membre
Amesam
Administrateur du site
Messages : 364
Enregistré le : lun. 5 juin 2017 17:23

AnonymizerGadget

Message par Amesam » jeu. 21 juin 2018 19:19

Qu'est-ce que AnonymizerGadget ?


L'équipe de recherche Malwarebytes a déterminé que AnonymizerGadget est un faux programme d'optimisation.
Il utilise des faux positifs pour convaincre les utilisateurs que leurs systèmes est remplit d'erreurs à corriger. Ensuite, il essaie de vous vendre son logiciel, en prétendant que cela supprimera ces problèmes.

Malwarebytes peut détecter et supprimer ce programme potentiellement indésirable (Adware.AnonymizerGadget.PrxySvrRST).


Détails techniques :

Lignes possibles dans les rapports FRST :

Code : Tout sélectionner

(Jetico ltd) C:\Users\{username}\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe
HKLM-x32\...\Run: [AnonymizerGadget] => C:\Users\{username}\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [347784 2018-05-08] (Jetico ltd)
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
C:\Users\{username}\AppData\Roaming\AGData
C:\Windows\System32\Tasks\AGProxyCheck
C:\Program Files (x86)\AnonymizerGadget

AnonymizerGadget (HKCU\...\AnonymizerGadget) (Version: 1 - Jetico lim)
Task: {F33953EB-E849-492E-9A08-26F583D2EACB} - System32\Tasks\AGProxyCheck => C:\Program

Modifications apportées :

Code : Tout sélectionner

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\AnonymizerGadget
       Adds the file AGLoader.dll"="7/3/2017 10:15 AM, 865416 bytes, A
       Adds the file AGService.exe"="7/3/2017 10:02 AM, 179720 bytes, A
       Adds the file AGUtils.dll"="7/3/2017 10:15 AM, 308872 bytes, A
       Adds the file AnonymizerLauncher.exe"="7/3/2017 10:15 AM, 347784 bytes, A
       Adds the file uninstaller.exe"="7/3/2017 10:29 AM, 122056 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\AGData
       Adds the file add.json"="5/8/2018 10:25 AM, 1 bytes, A
       Adds the file config.json"="5/8/2018 10:25 AM, 2651 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\AGData\bin
       Adds the file add.json"="5/8/2018 10:25 AM, 1 bytes, A
       Adds the file AGLoader.dll"="5/8/2018 10:24 AM, 865416 bytes, A
       Adds the file AnonymizerGadget.dll"="5/8/2018 10:25 AM, 9654408 bytes, A
       Adds the file AnonymizerGadget.zip"="5/8/2018 10:24 AM, 69984496 bytes, A
       Adds the file AnonymizerLauncher.exe"="5/8/2018 10:24 AM, 347784 bytes, A
       Adds the file cef.pak"="5/8/2018 10:24 AM, 3877890 bytes, A
       Adds the file cef.pak.info"="5/8/2018 10:24 AM, 33986 bytes, A
       Adds the file cef_100_percent.pak"="5/8/2018 10:24 AM, 658579 bytes, A
       Adds the file cef_100_percent.pak.info"="5/8/2018 10:24 AM, 33189 bytes, A
       Adds the file cef_200_percent.pak"="5/8/2018 10:24 AM, 753741 bytes, A
       Adds the file cef_200_percent.pak.info"="5/8/2018 10:24 AM, 33189 bytes, A
       Adds the file cef_300_percent.pak"="5/8/2018 10:25 AM, 52085 bytes, A
       Adds the file cef_400_percent.pak"="5/8/2018 10:25 AM, 863371 bytes, A
       Adds the file cef_extensions.pak"="5/8/2018 10:24 AM, 1888653 bytes, A
       Adds the file cef_extensions.pak.info"="5/8/2018 10:24 AM, 72939 bytes, A
       Adds the file Ceflur.dll"="5/8/2018 10:25 AM, 503432 bytes, A
       Adds the file chrome_elf.dll"="5/8/2018 10:24 AM, 510464 bytes, A
       Adds the file d3dcompiler_47.dll"="5/8/2018 10:24 AM, 3661112 bytes, A
       Adds the file devtools_resources.pak"="5/8/2018 10:24 AM, 5533735 bytes, A
       Adds the file devtools_resources.pak.info"="5/8/2018 10:24 AM, 7956 bytes, A
       Adds the file ES.png"="5/8/2018 10:25 AM, 309 bytes, A
       Adds the file icudtl.dat"="5/8/2018 10:24 AM, 10171360 bytes, A
       Adds the file keyboard_resources.pak"="5/8/2018 10:24 AM, 1454952 bytes, A
       Adds the file libcef.dll"="5/8/2018 10:24 AM, 83467776 bytes, A
       Adds the file libEGL.dll"="5/8/2018 10:24 AM, 79872 bytes, A
       Adds the file libGLESv2.dll"="5/8/2018 10:24 AM, 3723264 bytes, A
       Adds the file Native Client"="5/8/2018 10:24 AM, 685568 bytes, A
       Adds the file natives_blob.bin"="5/8/2018 10:24 AM, 175617 bytes, A
       Adds the file NL.png"="5/8/2018 10:25 AM, 186 bytes, A
       Adds the file pepflashplayer.dll"="5/8/2018 10:25 AM, 17841152 bytes, A
       Adds the file proxycheck.exe"="5/8/2018 10:25 AM, 1899144 bytes, A
       Adds the file snapshot_blob.bin"="5/8/2018 10:24 AM, 1162404 bytes, A
       Adds the file tlsr.dat"="5/8/2018 10:24 AM, 44836 bytes, A
       Adds the file v8_context_snapshot.bin"="5/8/2018 10:24 AM, 1474656 bytes, A
       Adds the file Widevine Content Decryption Module"="5/8/2018 10:24 AM, 685568 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\AGData\bin\locales
    Adds the folder C:\Users\{username}\AppData\Roaming\AGData\bin\WidevineCdm
       Adds the file manifest.json"="5/8/2018 10:24 AM, 688 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
       Adds the file AnonymizerGadget.lnk"="5/8/2018 10:24 AM, 1051 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file AGProxyCheck"="5/8/2018 10:23 AM, 3332 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
       "AnonymizerGadget"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source: /subsource:"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnonymizerGadget]
       "DisplayIcon"="REG_SZ", ""C:\Program Files (x86)\AnonymizerGadget\AnonymizerLauncher.exe", 1"
       "DisplayName"="REG_SZ", "AnonymizerGadget"
       "DisplayVersion"="REG_SZ", "1"
       "InstallLocation"="REG_SZ", ""C:\Program Files (x86)\AnonymizerGadget""
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Jetico lim"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\AnonymizerGadget\uninstaller.exe" /S"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\AnonymizerGadget\uninstaller.exe""
       "VersionMajor"="REG_DWORD", 1
       "VersionMinor"="REG_DWORD", 1

Malwarebytes log :

Code : Tout sélectionner

-Log Details-
Scan Date: 5/8/18
Scan Time: 10:32 AM
Log File: 573578e3-529a-11e8-8e72-080027235d76.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.5026
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 238918
Threats Detected: 15
Threats Quarantined: 15
Time Elapsed: 3 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
Adware.AnonymizerGadget.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Quarantined, [10369], [490737],1.0.5026

Module: 2
Adware.AnonymizerGadget.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Quarantined, [10369], [490737],1.0.5026
Adware.Vitruvian.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\AGLOADER.DLL, Quarantined, [12353], [505115],1.0.5026

Registry Key: 1
Adware.AnonymizerGadget.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [10369], [-1],0.0.0

Registry Value: 5
Adware.AnonymizerGadget.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AnonymizerGadget, Quarantined, [10369], [490737],1.0.5026
Adware.AnonymizerGadget.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [10369], [-1],0.0.0
Adware.AnonymizerGadget.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [10369], [-1],0.0.0
Adware.AnonymizerGadget.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [10369], [-1],0.0.0
Adware.AnonymizerGadget.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [10369], [-1],0.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
Adware.AnonymizerGadget.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\ANONYMIZERLAUNCHER.EXE, Quarantined, [10369], [490737],1.0.5026
Adware.Vitruvian.PrxySvrRST, C:\USERS\{username}\APPDATA\ROAMING\AGDATA\BIN\AGLOADER.DLL, Quarantined, [12353], [505115],1.0.5026
Adware.Vitruvian.PrxySvrRST, C:\USERS\{username}\DESKTOP\ANONYMIZER.EXE, Quarantined, [12353], [505115],1.0.5026
Adware.AnonymizerGadget.PrxySvrRST, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET\ANONYMIZERLAUNCHER.EXE, Quarantined, [10369], [490738],1.0.5026
Adware.Vitruvian.PrxySvrRST, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET\AGUTILS.DLL, Quarantined, [12353], [505115],1.0.5026
Adware.Vitruvian.PrxySvrRST, C:\PROGRAM FILES (X86)\ANONYMIZERGADGET\AGLOADER.DLL, Quarantined, [12353], [505115],1.0.5026

Physical Sector: 0
(No malicious items detected)


(end)

Publication autorisée par le Staff de Malwarebytes
Source

Image

Verrouillé