PC-ATI est une équipe de bénévoles qui vous apporte une assistance entièrement gratuite, inscrivez-vous pour participer au forum.

SearchAwesome

Guide d'auto-assistance pour la suppression des logiciels malveillants
Verrouillé
Avatar du membre
Amesam
Administrateur du site
Messages : 364
Enregistré le : lun. 5 juin 2017 17:23

SearchAwesome

Message par Amesam » sam. 23 juin 2018 20:30

Qu'est-ce que SearchAwesome ?


L'équipe de recherche Malwarebytes a déterminé que SearchAwesome est un Adware.
Ces applications publicitaires affichent des publicités provenant de sites non désirés.
L'Adware est généralement un programme autonome qui affiche des annonces auprès de l'utilisateur final sous diverses formes comme, à l'intérieur du programme lui-même, ou via des fenêtres contextuelles, des annonces glissantes, des fenêtres contextuelles du navigateur, des annonces insérées ou un contenu de site Web modifié.
Ce particulier insère des publicités en haut de vos résultats de recherche.

Image


Malwarebytes peut détecter et supprimer ce programme potentiellement indésirable (Adware.Social2Search.EncJob).


Détails techniques :

Lignes possibles dans les rapports FRST :

Code : Tout sélectionner

() C:\Program Files\8b99190a17e0232dfed348aad6c4a699\04146af46813e501bb7ca87370e1aaeb.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-05-18]
R2 8b99190a17e0232dfed348aad6c4a699; C:\Program Files\8b99190a17e0232dfed348aad6c4a699\04146af46813e501bb7ca87370e1aaeb.exe [349624 2018-05-15] ()
R2 08ad4f1678b0db2b83448f10c5b23057; rundll32.exe C:\Windows\cbqdnjlanjomwlwi.cbq mfAWQUa [X]
R1 ceaadf4b92292e7d1264007c289e7a68; C:\Windows\System32\drivers\ceaadf4b92292e7d1264007c289e7a68.sys [319784 2018-05-15] ()
C:\Windows\cbqdnjlanjomwlwi.cbq
C:\Program Files\8b99190a17e0232dfed348aad6c4a699
C:\Windows\c92b3103a49ebb99abf869e8dd17de8f.exe
C:\Windows\system32\Drivers\ceaadf4b92292e7d1264007c289e7a68.sys
C:\Windows\uninstaller.dat

SearchAwesome (HKLM\...\8b99190a17e0232dfed348aad6c4a699) (Version: 13.14.1.236 (i1.0) - SearchAwesome)

Modifications apportées :

Code : Tout sélectionner

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files\8b99190a17e0232dfed348aad6c4a699
       Adds the file 04146af46813e501bb7ca87370e1aaeb.exe"="5/15/2018 1:56 AM, 349624 bytes, A
       Adds the file c6182f9cb662a9e333002e06810f826d.exe"="5/15/2018 1:56 AM, 349624 bytes, A
       Adds the file c92b3103a49ebb99abf869e8dd17de8f.exe"="5/15/2018 1:56 AM, 966656 bytes, A
       Adds the file dbdda1b2ae5292a030f8279af6ca291a.ico"="5/15/2018 1:56 AM, 16958 bytes, A
       Adds the file df1a166bec69178b887ca05ac8cb37de"="5/18/2018 8:40 AM, 31059 bytes, A
       Adds the file mozcrt19.dll"="8/30/2017 12:51 AM, 718296 bytes, A
       Adds the file nspr4.dll"="8/30/2017 12:51 AM, 169432 bytes, A
       Adds the file nss3.dll"="8/30/2017 12:51 AM, 364544 bytes, A
       Adds the file plc4.dll"="8/30/2017 12:51 AM, 20440 bytes, A
       Adds the file plds4.dll"="8/30/2017 12:51 AM, 17368 bytes, A
       Adds the file service.dat"="5/15/2018 1:56 AM, 2882605 bytes, A
       Adds the file service_64.dat"="5/15/2018 1:56 AM, 2882605 bytes, A
       Adds the file softokn3.dll"="8/30/2017 12:51 AM, 372736 bytes, A
       Adds the file WBE_uninstall.dat"="5/15/2018 1:56 AM, 588150 bytes, A
    In the existing folder C:\Program Files (x86)\Mozilla Firefox\defaults\pref
       Adds the file secure_cert.js"="5/18/2018 8:40 AM, 50 bytes, A
    In the existing folder C:\Windows
       Adds the file c92b3103a49ebb99abf869e8dd17de8f.exe"="5/15/2018 1:56 AM, 1071104 bytes, A
       Adds the file cbqdnjlanjomwlwi.cbq"="5/18/2018 8:40 AM, 1121280 bytes, A
       Adds the file uninstaller.dat"="5/15/2018 1:56 AM, 47250 bytes, A
    In the existing folder C:\Windows\System32\drivers
       Adds the file ceaadf4b92292e7d1264007c289e7a68.sys"="5/15/2018 1:56 AM, 319784 bytes, A
    Adds the folder C:\Windows\SysWOW64\SSL
       Adds the file 776400a6c01929dd 2.cer"="5/18/2018 8:40 AM, 776 bytes, A
       Adds the file cert.db"="5/18/2018 8:40 AM, 0 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9]
       "LocalService"="REG_SZ", "8b99190a17e0232dfed348aad6c4a699"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8b99190a17e0232dfed348aad6c4a699]
       "DisplayIcon"="REG_SZ", "C:\Windows\c92b3103a49ebb99abf869e8dd17de8f.exe"
       "DisplayName"="REG_SZ", "SearchAwesome"
       "DisplayVersion"="REG_SZ", "13.14.1.236 (i1.0)"
       "InstallLocation"="REG_SZ", "C:\Program Files\8b99190a17e0232dfed348aad6c4a699"
       "Publisher"="REG_SZ", "SearchAwesome"
       "UninstallString"="REG_SZ", "C:\Windows\c92b3103a49ebb99abf869e8dd17de8f.exe"
       "URLInfoAbout"="REG_SZ", "https://mansactechnology.com"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
       "DontOfferThroughWUAU"="REG_DWORD", 1
       "DontReportInfectionInformation"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\SrcAAAesom Browser Enhancer]
       "aid"="REG_SZ", "3673"
       "aid2"="REG_SZ", "none"
       "mid"="REG_SZ", "aa7dc494c0e1ce2cb601ad3d08c1b303"
       "ts"="REG_SZ", "1526625622"
       "ts2"="REG_SZ", ""
       "uid"="REG_SZ", "A02624D243B1FDD757E15FCDAA7799F0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SrcAAAesom Browser Enhancer]
       "aid"="REG_SZ", "3673"
       "aid2"="REG_SZ", "none"
       "mid"="REG_SZ", "aa7dc494c0e1ce2cb601ad3d08c1b303"
       "ts"="REG_SZ", "1526625622"
       "ts2"="REG_SZ", ""
       "uid"="REG_SZ", "A02624D243B1FDD757E15FCDAA7799F0"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\08ad4f1678b0db2b83448f10c5b23057]
       "aid"="REG_SZ", "3673"
       "ErrorControl"="REG_DWORD", 1
       "FailureActions"="REG_BINARY, ..............
       "ImagePath"="REG_EXPAND_SZ, "rundll32.exe C:\Windows\cbqdnjlanjomwlwi.cbq mfAWQUa"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\8b99190a17e0232dfed348aad6c4a699]
       "DependOnService"="REG_MULTI_SZ, "RPCSS "
       "DisplayName"="REG_SZ", "8b99190a17e0232dfed348aad6c4a699"
       "ErrorControl"="REG_DWORD", 1
       "FailureActions"="REG_BINARY, <.....................
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\8b99190a17e0232dfed348aad6c4a699\04146af46813e501bb7ca87370e1aaeb.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ceaadf4b92292e7d1264007c289e7a68]
       "DisplayName"="REG_SZ", "ceaadf4b92292e7d1264007c289e7a68"
       "ErrorControl"="REG_DWORD", 1
       "Group"="REG_SZ", "PNP_TDI"
       "ImagePath"="REG_EXPAND_SZ, "system32\drivers\ceaadf4b92292e7d1264007c289e7a68.sys"
       "Start"="REG_DWORD", 1
       "Type"="REG_DWORD", 1
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ceaadf4b92292e7d1264007c289e7a68\Enum]
       "0"="REG_SZ", "Root\LEGACY_CEAADF4B92292E7D1264007C289E7A68\0000"
       "Count"="REG_DWORD", 1
       "NextInstance"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\WajIEnhance]
       "affiliate_id"="REG_SZ", "3673"
       "unique_id"="REG_SZ", "A02624D243B1FDD757E15FCDAA7799F0"

Malwarebytes log :

Code : Tout sélectionner

Log Details-
Scan Date: 5/18/18
Scan Time: 8:54 AM
Log File: 5def4e4f-5a68-11e8-83e7-080027235d76.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.5154
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 239773
Threats Detected: 44
Threats Quarantined: 44
Time Elapsed: 2 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\04146af46813e501bb7ca87370e1aaeb.exe, Quarantined, [5128], [415982],1.0.5154

Module: 2
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\04146af46813e501bb7ca87370e1aaeb.exe, Quarantined, [5128], [415982],1.0.5154
Adware.Wajam, C:\WINDOWS\CBQDNJLANJOMWLWI.CBQ, Quarantined, [436], [519606],1.0.5154

Registry Key: 12
Adware.Social2Search.EncJob, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\8b99190a17e0232dfed348aad6c4a699, Quarantined, [5128], [415982],1.0.5154
PUP.Optional.Wajam, HKCU\SOFTWARE\WajIEnhance, Quarantined, [210], [244670],1.0.5154
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [210], [-1],0.0.0
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Quarantined, [7358], [424837],1.0.5154
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\08ad4f1678b0db2b83448f10c5b23057, Quarantined, [436], [519606],1.0.5154
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Quarantined, [7358], [424837],1.0.5154
Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\8b99190a17e0232dfed348aad6c4a699, Quarantined, [7358], [424836],1.0.5154
MachineLearning/Anomalous.100%, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\8b99190a17e0232dfed348aad6c4a699, Quarantined, [0], [392687],1.0.5154
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [210], [170024],1.0.5154
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ceaadf4b92292e7d1264007c289e7a68, Quarantined, [436], [511749],1.0.5154
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [210], [170024],1.0.5154
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [210], [170024],1.0.5154

Registry Value: 7
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [210], [-1],0.0.0
PUP.Optional.Wajam, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [210], [-1],0.0.0
PUP.Optional.Wajam, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [210], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [210], [-1],0.0.0
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\08ad4f1678b0db2b83448f10c5b23057|IMAGEPATH, Quarantined, [436], [519606],1.0.5154
Adware.SearchAwesome, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\8b99190a17e0232dfed348aad6c4a699|DISPLAYNAME, Quarantined, [7358], [424836],1.0.5154
Adware.SearchAwesome.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\8b99190a17e0232dfed348aad6c4a699|PUBLISHER, Quarantined, [7280], [437519],1.0.5154

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
Adware.Social2Search.EncJob, C:\PROGRAM FILES\8b99190a17e0232dfed348aad6c4a699, Quarantined, [5128], [415982],1.0.5154

File: 21
Adware.Social2Search.EncJob, C:\PROGRAM FILES\8b99190a17e0232dfed348aad6c4a699\WBE_uninstall.dat, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\04146af46813e501bb7ca87370e1aaeb.exe, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\c6182f9cb662a9e333002e06810f826d.exe, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\c92b3103a49ebb99abf869e8dd17de8f.exe, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\dbdda1b2ae5292a030f8279af6ca291a.ico, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\df1a166bec69178b887ca05ac8cb37de, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\mozcrt19.dll, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\nspr4.dll, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\nss3.dll, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\plc4.dll, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\plds4.dll, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\service.dat, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\service_64.dat, Quarantined, [5128], [415982],1.0.5154
Adware.Social2Search.EncJob, C:\Program Files\8b99190a17e0232dfed348aad6c4a699\softokn3.dll, Quarantined, [5128], [415982],1.0.5154
PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Quarantined, [5383], [505085],1.0.5154
Adware.Wajam, C:\WINDOWS\CBQDNJLANJOMWLWI.CBQ, Quarantined, [436], [519606],1.0.5154
MachineLearning/Anomalous.100%, C:\WINDOWS\C92B3103A49EBB99ABF869E8DD17DE8F.EXE, Quarantined, [0], [392687],1.0.5154
Adware.Wajam, C:\WINDOWS\SYSTEM32\DRIVERS\CEAADF4B92292E7D1264007C289E7A68.SYS, Quarantined, [436], [511749],1.0.5154
Adware.Zdengo, C:\USERS\{username}\DESKTOP\UPDATE.EXE, Quarantined, [7948], [522251],1.0.5154
Generic.Malware/Suspicious, C:\DOWNLOADS\SETUP2.EXE, Quarantined, [0], [392686],1.0.5154
MachineLearning/Anomalous.100%, C:\WINDOWS\C92B3103A49EBB99ABF869E8DD17DE8F.EXE, Quarantined, [0], [392687],1.0.5154

Physical Sector: 0
(No malicious items detected)


(end)

Publication autorisée par le Staff de Malwarebytes
Source

Image

Verrouillé