SmitfraudFix, le petit utilitaire qui corrige les infections de type Desktop Hijack (détournement du bureau), vient d’etre mis à jour. Pour rappel, le logiciel de S!Ri se charge d’éradiquer les infections suivantes : Smitfraud, Win32.puper, AVGold, Security iGuard, Spyware Vanisher, quicknavigate.com, updateSearches.com, startsearches.net, Virtual Maid, SpySheriff, PSGuard, SpyAxe, WinHound, AlphaCleaner, AdwarePunisher, SpywareQuake…
Voici le changelog de cette nouvelle version :
%SYSTEM%ipmon.exe
O4 – HKLM..Run: [ipmon] ipmon.exe
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
“ipmon”=-
%SYSTEM%eeuydc.dll
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{44e670f2-d57b-4815-a576-955d17dbbf2d}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
“{44e670f2-d57b-4815-a576-955d17dbbf2d}”=”auditioned”
%USERPROFILE%Application DataMicrosoftInternet ExplorerQuick LaunchSpyLocked 4.1.lnk
%STARTMENU%SpyLocked 4.1.lnk
%STARTMENU%ProgramsSpyLocked 4.1
%DESKTOP%SpyLocked 4.1.lnk
%PROGRAMFILES%SpyLocked 4.1
[-HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}] (Already removed)
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{1D3F4979-14F0-4344-95F9-D019C75ED669}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{1DEAC6D1-27B1-4804-8309-86F80E64D91F}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{273582F0-3C1E-4BFC-B2A4-8348AE47F717}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{27491041-2CCB-4A37-9297-FB84134ECAD4}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{464B2A01-EB39-4CF6-B6BB-6262776B79DA}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{60DDD776-BD47-421A-9B75-C5965C1AAEB3}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{B48F25A0-49A8-46AE-B506-A789F8E91A51}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{D3F81C5A-3A2D-464C-B617-289495AE52DD}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{E6BC961E-2230-4A37-B7DC-F311773C7DBE}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesInterface{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}]
[-HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{9F99FD1A-5C53-4B82-981A-92A0F587D59B}]
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsSpyLocked 4.1.exe]
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallSpyLocked 4.1] (C:Program FilesSpyLocked 4.1uninst.exe)
[-HKEY_LOCAL_MACHINESOFTWARESpyLocked 4.1]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
“SpyLocked 4.1″=-
EDIT : S!Ri, décidément très actif, vient de m’avertir d’une nouvelle mise à jour : la 2.192.
Voici le nouveau changelog :
Added: Rustock, xpdx driver detection
%SYSTEM%pkjcoxq.dll
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{e1d3b05d-4dd9-468d-982e-c342f05436e5}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
“{e1d3b05d-4dd9-468d-982e-c342f05436e5}”=”crowsteps”
– Télécharger SmitfraudFix 2.192
– Consulter le tutorial sur SmitfraudFix
Dernière mise à jour le 20 août 2018