放大镜

PUP.Optional.IEnjoyApps

简短的个人介绍

ienjoyapps是Malwarebytes检测的名必威平台APP字,用于大量充当搜索功能的浏览器扩展劫持者并针对Chrome浏览器。

症状

用户可能会在安装过程中注意到这样的提示:

searchalgo变化

看到他们的默认搜索引擎改变了。

更改默认搜索

感染类型及来源

ienjoyapps通过改变受影响浏览器的默认搜索引擎来劫持用户的搜索结果。
大多数被检测为PUP.Optional.IEnjoyApps的扩展可以从域名ienjoyapps.com下载,并作为特定领域的搜索扩展提供,比如电影、游戏等。

保护

必威平台APPMalwarebytes通过屏蔽用户的域来保护用户免受PUP.Optional.IEnjoyApps的攻击。

必威平台APP伪块96.45.83.233

修复

必威平台APP恶意软件可以检测并删除PUP.Optional.IEnjoyApps,无需用户进一步交互。

  1. 下载伪必威平台APP你的桌面。
  2. 双击MBSetup.exe然后按照提示安装程序。
  3. 当你的必威平台APP伪的窗户安装完成后,程序打开到欢迎Malwarebytes屏幕。必威平台APP
  4. 点击开始按钮。
  5. 点击扫描开始威胁扫描
  6. 点击检疫移除发现的威胁。
  7. 如果提示完成删除过程,请重新启动系统。

必威平台APP伪删除日志

Ma必威平台APPlwarebytes的删除日志如下所示:

必威平台APP的Malwarebytes www.malwarebytes.com -Log详细信息 - 扫描日期:18年11月15日扫描时间:10:48日志文件:a6c7b8fe-e8bb-11E8-ae27-00ffdcc6fdfc.json  - 软件信息 - 版本:3.6.1.2711版本的组件:1.0.482更新包版本:1.0.7855许可:高级 - 系统信息 - 操作系统:Windows 7 Service Pack 1的CPU:64位文件系统:NTFS用户:{}计算机名\ {用户名} -Scan总结 - 扫描类型:威胁扫描扫描启动通过:手动结果:已完成对象扫描:237864个威胁检测到:41个威胁隔离:41已用时间:2分钟,57秒 - 扫描选项 - 记忆:启用启动:启用文件系统:启用档案:启用的Rootkits:启用启发式:启用PUP:检测PUM:检测-Scan详细信息 - 过程:0(无恶意的项目检测的)模块:0(无恶意的项目检测的)的注册表项:0(无恶意的项目检测的)注册表值:1 PUP.Optional.IEnjoyApps.Generic,HKCU \ SOFTWARE \ GOOGLE \铬\ PREFERENCEMACS \ DEFAULT \ extensions.settings | dmfdjkfpljiniadicampijngdedfppfh,Quarantined,[14284],[443085],1.0.7855注册表数据:0(无恶意的项目检测的)数据流:0(无恶意的项目检测的)文件夹:9 PUP.Optional.IEnjoyApps.Generic,C:\用户\ {用户名} \应用程序数据\本地\谷歌\镀铬\用户数据\ DEFAULT \扩展\ dmfdjkfpljiniadicampijngdedfppfh \ 1.0.1_0 \ JS \官员,隔离,[14284],[443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic,C:\用户\ {用户名} \应用程序数据\本地\谷歌\铬\用户数据\默认\扩展\ dmfdjkfpljiniadicampijngdedfppfh \ 1.0.1_0 \ CSS \字体,隔离,[14284],[443085],1.0.7855 PUP.Optional。IEnjoyApps.Generic,C:\用户\ {用户名} \应用程序数据\本地\谷歌\镀铬\用户数据\ DEFAULT \Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\_metadata, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\vertical, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\images, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\js, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DMFDJKFPLJINIADICAMPIJNGDEDFPPFH, Quarantined, [14284], [443085],1.0.7855 File: 31 PUP.Optional.IEnjoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DMFDJKFPLJINIADICAMPIJNGDEDFPPFH\1.0.1_0\MANIFEST.JSON, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\fonts\material-icons.css, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\fonts\MaterialIcons-Regular.eot, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\fonts\MaterialIcons-Regular.ijmap, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\fonts\MaterialIcons-Regular.svg, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\fonts\MaterialIcons-Regular.ttf, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\fonts\MaterialIcons-Regular.woff, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\fonts\MaterialIcons-Regular.woff2, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\fonts\RobotoCondensed-Light.ttf, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\fonts\RobotoCondensed-Regular.ttf, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\css\style.css, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\images\icon128.png, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\images\icon16.png, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\images\icon38.png, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\js\official\bootstrap.min.js, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\js\official\jquery.min.js, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\js\official\material.min.js, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\js\base.js, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\js\init.js, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\js\main.js, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\vertical\440x280.jpg, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\vertical\init.js, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\vertical\pop.js, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\_metadata\computed_hashes.json, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\_metadata\verified_contents.json, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.IEnjoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfdjkfpljiniadicampijngdedfppfh\1.0.1_0\popup.html, Quarantined, [14284], [443085],1.0.7855 PUP.Optional.SearchAlgo, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [337], [454816],1.0.7855 PUP.Optional.SearchAlgo, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [337], [454816],1.0.7855 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

添加一个排斥

如果用户希望保留该程序并在以后的扫描中排除它,他们可以将该程序添加到排除列表中。以下是如何做到这一点。

  • 打开Win必威平台APPdows恶意软件。
  • 单击检测的历史
  • 单击允许列表
  • 将项添加到允许列表,点击添加
  • 选择排除类型允许一个文件或文件夹并使用选择一个文件夹按钮以选择要保留的软件的主文件夹。
  • 对属于该软件的任何辅助文件或文件夹重复此操作。

如果您希望允许程序连接到Internet,例如获取更新,还需要添加类型的排除允许应用程序连接到互联网并使用浏览按钮以选择您希望授予访问权限的文件。

跟踪/国际石油公司

您可能会在FRST日志中看到这些条目:

CHR DefaultSearchURL: Default -> hxxp://movix.searchalgo.com/go/?category=web&s=tidp&vert=movies&var=plus&q={searchTerms} CHR DefaultSearchKeyword: Default -> iTheatre CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms} CHR扩展:(iTheatre Search Plus) - C:\Users\{username}\AppData\Local\谷歌\Chrome\用户数据\默认\扩展\dmfdjkfpljiniadicampijngdedfppfh [2018-11-15]

相关的威胁

相关的博客内容

搜索扩展可以保持你的搜索隐私?

广告软件系列,第1部分(浏览器扩展)

选择你的语言