Forums Security analysis FrameFox, Potentially unwanted software (PUP/LPI)

Keywords : , , ,

Viewing 1 Message (on 1 total)
  • Author
    Messages
  • Nicolas CoolmanNicolas Coolman
    • Administrator
    @nicocoolmann
    Nombre d'articles : 1381

    The program FrameFox ranks in the category of the Optionnels software potentially unwanted (LPI/PUP).

    LPIs, or PUP, usually install as a program or as a browser extension and are loaded with each start of the operating system.

    Potentially unwanted software (PUP/LPI) can launch services, Start scheduled tasks and create shortcuts on your desktop. All these operations are carried out with or without your consent under the terms of his contract of use. Once installed, a LPI may change some settings in your browsers, like for example the pages of research, the start page or even your error page. It can collect your browsing habits and communicate them to a server by the method of tracking. During navigation it can display ads (coupons) and banner ads (popups). The goal of this program is often to win money by generating Web traffic to sponsored sites.

    Potentially unwanted software (LPI)

    Potentially unwanted software (LPI) or potentially Unwanted Programs (PUP) are the cause of many infections.
    The most frequently encountered example is adware InstallCore, CrossRider, Graftor or Boxore pollute your data storage units and the Base of records. They usually settled without your knowledge via freeware download. In fact some sites use the repaquetage method, an operation that is to repeat the installation of the software module by adding download options. These options allow you to add other software as for example browser tool bars, the adware, potentially unwanted software, intrusive ads software, and even browser hijackers.

    Spyware (spyware) and adware (Adware) unwanted, as malware, can use the vulnerabilities of writing the legitimate software or operating systems. It is therefore essential to have official software and that they have an automatic update. Your Windows operating system must be programmed in mode update automatic and active, in order to have the latest updates of critical security vulnerabilities.

    Main shares :
    – He settled as a process launched at system startup (RP),
    It installs a program extension for Google Chrome browser (G2),
    He settled in the Base of registers to be launched each time the system starts (O4),
    He settled as a program (O42)
    – It creates multiple keys from registry "Software".,
    Add additional folders (O43),
    – It creates install registry keys (Ø90),
    – It places a MSI package file in the file system install (O93)

    Overview ZHPDiag :
    [MD5.1432BA058B2385392DA1593BFC859DDB] – (.Duuqu Group – FrameFox Extensions.) — C:\Program FilesFrameFoxExtensionsInternetExplorerframefox.exe [221680] [PID.2820]
    P2 – EXT: (.The Team – FrameFox Shop.) — C:\UsersCoolmanAppDataRoamingMozillaFirefoxProfiles77ld7n56.defaultextensions8C033D1B-0514-492c-A44B-6D802CC25673@jetpack
    G2 – GCE: Preference [User DataDefault] [jiofjbkodmcfkhmljgdmjcildliojoli] FrameFox v.1.3 (Activated
    G2 – GCE: Preference [User DataDefault] [ojddnfeomepaknnacagpkghdobipmccd] __MSG_name__
    O4 – HKLM.. Run: [FrameFox Extensions] . (.Duuqu Group – FrameFox Extensions.) — C:\Program FilesFrameFoxExtensionsInternetExplorerframefox.exe
    O42 – Logiciel: Extensions FrameFox 1.0.2.0 – (.. Équipe de QwertyBox) [HKLM] [64Bits] – {A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}
    O42 – Logiciel: FrameFox Extensions 1.0.3.0 – (.QwertyBox Team.) [HKLM][64Bits] — {B31D88DC-FFE3-4B9D-9D8C-89E216EE5939}
    O42 – Logiciel: FrameFox Extensions 1.0.6.0 – (.QwertyBox Team.) [HKLM][64Bits] — {577F0F04-E354-44C8-8C2B-7B69C2EA7F10}
    O42 – Logiciel: QwertyBox 1.0.3.0 – (.QwertyBox Team.) [HKLM][64Bits] — {836B2544-9D21-4C69-BC3A-FF5E6320B5A9}
    [HKLMSoftwareDuuqu]
    O43 – CFD: 10/06/2013 – 15:01:31 – [0214] —- D – C:\Program Files (x86)\FrameFox
    Ø90 – PUC: « CD88D13B3EFFD9B4D9C8982E61EE9593 » . (.FrameFox Extensions 1.0.3.0.) — C:\WindowsInstaller{B31D88DC-FFE3-4B9D-9D8C-89E216EE5939}\FrameFox.ico
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}]
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{577F0F04-E354-44C8-8C2B-7B69C2EA7F10}]
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{B31D88DC-FFE3-4B9D-9D8C-89E216EE5939}]
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:FrameFox Extensions
    [HKLMSoftwareGoogleChromeExtensionsjiofjbkodmcfkhmljgdmjcildliojoli]
    [HKLMSoftwareDuuqu]
    C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsjiofjbkodmcfkhmljgdmjcildliojoli
    C:\WindowsInstaller{A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}\FrameFox.ico
    C:\Program Files (x86)\Mozilla Firefoxextensions{D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF}
    C:\Program Files (x86)\FrameFox
    C:\Windows-Install-1acf1b.msi
    C:\Windows-Install-736cc2.msi
    C:\Program FilesFrameFox
    C:\Program FilesFrameFoxExtensionsInternetExplorerframefox.exe
    Ø90 – PUC: « 4CC26D1A35415424C9E69E8EFEB026C0 » . (.Extensions FrameFox 1.0.2.0.) — C:\WindowsInstaller{A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}\FrameFox.ico
    Ø90 – PUC: « CD88D13B3EFFD9B4D9C8982E61EE9593 » . (.FrameFox Extensions 1.0.3.0.) — C:\WindowsInstaller{B31D88DC-FFE3-4B9D-9D8C-89E216EE5939}\FrameFox.ico
    Ø90 – PUC: « 098CCE33084C42149BB5AB630E521B02 » . (.FrameFox Extensions 1.0.7.0.) — C:\WindowsInstaller{33ECC890-C480-4124-B95B-BA36E025B120}\FrameFox.ico
    [MD5.5FF2B0F7835519063800D9F2DB535131] [WIS][22/08/2013] (.QwertyBox Team – FrameFox Extensions 1.0.7.0 Setup.) — C:\WindowsInstaller2015a8.msi [417792]

    Alias :
    Adware.Framefox
    PUP. Optional.FrameFox.A [Malwarebytes]

    Diagnose with ZHPSuite..  Uninstall with Windows..  Delete with ZHPCleaner..  Delete with Malwarebytes..

Viewing 1 Message (on 1 total)
  • You need to be logged in to answer about it.