Jump to content

Search the Community

Showing results for tags '855-332-0124'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. What is Qbit Optimizer Pro?The Malwarebytes research team has determined that Qbit Optimizer Pro is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Qbit Optimizer Pro?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see this warning during install:and these screens during "operations":You may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did Qbit Optimizer Pro get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Qbit Optimizer Pro?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Qbit Optimizer Pro? No, Malwarebytes removes Qbit Optimizer Pro completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Qbit Optimizer Pro installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (ADEQUATE SOFTWARES -> ) C:\Program Files\Qbit Optimizer Pro for {computername}\rtc.exe C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername} C:\ProgramData\Qbit Optimizer Pro for {computername} C:\Windows\System32\Tasks\Qbit Optimizer Pro_Logon C:\Users\Public\Desktop\Qbit Optimizer Pro.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qbit Optimizer Pro for {computername} C:\Program Files\Qbit Optimizer Pro for {computername} Qbit Optimizer Pro (HKLM\...\{B937E15E-FFAB-46D9-B346-4409FAAC98D4}_is1) (Version: 1.0.0.0 - ) <==== ATTENTION Task: {D2B6B2F9-299D-49C1-B53A-CE3841A9BE36} - System32\Tasks\Qbit Optimizer Pro_Logon => C:\Program Files\Qbit Optimizer Pro for {computername}\rtc.exe (ADEQUATE SOFTWARES -> ) <==== ATTENTION Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Qbit Optimizer Pro for {computername} Adds the file application.ico"="2/21/2019 3:11 PM, 56150 bytes, A Adds the file english_iss.ini"="5/16/2018 12:25 PM, 2256 bytes, A Adds the file gmtrs.dll"="3/15/2019 5:12 PM, 1857592 bytes, A Adds the file HtmlRenderer.dll"="3/15/2019 5:12 PM, 235576 bytes, A Adds the file HtmlRenderer.WinForms.dll"="3/15/2019 5:12 PM, 74296 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="3/15/2019 5:12 PM, 63032 bytes, A Adds the file Interop.SHDocVw.dll"="3/15/2019 5:12 PM, 177720 bytes, A Adds the file langs.db"="11/10/2018 4:17 PM, 477184 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="3/15/2019 5:12 PM, 184888 bytes, A Adds the file NAudio.dll"="3/15/2019 5:12 PM, 484920 bytes, A Adds the file Newtonsoft.Json.dll"="3/15/2019 5:12 PM, 474680 bytes, A Adds the file PaddleCheckoutSDK.dll"="3/15/2019 5:12 PM, 72760 bytes, A Adds the file rtc.exe"="3/15/2019 5:12 PM, 2434104 bytes, A Adds the file rtc.exe.config"="3/15/2019 5:11 PM, 6223 bytes, A Adds the file System.Data.SQLite.DLL"="3/15/2019 5:12 PM, 304696 bytes, A Adds the file TAFactory.IconPack.dll"="3/15/2019 5:12 PM, 50744 bytes, A Adds the file unins000.dat"="3/22/2019 9:05 AM, 85575 bytes, A Adds the file unins000.exe"="3/22/2019 9:04 AM, 1242680 bytes, A Adds the file unins000.msg"="3/22/2019 9:05 AM, 22701 bytes, A Adds the folder C:\Program Files\Qbit Optimizer Pro for {computername}\x64 Adds the file SQLite.Interop.dll"="3/15/2019 5:12 PM, 1189432 bytes, A Adds the folder C:\Program Files\Qbit Optimizer Pro for {computername}\x86 Adds the file SQLite.Interop.dll"="3/15/2019 5:12 PM, 868408 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qbit Optimizer Pro for {computername} Adds the file Buy Qbit Optimizer Pro.lnk"="3/22/2019 9:05 AM, 1000 bytes, A Adds the file Qbit Optimizer Pro.lnk"="3/22/2019 9:05 AM, 988 bytes, A Adds the file Uninstall Qbit Optimizer Pro.lnk"="3/22/2019 9:05 AM, 1019 bytes, A Adds the folder C:\ProgramData\Qbit Optimizer Pro for {computername} Adds the file mdb.db"="10/26/2018 11:37 AM, 6643712 bytes, A Adds the file pcspstartrepair_en.mp3"="5/16/2018 12:25 PM, 130973 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername} Adds the file Errorlog.txt"="3/22/2019 9:06 AM, 20934 bytes, A Adds the file exlist.bin"="3/22/2019 9:05 AM, 258019 bytes, A Adds the file notifier.xml"="3/22/2019 9:05 AM, 14376 bytes, A Adds the file param.ini"="3/22/2019 9:05 AM, 954 bytes, A Adds the file res.xml"="3/22/2019 9:06 AM, 12063 bytes, A Adds the file update.xml"="3/22/2019 9:05 AM, 39198 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername}\smico In the existing folder C:\Users\Public\Desktop Adds the file Qbit Optimizer Pro.lnk"="3/22/2019 9:05 AM, 970 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Qbit Optimizer Pro_Logon"="3/22/2019 9:05 AM, 3078 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B937E15E-FFAB-46D9-B346-4409FAAC98D4}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\Qbit Optimizer Pro for {computername}\rtc.exe" "DisplayName"="REG_SZ", "Qbit Optimizer Pro" "DisplayVersion"="REG_SZ", "1.0.0.0" "EstimatedSize"="REG_DWORD", 18475 "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Qbit Optimizer Pro for {computername}" "Inno Setup: Icon Group"="REG_SZ", "Qbit Optimizer Pro for {computername}" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.8 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20190322" "InstallLocation"="REG_SZ", "C:\Program Files\Qbit Optimizer Pro for {computername}\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files\Qbit Optimizer Pro for {computername}\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\Qbit Optimizer Pro for {computername}\unins000.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Qbit Optimizer Pro For {computername}] "affired"="REG_DWORD", 1 "afterInstallUrl"="REG_SZ", "http://ins.trkinstl.com/install/qbop/?" "apst"="REG_DWORD", 0 "btnid"="REG_SZ", "" "buybowinapp"="REG_SZ", "http://store.tunepctop.xyz/qbop/plan?" "cbkpoff"="REG_DWORD", 1 "country"="REG_SZ", "us" "cta"="REG_DWORD", 0 "delaytime"="REG_DWORD", 0 "dlllist"="REG_SZ", "PSMACHINE_64.DLL,MSSPELLCHECKINGFACILITY.DLL" "EmailURL"="REG_SZ", "" "expired"="REG_DWORD", 0 "hdata"="REG_BINARY, ................................................................................................ "Installstring"="REG_SZ", "C:\Program Files\Qbit Optimizer Pro for {computername}" "ipaddrurl"="REG_SZ", "http://www.trkinstl.com/getip/" "isavst"="REG_DWORD", 0 "isiunidu"="REG_DWORD", 0 "isprmjsn"="REG_DWORD", 0 "isshowng"="REG_DWORD", 1 "issilent"="REG_DWORD", 0 "ISTELNO"="REG_DWORD", 1 "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "lstregscancount"="REG_DWORD", 30 "lstscandate"="REG_SZ", "3/22/2019 9:06:36 AM" "lstscanstat"="REG_DWORD", 2 "lstsecscancount"="REG_DWORD", 0 "lsttotalscancount"="REG_DWORD", 30 "ovoffdis"="REG_DWORD", 0 "paramurl"="REG_SZ", "http://trkr.trkinstl.com/ipfiles/" "pdtm"="REG_DWORD", 45 "playsound"="REG_DWORD", 1 "plurl"="REG_SZ", "http://pp.trkinstl.com/ProductPrice.svc/" "prereg"="REG_DWORD", 0 "PurchaseURL"="REG_SZ", "http://store.tunepctop.xyz/qbop/price?" "pxl"="REG_SZ", "WTN4307_WTN4209_RUNT" "referurl"="REG_SZ", "http%253a%252f%252ftrkur2.com%252f262955%252f43255%253fs2%253dAEvej1zGTQAAzwMCAFVTFwASAGT_Em4A" "reg"="REG_DWORD", 0 "RenewURL"="REG_SZ", "http://store.tunepctop.xyz/qbop/renewal?" "runcam"="REG_DWORD", 1 "runpixel"="REG_DWORD", 1 "runsrc"="REG_DWORD", 1 "showtn"="REG_DWORD", 0 "showunins"="REG_DWORD", 0 "showwfo"="REG_DWORD", 0 "stdismax"="REG_DWORD", -1 "supporturl"="REG_SZ", "http://www.tunepctop.xyz/help/" "TELNO"="REG_SZ", "844-394-7312" "TELNO_ar"="REG_SZ", "+54 11 5236 0324" "TELNO_at"="REG_SZ", "+43 (0)720 902 309" "TELNO_au"="REG_SZ", "(61)280-733403" "TELNO_be"="REG_SZ", "+32-28085306" "TELNO_br"="REG_SZ", "+55 21 2391 4319" "TELNO_ch"="REG_SZ", "+41 (0)44 508 70 37" "TELNO_de"="REG_SZ", "0800 1822 974" "TELNO_dk"="REG_SZ", "+45 78 73 09 26" "TELNO_es"="REG_SZ", "+34 951 203 537" "TELNO_fi"="REG_SZ", "+358 (0)9 4270 4911" "TELNO_fr"="REG_SZ", "05 82 84 04 06" "TELNO_gb"="REG_SZ", "0800-031-5066" "TELNO_it"="REG_SZ", "+39 069 4802886" "TELNO_ja"="REG_SZ", "" "TELNO_lu"="REG_SZ", "0800 1822 974" "TELNO_nl"="REG_SZ", "+31-08-58882839" "TELNO_no"="REG_SZ", "+47 21 95 01 97" "TELNO_pt"="REG_SZ", "+351 70 750 2094" "TELNO_se"="REG_SZ", "+46-08124-10298" "TELNO_uk"="REG_SZ", "0800-031-5066" "TELNO_us"="REG_SZ", "844-394-7312" "utm_campaign"="REG_SZ", "wtncns" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "prf_tectool" "utm_source"="REG_SZ", "wtncns" "WebURL"="REG_SZ", "http://www.tunepctop.xyz/" "wfoset"="REG_DWORD", 1 "x-at"="REG_SZ", "" "x-ccode"="REG_SZ", "us" "x-context"="REG_SZ", "Ln-PyERz-0IdF1KaZIMaq6EANe9jg43fhLFoWvaUgmVa_OuqrEZBPc1Ox-m3nV_uQAl8OvFshcT7d8S2ueMOK12iIjximw57TOSiPyi_sT5miNO9r5_5nn_JY9u1mkxPtv0cqb7mzWGcN3BJifnaXAWivLMZjz9LSKWMViyZLok" "x-datetime"="REG_SZ", "03-22-2019 08:05:06 AM" "x-fetch"="REG_SZ", "1" "x-ip"="REG_SZ", "77_234_46_210" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr] "affiliateid"="REG_SZ", "" "btnid"="REG_SZ", "" "country"="REG_SZ", "us" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "pxl"="REG_SZ", "WTN4307_WTN4209_RUNT" "referUrl"="REG_SZ", "http%253a%252f%252ftrkur2.com%252f262955%252f43255%253fs2%253dAEvej1zGTQAAzwMCAFVTFwASAGT_Em4A" "TELNO"="REG_SZ", "" "utm_campaign"="REG_SZ", "wtncns" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "prf_tectool" "utm_source"="REG_SZ", "wtncns" "x-at"="REG_SZ", "" "x-context"="REG_SZ", "Ln-PyERz-0IdF1KaZIMaq6EANe9jg43fhLFoWvaUgmVa_OuqrEZBPc1Ox-m3nV_uQAl8OvFshcT7d8S2ueMOK12iIjximw57TOSiPyi_sT5miNO9r5_5nn_JY9u1mkxPtv0cqb7mzWGcN3BJifnaXAWivLMZjz9LSKWMViyZLok" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\UWJpdCBPcHRpbWl6ZXIgUHJv\ACT] "data"="REG_BINARY, ...................................................................................................................... [HKEY_CURRENT_USER\Software\Qbit Optimizer Pro For {computername}] "affiliateid"="REG_SZ", "" "btnid"="REG_SZ", "" "InstallString"="REG_SZ", "C:\Program Files\Qbit Optimizer Pro for {computername}" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "pxl"="REG_SZ", "WTN4307_WTN4209_RUNT" "referurl"="REG_SZ", "http%253a%252f%252ftrkur2.com%252f262955%252f43255%253fs2%253dAEvej1zGTQAAzwMCAFVTFwASAGT_Em4A" "TELNO"="REG_SZ", "844-394-7312" "TELNO_us"="REG_SZ", "844-394-7312" "utm_campaign"="REG_SZ", "wtncns" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "prf_tectool" "utm_source"="REG_SZ", "wtncns" "x-at"="REG_SZ", "" "x-context"="REG_SZ", "Ln-PyERz-0IdF1KaZIMaq6EANe9jg43fhLFoWvaUgmVa_OuqrEZBPc1Ox-m3nV_uQAl8OvFshcT7d8S2ueMOK12iIjximw57TOSiPyi_sT5miNO9r5_5nn_JY9u1mkxPtv0cqb7mzWGcN3BJifnaXAWivLMZjz9LSKWMViyZLok" "x-datetime"="REG_SZ", "03-22-2019 08:05:06 AM" "x-fetch"="REG_SZ", "1" "x-ip"="REG_SZ", "77_234_46_210" "x-plt"="REG_SZ", "" "x-var1"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Qbit Optimizer Pro For {computername}\1.0.0.0] "Installstring"="REG_SZ", "C:\Program Files\Qbit Optimizer Pro for {computername}" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/22/19 Scan Time: 9:18 AM Log File: 1091469c-4c7b-11e9-be17-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9796 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 235543 Threats Detected: 80 Threats Quarantined: 80 Time Elapsed: 4 min, 24 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\rtc.exe, Quarantined, [445], [656659],1.0.9796 Module: 7 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\x64\SQLite.Interop.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\PaddleCheckoutSDK.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\rtc.exe, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\System.Data.SQLite.DLL, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\TAFactory.IconPack.dll, Quarantined, [445], [656659],1.0.9796 Registry Key: 7 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Qbit Optimizer Pro_Logon, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2B6B2F9-299D-49C1-B53A-CE3841A9BE36}, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D2B6B2F9-299D-49C1-B53A-CE3841A9BE36}, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B937E15E-FFAB-46D9-B346-4409FAAC98D4}_is1, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, HKLM\SOFTWARE\UWJpdCBPcHRpbWl6ZXIgUHJv, Quarantined, [445], [656694],1.0.9796 PUP.Optional.PCVARK, HKLM\SOFTWARE\Qbit Optimizer Pro For {computername}, Quarantined, [445], [656657],1.0.9796 PUP.Optional.PCVARK, HKLM\SOFTWARE\SCD-PR, Quarantined, [445], [540842],1.0.9796 Registry Value: 5 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B937E15E-FFAB-46D9-B346-4409FAAC98D4}_is1|INSTALLLOCATION, Quarantined, [445], [656666],1.0.9796 PUP.Optional.PCVARK, HKLM\SOFTWARE\Qbit Optimizer Pro For {computername}|AFFIRED, Quarantined, [445], [656657],1.0.9796 PUP.Optional.PCVARK, HKLM\SOFTWARE\SCD-PR|AFFILIATEID, Quarantined, [445], [540842],1.0.9796 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\SCD-PR|PXL, Quarantined, [1186], [484510],1.0.9796 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2B6B2F9-299D-49C1-B53A-CE3841A9BE36}|PATH, Quarantined, [445], [656654],1.0.9796 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 PUP.Optional.PCVARK, C:\ProgramData\Qbit Optimizer Pro for {computername}\offers, Quarantined, [445], [656661],1.0.9796 PUP.Optional.PCVARK, C:\PROGRAMDATA\Qbit Optimizer Pro for {computername}, Quarantined, [445], [656661],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\x64, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\x86, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\PROGRAM FILES\Qbit Optimizer Pro for {computername}, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Qbit Optimizer Pro for {computername}, Quarantined, [445], [656660],1.0.9796 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername}\smico, Quarantined, [445], [656662],1.0.9796 PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\Qbit Optimizer Pro For {computername}, Quarantined, [445], [656662],1.0.9796 File: 52 PUP.Optional.PCVARK, C:\PROGRAMDATA\Qbit Optimizer Pro for {computername}\mdb.db, Quarantined, [445], [656661],1.0.9796 PUP.Optional.PCVARK, C:\ProgramData\Qbit Optimizer Pro for {computername}\offers\a_p_t.exe, Quarantined, [445], [656661],1.0.9796 PUP.Optional.PCVARK, C:\ProgramData\Qbit Optimizer Pro for {computername}\pcspstartrepair_en.mp3, Quarantined, [445], [656661],1.0.9796 PUP.Optional.PCVARK, C:\PROGRAM FILES\Qbit Optimizer Pro for {computername}\unins000.dat, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\x64\SQLite.Interop.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\x86\SQLite.Interop.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\application.ico, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\danish_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\Dutch_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\english_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\finish_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\French_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\german_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\gmtrs.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\HtmlRenderer.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\HtmlRenderer.WinForms.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\Interop.SHDocVw.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\italian_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\japanese_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\langs.db, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\NAudio.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\Newtonsoft.Json.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\norwegian_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\PaddleCheckoutSDK.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\portuguese_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\rtc.exe, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\rtc.exe.config, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\russian_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\spanish_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\swedish_iss.ini, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\System.Data.SQLite.DLL, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\TAFactory.IconPack.dll, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\unins000.exe, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\Program Files\Qbit Optimizer Pro for {computername}\unins000.msg, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\WINDOWS\SYSTEM32\TASKS\Qbit Optimizer Pro_Logon, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Qbit Optimizer Pro.lnk, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\USERS\PUBLIC\Desktop\Qbit Optimizer Pro.lnk, Quarantined, [445], [656659],1.0.9796 PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Qbit Optimizer Pro for {computername}\Buy Qbit Optimizer Pro.lnk, Quarantined, [445], [656660],1.0.9796 PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qbit Optimizer Pro for {computername}\Qbit Optimizer Pro.lnk, Quarantined, [445], [656660],1.0.9796 PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qbit Optimizer Pro for {computername}\Uninstall Qbit Optimizer Pro.lnk, Quarantined, [445], [656660],1.0.9796 PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\Qbit Optimizer Pro For {computername}\Errorlog.txt, Quarantined, [445], [656662],1.0.9796 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername}\a_p_t_2.xml, Quarantined, [445], [656662],1.0.9796 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername}\exlist.bin, Quarantined, [445], [656662],1.0.9796 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername}\notifier.xml, Quarantined, [445], [656662],1.0.9796 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername}\param.ini, Quarantined, [445], [656662],1.0.9796 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername}\res.xml, Quarantined, [445], [656662],1.0.9796 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\Qbit Optimizer Pro For {computername}\update.xml, Quarantined, [445], [656662],1.0.9796 PUP.Optional.PCVARK, C:\PROGRAMDATA\QBIT OPTIMIZER PRO FOR {computername}\OFFERS\A_P_T.EXE, Quarantined, [445], [583068],1.0.9796 PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\LOCAL\TEMP\_IU14D2N.TMP, Quarantined, [445], [583068],1.0.9796 PUP.Optional.PCVARK, C:\USERS\{username}\DESKTOP\QBOPSETUP.EXE, Quarantined, [445], [531751],1.0.9796 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is PC Cleanup 2018?The Malwarebytes research team has determined that PC Cleanup 2018 is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with PC Cleanup 2018?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see this warning during install:and these screens during "operations":You may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did PC Cleanup 2018 get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove PC Cleanup 2018?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of PC Cleanup 2018? No, Malwarebytes removes PC Cleanup 2018 completely. This PUP creates a scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the PC Cleanup 2018 installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: () C:\Program Files\PC -Cleanup-2018 on {computername}\pcl.exe C:\Users\{username}\AppData\Roaming\PC -Cleanup-2018 on {computername} C:\Windows\System32\Tasks\PC -Cleanup-2018_Logon C:\Users\Public\Desktop\PC -Cleanup-2018.lnk C:\ProgramData\PC -Cleanup-2018 on {computername} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC -Cleanup-2018 on {computername} C:\Program Files\PC -Cleanup-2018 on {computername} ( ) C:\Users\{username}\Desktop\pccsetup.exe PC -Cleanup-2018 (HKLM\...\{BFAF6655-331A-4784-BE06-ECD05B6ECEC4}_is1) (Version: 1.0.0.0 - ) Task: {71F23870-9F8C-4ABC-BB72-747B2CA17EE3} - System32\Tasks\PC -Cleanup-2018_Logon => C:\Program Files\PC -Cleanup-2018 on {computername}\pcl.exe [2018-05-11] () Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\PC -Cleanup-2018 on {computername} Adds the file app.ico"="3/13/2018 1:13 PM, 94222 bytes, A Adds the file AppRes.dll"="5/11/2018 4:08 PM, 21270880 bytes, A Adds the file HtmlRenderer.dll"="5/11/2018 4:08 PM, 228192 bytes, A Adds the file HtmlRenderer.WinForms.dll"="5/11/2018 4:08 PM, 66912 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="5/11/2018 4:08 PM, 55648 bytes, A Adds the file Microsoft.TeamFoundation.Common.dll"="5/11/2018 4:08 PM, 636768 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="5/11/2018 4:08 PM, 177504 bytes, A Adds the file pcl.exe"="5/11/2018 4:08 PM, 2751328 bytes, A Adds the file pcl.exe.config"="5/11/2018 4:08 PM, 4733 bytes, A Adds the file System.Data.SQLite.DLL"="5/11/2018 4:08 PM, 297312 bytes, A Adds the file TAFactory.IconPack.dll"="5/11/2018 4:08 PM, 43360 bytes, A Adds the file TaskScheduler.dll"="5/11/2018 4:08 PM, 47456 bytes, A Adds the file unins000.dat"="8/27/2018 10:52 AM, 91165 bytes, A Adds the file unins000.exe"="8/27/2018 10:52 AM, 1273184 bytes, A Adds the file unins000.msg"="8/27/2018 10:52 AM, 22701 bytes, A Adds the folder C:\Program Files\PC -Cleanup-2018 on {computername}\langs Adds the file danish_apc_da.ini"="11/10/2017 5:20 PM, 45856 bytes, A Adds the file Dutch_apc_nl.ini"="11/10/2017 5:21 PM, 46468 bytes, A Adds the file english_apc_en.ini"="12/20/2017 4:07 PM, 49468 bytes, A Adds the file finish_apc_fi.ini"="11/10/2017 5:22 PM, 46090 bytes, A Adds the file French_apc_fr.ini"="11/10/2017 5:23 PM, 50222 bytes, A Adds the file german_apc_de.ini"="11/10/2017 5:23 PM, 47854 bytes, A Adds the file italian_apc_it.ini"="11/10/2017 5:23 PM, 48368 bytes, A Adds the file japanese_apc_ja.ini"="12/20/2017 4:46 PM, 35540 bytes, A Adds the file norwegian_apc_no.ini"="11/10/2017 5:23 PM, 45262 bytes, A Adds the file portuguese_apc_ptbr.ini"="11/10/2017 5:23 PM, 47806 bytes, A Adds the file russian_apc_ru.ini"="11/10/2017 5:24 PM, 49706 bytes, A Adds the file spanish_apc_es.ini"="11/10/2017 5:24 PM, 50684 bytes, A Adds the file swedish_apc_sv.ini"="11/10/2017 5:24 PM, 44882 bytes, A Adds the folder C:\Program Files\PC -Cleanup-2018 on {computername}\x64 Adds the file SQLite.Interop.dll"="5/11/2018 4:08 PM, 1182048 bytes, A Adds the folder C:\Program Files\PC -Cleanup-2018 on {computername}\x86 Adds the file SQLite.Interop.dll"="5/11/2018 4:08 PM, 861024 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC -Cleanup-2018 on {computername} Adds the file Buy PC -Cleanup-2018.lnk"="8/27/2018 10:52 AM, 979 bytes, A Adds the file PC -Cleanup-2018.lnk"="8/27/2018 10:52 AM, 967 bytes, A Adds the file Uninstall PC -Cleanup-2018.lnk"="8/27/2018 10:52 AM, 998 bytes, A Adds the folder C:\ProgramData\PC -Cleanup-2018 on {computername} Adds the file mpc.db"="10/3/2017 4:30 PM, 835584 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\PC -Cleanup-2018 on {computername} Adds the file Errorlog.txt"="8/27/2018 10:54 AM, 10810 bytes, A Adds the file exlist.bin"="8/27/2018 10:52 AM, 258249 bytes, A Adds the file res.xml"="8/27/2018 10:53 AM, 11417 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\PC -Cleanup-2018 on {computername}\smico In the existing folder C:\Users\Public\Desktop Adds the file PC -Cleanup-2018.lnk"="8/27/2018 10:52 AM, 949 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file PC -Cleanup-2018_Logon"="8/27/2018 10:52 AM, 3076 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\aHR0cDovL3d3dy5jbGVhbm15cGN0b29scy5jb20v\UEMgLUNsZWFudXAtMjAxOA==\ACT] "data"="REG_BINARY, ............................................................................ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BFAF6655-331A-4784-BE06-ECD05B6ECEC4}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\PC -Cleanup-2018 on {computername}\pcl.exe" "DisplayName"="REG_SZ", "PC -Cleanup-2018" "DisplayVersion"="REG_SZ", "1.0.0.0" "EstimatedSize"="REG_DWORD", 29769 "Inno Setup: App Path"="REG_SZ", "C:\Program Files\PC -Cleanup-2018 on {computername}" "Inno Setup: Icon Group"="REG_SZ", "PC -Cleanup-2018 on {computername}" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.8 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20180827" "InstallLocation"="REG_SZ", "C:\Program Files\PC -Cleanup-2018 on {computername}\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files\PC -Cleanup-2018 on {computername}\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\PC -Cleanup-2018 on {computername}\unins000.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\PC -Cleanup-2018 on {computername}] "affired"="REG_DWORD", 1 "afterInstallUrl"="REG_SZ", "http://ins.alfactiv.com/install/pcc/?" "cbkpoff"="REG_DWORD", 1 "country"="REG_SZ", "us" "cta"="REG_DWORD", 0 "delay"="REG_DWORD", 0 "dlllist"="REG_SZ", "PSMACHINE_64.DLL,MSSPELLCHECKINGFACILITY.DLL" "efosetting"="REG_DWORD", 1 "EmailURL"="REG_SZ", "" "expired"="REG_DWORD", 0 "fpxl"="REG_DWORD", 1 "hdata"="REG_BINARY, ................................................................................. "Installstring"="REG_SZ", "C:\Program Files\PC -Cleanup-2018 on {computername}" "ipaddrurl"="REG_SZ", "http://www.alfactiv.com/getip/" "isavst"="REG_DWORD", 0 "isiunidu"="REG_DWORD", 0 "islswc"="REG_DWORD", 0 "isphone"="REG_DWORD", 1 "isprmjsn"="REG_DWORD", 0 "issilent"="REG_DWORD", 0 "issrantv"="REG_DWORD", 1 "LangCode"="REG_SZ", "en" "lstregscancount"="REG_DWORD", 25 "lstscandate"="REG_SZ", "8/27/2018 10:53:43 AM" "lstscanstat"="REG_DWORD", 2 "lstsecscancount"="REG_DWORD", 0 "lsttotalscancount"="REG_DWORD", 25 "msl"="REG_DWORD", 1 "ovoffdis"="REG_DWORD", 0 "paramurl"="REG_SZ", "http://trkr.alfactiv.com/ipfiles/" "phone"="REG_SZ", "(855)-332-0124" "phone_at"="REG_SZ", "+43 (0)720 902 309" "phone_au"="REG_SZ", "(61)280-733403" "phone_ch"="REG_SZ", "+41 (0)44 508 70 37" "phone_de"="REG_SZ", "0800 1822 974" "phone_fr"="REG_SZ", "05 82 84 04 06" "phone_gb"="REG_SZ", "0800-031-5066" "phone_ja"="REG_SZ", "0120-993-506" "phone_jp"="REG_SZ", "0120-993-506" "phone_lu"="REG_SZ", "0800 1822 974" "phone_uk"="REG_SZ", "0800-031-5066" "phone_us"="REG_SZ", "(855)-332-0124" "playsound"="REG_DWORD", 0 "prereg"="REG_DWORD", 0 "PurchaseURL"="REG_SZ", "http://store.cleanmypctools.com/pcc/price?" "pxl"="REG_SZ", "pclsite" "reg"="REG_DWORD", 0 "RenewURL"="REG_SZ", "http://store.cleanmypctools.com/pcc/renewal?" "runcam"="REG_DWORD", 1 "runpixel"="REG_DWORD", 1 "runsrc"="REG_DWORD", 1 "sentantv"="REG_DWORD", 1 "showefo"="REG_DWORD", 0 "showtn"="REG_DWORD", 0 "showudurec"="REG_DWORD", 1 "showunins"="REG_DWORD", 0 "supporturl"="REG_SZ", "http://www.cleanmypctools.com/help/" "WebURL"="REG_SZ", "http://www.cleanmypctools.com/" "x-at"="REG_SZ", "" "x-ccode"="REG_SZ", "us" "x-context"="REG_SZ", "" "x-datetime"="REG_SZ", "" "x-fetch"="REG_SZ", "0" "x-ip"="REG_SZ", "77_234_46_183" [HKEY_LOCAL_MACHINE\SOFTWARE\spct-pr] "affiliateid"="REG_SZ", "" "btnid"="REG_SZ", "" "country"="REG_SZ", "us" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "phone"="REG_SZ", "(855)-332-0124" "pxl"="REG_SZ", "pclsite" "referUrl"="REG_SZ", "" "utm_campaign"="REG_SZ", "" "utm_medium"="REG_SZ", "" "utm_pubid"="REG_SZ", "" "utm_source"="REG_SZ", "" "x-at"="REG_SZ", "" "x-context"="REG_SZ", "" "x-var2"="REG_SZ", "" "x-var3"="REG_SZ", "" [HKEY_CURRENT_USER\Software\PC -Cleanup-2018 on {computername}] "Installstring"="REG_SZ", "C:\Program Files\PC -Cleanup-2018 on {computername}" "LangCode"="REG_SZ", "en" "utm_pubid"="REG_SZ", "" "x-at"="REG_SZ", "" "x-context"="REG_SZ", "" [HKEY_CURRENT_USER\Software\PC -Cleanup-2018 on {computername}\1.0.0.0] Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/27/18 Scan Time: 11:02 AM Log File: f7bd7410-a9d7-11e8-8c00-00ffdcc6fdfc.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6521 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 251699 Threats Detected: 71 Threats Quarantined: 71 Time Elapsed: 3 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\pcl.exe, Quarantined, [416], [553775],1.0.6521 Module: 7 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\x64\SQLite.Interop.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\Microsoft.TeamFoundation.Common.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\pcl.exe, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\System.Data.SQLite.DLL, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\TAFactory.IconPack.dll, Quarantined, [416], [553775],1.0.6521 Registry Key: 8 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC -Cleanup-2018_Logon, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{71F23870-9F8C-4ABC-BB72-747B2CA17EE3}, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{71F23870-9F8C-4ABC-BB72-747B2CA17EE3}, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BFAF6655-331A-4784-BE06-ECD05B6ECEC4}_is1, Quarantined, [416], [553775],1.0.6521 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\aHR0cDovL3d3dy5jbGVhbm15cGN0b29scy5jb20v, Quarantined, [1122], [440348],1.0.6521 PUP.Optional.PCVARK, HKLM\SOFTWARE\PC -Cleanup-2018 on {computername}, Quarantined, [416], [520956],1.0.6521 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\SPCT-PR, Quarantined, [1122], [484509],1.0.6521 PUP.Optional.PCVARK, HKCU\SOFTWARE\PC -Cleanup-2018 on {computername}, Quarantined, [416], [520947],1.0.6521 Registry Value: 4 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{71F23870-9F8C-4ABC-BB72-747B2CA17EE3}|PATH, Quarantined, [416], [553777],1.0.6521 PUP.Optional.PCVARK, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BFAF6655-331A-4784-BE06-ECD05B6ECEC4}_is1|DISPLAYNAME, Quarantined, [416], [520955],1.0.6521 PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\SPCT-PR|PXL, Quarantined, [1122], [484509],1.0.6521 PUP.Optional.PCVARK, HKLM\SOFTWARE\PC -Cleanup-2018 on {computername}|AFFIRED, Quarantined, [416], [553779],1.0.6521 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\x64, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\x86, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\PROGRAM FILES\PC -Cleanup-2018 on {computername}, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC -Cleanup-2018 on {computername}, Quarantined, [416], [520948],1.0.6521 PUP.Optional.PCVARK, C:\PROGRAMDATA\PC -Cleanup-2018 on {computername}, Quarantined, [416], [520949],1.0.6521 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\PC -Cleanup-2018 on {computername}\smico, Quarantined, [416], [520949],1.0.6521 PUP.Optional.PCVARK, C:\USERS\{username}\APPDATA\ROAMING\PC -Cleanup-2018 on {computername}, Quarantined, [416], [520949],1.0.6521 PUP.Optional.PCVARK, C:\PROGRAMDATA\PC -Cleanup-2018 on {computername}, Quarantined, [416], [556300],1.0.6521 File: 42 PUP.Optional.PCVARK, C:\USERS\PUBLIC\DESKTOP\PC -Cleanup-2018.lnk, Quarantined, [416], [520946],1.0.6521 PUP.Optional.PCVARK, C:\PROGRAM FILES\PC -Cleanup-2018 on {computername}\unins000.dat, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\danish_apc_da.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\Dutch_apc_nl.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\english_apc_en.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\finish_apc_fi.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\French_apc_fr.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\german_apc_de.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\italian_apc_it.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\japanese_apc_ja.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\norwegian_apc_no.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\portuguese_apc_ptbr.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\russian_apc_ru.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\spanish_apc_es.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\langs\swedish_apc_sv.ini, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\x64\SQLite.Interop.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\x86\SQLite.Interop.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\app.ico, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\AppRes.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\HtmlRenderer.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\HtmlRenderer.WinForms.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\Microsoft.TeamFoundation.Common.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\pcl.exe, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\pcl.exe.config, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\System.Data.SQLite.DLL, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\TAFactory.IconPack.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\TaskScheduler.dll, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\unins000.exe, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\Program Files\PC -Cleanup-2018 on {computername}\unins000.msg, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\WINDOWS\SYSTEM32\TASKS\PC -Cleanup-2018_Logon, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\PC -Cleanup-2018.lnk, Quarantined, [416], [553775],1.0.6521 PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC -Cleanup-2018 on {computername}\Buy PC -Cleanup-2018.lnk, Quarantined, [416], [520948],1.0.6521 PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC -Cleanup-2018 on {computername}\PC -Cleanup-2018.lnk, Quarantined, [416], [520948],1.0.6521 PUP.Optional.PCVARK, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC -Cleanup-2018 on {computername}\Uninstall PC -Cleanup-2018.lnk, Quarantined, [416], [520948],1.0.6521 PUP.Optional.PCVARK, C:\ProgramData\PC -Cleanup-2018 on {computername}\mpc.db, Quarantined, [416], [520949],1.0.6521 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\PC -Cleanup-2018 on {computername}\Errorlog.txt, Quarantined, [416], [520949],1.0.6521 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\PC -Cleanup-2018 on {computername}\exlist.bin, Quarantined, [416], [520949],1.0.6521 PUP.Optional.PCVARK, C:\Users\{username}\AppData\Roaming\PC -Cleanup-2018 on {computername}\res.xml, Quarantined, [416], [520949],1.0.6521 PUP.Optional.PCVARK, C:\PROGRAMDATA\PC -Cleanup-2018 on {computername}\mpc.db, Quarantined, [416], [556300],1.0.6521 PUP.Optional.PCVARK, C:\USERS\{username}\DESKTOP\PCCSETUP.EXE, Quarantined, [416], [522026],1.0.6521 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.