Jump to content

Search the Community

Showing results for tags 'econosoft'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 6 results

  1. What is PC Mechanic Plus?The Malwarebytes research team has determined that PC Mechanic Plus is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with PC Mechanic Plus?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see this warning during install:and this type of screens during "operations":You may see this entry in your list of installed programs:and these tasks in your list of Scheduled Tasks:How did PC Mechanic Plus get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove PC Mechanic Plus?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes for Windows to your desktop. Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. When the scan is finished click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Is there anything else I need to do to get rid of PC Mechanic Plus? No, Malwarebytes removes PC Mechanic Plus completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the PC Mechanic Plus installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsYou may see these entries in FRST logs: (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus.exe (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus_protection.exe Task: {4106AEC0-DB24-4388-AF73-C4D705152F07} - System32\Tasks\PC Mechanic Plus => C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus.exe [9475888 2019-10-29] (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) Task: {FACC3246-37AD-428A-BB62-49B0A1C64C48} - System32\Tasks\PC Mechanic Plus Protection Startup => C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus_protection.exe [341296 2019-10-29] (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Windows\system32\Tasks\PC Mechanic Plus Protection Startup C:\Windows\system32\Tasks\PC Mechanic Plus C:\Users\Public\Desktop\PC Mechanic Plus.lnk C:\ProgramData\Desktop\PC Mechanic Plus.lnk C:\Users\{username}\AppData\Roaming\PC Mechanic Plus C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Mechanic Plus C:\Program Files (x86)\PC Mechanic Plus PC Mechanic Plus (HKLM-x32\...\{E4CEFAE2-819E-4D71-90AB-915DCF23F43B}}_is1) (Version: V1.0.0 - Econosoft Global Services Pte. Ltd.) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\PC Mechanic Plus Adds the file Core.dll"="8/5/2019 9:20 PM, 237568 bytes, A Adds the file DiscUtils.Common.dll"="6/14/2013 6:28 PM, 30376 bytes, A Adds the file DiscUtils.Common.pdb"="6/14/2013 6:28 PM, 50688 bytes, A Adds the file DiscUtils.Common.xml"="6/14/2013 6:28 PM, 2009 bytes, A Adds the file DiscUtils.dll"="6/14/2013 6:28 PM, 1001640 bytes, A Adds the file DiscUtils.pdb"="6/14/2013 6:28 PM, 2926080 bytes, A Adds the file DiscUtils.xml"="6/14/2013 6:28 PM, 862466 bytes, A Adds the file DynamicDataDisplay.dll"="8/5/2019 9:20 PM, 316416 bytes, A Adds the file errordetailsOpt.xml"="11/18/2019 9:24 AM, 637636 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="10/29/2019 2:47 AM, 37376 bytes, A Adds the file logo.ico"="10/24/2019 7:33 AM, 21662 bytes, A Adds the file Microsoft.Data.Edm.dll"="3/26/2015 1:35 AM, 659120 bytes, A Adds the file Microsoft.Data.Edm.xml"="3/26/2015 1:20 AM, 654503 bytes, A Adds the file Microsoft.Data.OData.dll"="3/26/2015 1:35 AM, 1520808 bytes, A Adds the file Microsoft.Data.OData.xml"="3/26/2015 1:23 AM, 3709853 bytes, A Adds the file Microsoft.Data.Services.Client.dll"="3/26/2015 1:35 AM, 667304 bytes, A Adds the file Microsoft.Data.Services.Client.xml"="3/26/2015 1:24 AM, 1459578 bytes, A Adds the file Microsoft.Data.Services.dll"="3/26/2015 1:35 AM, 911528 bytes, A Adds the file Microsoft.Data.Services.xml"="3/26/2015 1:25 AM, 1926679 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="8/5/2019 9:20 PM, 171008 bytes, A Adds the file pcmechanicplus.exe"="10/29/2019 2:50 AM, 9475888 bytes, A Adds the file pcmechanicplus_protection.exe"="10/29/2019 2:50 AM, 341296 bytes, A Adds the file SharpCompress.dll"="8/20/2019 8:38 PM, 530944 bytes, A Adds the file System.Data.SQLite.dll"="6/8/2019 5:50 PM, 360448 bytes, A Adds the file System.Data.SQLite.xml"="6/8/2019 5:50 PM, 1089145 bytes, A Adds the file System.Spatial.dll"="3/26/2015 1:35 AM, 118448 bytes, A Adds the file System.Spatial.xml"="3/26/2015 1:20 AM, 366878 bytes, A Adds the file System.Windows.Controls.Layout.Toolkit.dll"="8/5/2019 9:20 PM, 95064 bytes, A Adds the file unins000.dat"="11/18/2019 9:19 AM, 59331 bytes, A Adds the file unins000.exe"="11/18/2019 9:19 AM, 2556720 bytes, A Adds the file unins000.msg"="11/18/2019 9:19 AM, 23077 bytes, A Adds the file WpfAnimatedGif.dll"="2/15/2019 5:06 PM, 40448 bytes, A Adds the file WpfAnimatedGif.xml"="2/15/2019 5:06 PM, 11262 bytes, A Adds the file WPFToolkit.dll"="8/5/2019 9:20 PM, 467288 bytes, A Adds the folder C:\Program Files (x86)\PC Mechanic Plus\Backup Adds the file 2019_10_25_025216.xml"="10/25/2019 3:52 AM, 65 bytes, A Adds the folder C:\Program Files (x86)\PC Mechanic Plus\de Adds the file pcmechanicplus.resources.dll"="10/29/2019 2:50 AM, 78848 bytes, A Adds the file Uninstaller.resources.dll"="10/24/2019 5:43 AM, 78336 bytes, A Adds the folder C:\Program Files (x86)\PC Mechanic Plus\uni Adds the file System.Data.SQLite.dll"="6/8/2019 5:50 PM, 360448 bytes, A Adds the file System.Data.SQLite.xml"="6/8/2019 5:50 PM, 1089145 bytes, A Adds the file Uninstaller.exe"="10/29/2019 2:50 AM, 631088 bytes, A Adds the folder C:\Program Files (x86)\PC Mechanic Plus\uni\de Adds the file Uninstaller.resources.dll"="10/29/2019 2:50 AM, 78336 bytes, A Adds the file Uninstaller.resources.dll"="10/29/2019 2:50 AM, 88576 bytes, A Adds the folder C:\Program Files (x86)\PC Mechanic Plus\uni\x64 Adds the file SQLite.Interop.dll"="6/8/2019 5:51 PM, 1632256 bytes, A Adds the folder C:\Program Files (x86)\PC Mechanic Plus\uni\x86 Adds the file SQLite.Interop.dll"="6/8/2019 5:46 PM, 1240064 bytes, A Adds the folder C:\Program Files (x86)\PC Mechanic Plus\x64 Adds the file SQLite.Interop.dll"="6/8/2019 5:51 PM, 1632256 bytes, A Adds the folder C:\Program Files (x86)\PC Mechanic Plus\x86 Adds the file SQLite.Interop.dll"="6/8/2019 5:46 PM, 1240064 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Mechanic Plus Adds the file PC Mechanic Plus.lnk"="11/18/2019 9:19 AM, 1203 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\PC Mechanic Plus\PC Repair Online\setting Adds the file PMP_sett.ash"="11/18/2019 9:24 AM, 425984 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file PC Mechanic Plus.lnk"="11/18/2019 9:19 AM, 1185 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file PC Mechanic Plus"="11/18/2019 9:20 AM, 3248 bytes, A Adds the file PC Mechanic Plus Protection Startup"="11/18/2019 9:20 AM, 3270 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\FT\PMP\Activation] "Insdate"="REG_SZ", "/LLUIMuYH1T6hRj9UjJDS9kUCb23i+18u6OHoSd2cTg=" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "lap"="REG_SZ", "3e04E4g4NQdCpq7hu8KRlfyJ5tpx1j2NvqsggPsi+rU=" "lbp"="REG_SZ", "3e04E4g4NQdCpq7hu8KRlfyJ5tpx1j2NvqsggPsi+rU=" "lr"="REG_SZ", "3e04E4g4NQdCpq7hu8KRlfyJ5tpx1j2NvqsggPsi+rU=" "lsp"="REG_SZ", "3e04E4g4NQdCpq7hu8KRlfyJ5tpx1j2NvqsggPsi+rU=" "PN"="REG_SZ", "1-888-200-8889" "Program"="REG_SZ", "PC Mechanic Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FT\PMP\Activation] "IsTrack"="REG_SZ", "1" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "Program"="REG_SZ", "PC Mechanic Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4CEFAE2-819E-4D71-90AB-915DCF23F43B}}_is1] "Comments"="REG_SZ", "PC Mechanic Plus" "Contact"="REG_SZ", "+(888)200-889" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\PC Mechanic Plus\logo.ico" "DisplayName"="REG_SZ", "PC Mechanic Plus" "DisplayVersion"="REG_SZ", "V1.0.0" "EstimatedSize"="REG_DWORD", 40435 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\PC Mechanic Plus" "Inno Setup: Icon Group"="REG_SZ", "PC Mechanic Plus" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "6.0.2 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20191118" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\PC Mechanic Plus\" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Econosoft Global Services Pte. Ltd." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\PC Mechanic Plus\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\PC Mechanic Plus\unins000.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/18/19 Scan Time: 9:35 AM Log File: 59cbc17c-09de-11ea-a708-00ffdcc6fdfc.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.718 Update Package Version: 1.0.15088 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233805 Threats Detected: 109 Threats Quarantined: 109 Time Elapsed: 8 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus.exe, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus_protection.exe, Quarantined, 593, 761836, , , , Module: 4 PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\x64\SQLite.Interop.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\x64\SQLite.Interop.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus.exe, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus_protection.exe, Quarantined, 593, 761836, , , , Registry Key: 11 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\WOW6432NODE\FT\PMP, Quarantined, 1410, 711536, 1.0.15088, , ame, PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\FT\PMP, Quarantined, 1410, 711536, 1.0.15088, , ame, PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\TRACING\pcmechanicplus_RASAPI32, Quarantined, 593, 761842, 1.0.15088, , ame, PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\TRACING\pcmechanicplus_RASMANCS, Quarantined, 593, 761842, 1.0.15088, , ame, PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Mechanic Plus, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4106AEC0-DB24-4388-AF73-C4D705152F07}, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{4106AEC0-DB24-4388-AF73-C4D705152F07}, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Mechanic Plus Protection Startup, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FACC3246-37AD-428A-BB62-49B0A1C64C48}, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{FACC3246-37AD-428A-BB62-49B0A1C64C48}, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E4CEFAE2-819E-4D71-90AB-915DCF23F43B}}_is1, Quarantined, 593, 761836, , , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\ja-jp, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\x64, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\x86, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\de, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\en, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\fr, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\ja-jp, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\x64, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\x86, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\de, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\en, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\fr, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC MECHANIC PLUS, Quarantined, 593, 761840, 1.0.15088, , ame, PUP.Optional.PCBooster, C:\Users\{username}\AppData\Roaming\PC Mechanic Plus\PC Repair Online\setting, Quarantined, 593, 761841, , , , PUP.Optional.PCBooster, C:\Users\{username}\AppData\Roaming\PC Mechanic Plus\PC Repair Online, Quarantined, 593, 761841, , , , PUP.Optional.PCBooster, C:\USERS\{username}\APPDATA\ROAMING\PC MECHANIC PLUS, Quarantined, 593, 761841, 1.0.15088, , ame, File: 73 PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_29_010411.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_25_025216.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_25_030630.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_25_030653.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_25_030702.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_25_030730.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_25_030741.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_25_031606.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_25_031659.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_25_034144.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_28_023829.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_28_033902.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_29_002103.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_29_002116.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_29_002328.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_29_002502.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_29_014449.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Backup\2019_10_29_014811.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\de\pcmechanicplus.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\de\Uninstaller.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\en\pcmechanicplus.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\en\Uninstaller.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\fr\pcmechanicplus.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\fr\Uninstaller.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\ja-jp\pcmechanicplus.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\ja-jp\Uninstaller.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\de\Uninstaller.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\en\Uninstaller.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\fr\Uninstaller.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\ja-jp\Uninstaller.resources.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\x64\SQLite.Interop.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\x86\SQLite.Interop.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\System.Data.SQLite.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\System.Data.SQLite.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\uni\Uninstaller.exe, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\x64\SQLite.Interop.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\x86\SQLite.Interop.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Interop.IWshRuntimeLibrary.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Core.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\DiscUtils.Common.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\DiscUtils.Common.pdb, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\DiscUtils.Common.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\DiscUtils.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\DiscUtils.pdb, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\DiscUtils.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\DynamicDataDisplay.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\errordetailsOpt.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\logo.ico, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Microsoft.Data.Edm.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Microsoft.Data.OData.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Microsoft.Data.Services.Client.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Microsoft.Data.Services.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\Microsoft.Win32.TaskScheduler.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus.exe, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\pcmechanicplus_protection.exe, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\SharpCompress.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\System.Data.SQLite.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\System.Data.SQLite.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\System.Spatial.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\unins000.dat, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\unins000.exe, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\unins000.msg, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\WpfAnimatedGif.dll, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\Program Files (x86)\PC Mechanic Plus\WpfAnimatedGif.xml, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\WINDOWS\SYSTEM32\TASKS\PC Mechanic Plus, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\PC Mechanic Plus.lnk, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\USERS\PUBLIC\Desktop\PC Mechanic Plus.lnk, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\WINDOWS\SYSTEM32\TASKS\PC Mechanic Plus Protection Startup, Quarantined, 593, 761836, , , , PUP.Optional.PCBooster, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Mechanic Plus\PC Mechanic Plus.lnk, Quarantined, 593, 761840, , , , PUP.Optional.PCBooster, C:\Users\{username}\AppData\Roaming\PC Mechanic Plus\PC Repair Online\setting\PMP_sett.ash, Quarantined, 593, 761841, , , , PUP.Optional.PCBooster, C:\USERS\{username}\APPDATA\LOCAL\TEMP\IS-MBDKU.TMP\PCMECHANICPLUS.TMP, Quarantined, 593, 711523, 1.0.15088, , ame, PUP.Optional.PCBooster, C:\USERS\{username}\APPDATA\LOCAL\TEMP\7ZIPSFX.000\PCMECHANICPLUS.EXE, Quarantined, 593, 711523, 1.0.15088, 22B575820D45420969C4E126, dds, 00462655 PUP.Optional.PCBooster, C:\USERS\{username}\DOWNLOADS\PCMECHANICPLUS.EXE, Quarantined, 593, 749298, 1.0.15088, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  2. What is True PC Booster Master?The Malwarebytes research team has determined that True PC Booster Master is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with True PC Booster Master?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and this type of screens during "operations":You may see this entry in your list of installed programs:and these tasks in your list of Scheduled Tasks:How did True PC Booster Master get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove True PC Booster Master?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of True PC Booster Master? No, Malwarebytes removes True PC Booster Master completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the True PC Booster Master installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and both Malwarebytes Premium and Browser Guard block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Program Files (x86)\True PC Booster Master\pcpowerplus.exe (Econosoft Global Services Pte. Ltd.) [File not signed] C:\Program Files (x86)\True PC Booster Master\pcpowerplus_protection.exe Task: {12C05BE5-E4D8-4B6A-99B1-232261167CD1} - System32\Tasks\True PC Booster Master Startup => C:\Program Files (x86)\True PC Booster Master\pcpowerplus_protection.exe [333312 2019-09-24] (Econosoft Global Services Pte. Ltd.) [File not signed] Task: {5BA42EA2-3F3C-4415-9A97-3E059C2FC45D} - System32\Tasks\True PC Booster Master => C:\Program Files (x86)\True PC Booster Master\pcpowerplus.exe [7879984 2019-09-24] (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Windows\system32\Tasks\True PC Booster Master Startup C:\Windows\system32\Tasks\True PC Booster Master C:\Users\Public\Desktop\True PC Booster Master.lnk C:\ProgramData\Desktop\True PC Booster Master.lnk C:\Users\{username}\AppData\Roaming\True PC Booster Master C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True PC Booster Master C:\Program Files (x86)\True PC Booster Master (Econosoft Global Services Pte. Ltd. ) C:\Users\{username}\Downloads\truepcboostermaster.exe True PC Booster Master (HKLM-x32\...\{61CB58F3-6B6F-488A-9163-2B56F3F44296}}_is1) (Version: 1.0 - Econosoft Global Services Pte. Ltd.) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\True PC Booster Master Adds the file Core.dll"="4/19/2018 1:01 AM, 237568 bytes, A Adds the file DiscUtils.Common.dll"="4/19/2018 1:01 AM, 23040 bytes, A Adds the file DiscUtils.dll"="4/19/2018 1:01 AM, 915456 bytes, A Adds the file DiscUtils.MSBuild.dll"="4/19/2018 1:01 AM, 8192 bytes, A Adds the file DynamicDataDisplay.dll"="4/19/2018 1:01 AM, 316416 bytes, A Adds the file errordetailsOpt.xml"="10/31/2019 11:29 AM, 1189982 bytes, A Adds the file errorlog.txt"="7/12/2019 1:46 AM, 189 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="4/19/2018 1:01 AM, 49152 bytes, A Adds the file Interop.NATUPNPLib.dll"="4/19/2018 1:01 AM, 7680 bytes, A Adds the file Interop.NETCONLib.dll"="4/19/2018 1:01 AM, 10240 bytes, A Adds the file Interop.NetFwTypeLib.dll"="4/19/2018 1:01 AM, 19456 bytes, A Adds the file ISID.dll"="4/19/2018 1:01 AM, 1605120 bytes, A Adds the file logo.ico"="9/11/2019 4:10 AM, 21662 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="4/19/2018 1:01 AM, 171008 bytes, A Adds the file pcpowerplus.exe"="9/24/2019 10:21 AM, 7879984 bytes, A Adds the file pcpowerplus_protection.exe"="9/24/2019 10:20 AM, 333312 bytes, A Adds the file SharpCompress.dll"="4/19/2018 1:01 AM, 418304 bytes, A Adds the file System.Data.SQLite.dll"="4/19/2018 1:01 AM, 280576 bytes, A Adds the file System.Windows.Controls.Layout.Toolkit.dll"="4/19/2018 1:01 AM, 95064 bytes, A Adds the file unins000.dat"="10/31/2019 11:17 AM, 54831 bytes, A Adds the file unins000.exe"="10/31/2019 11:17 AM, 2556720 bytes, A Adds the file unins000.msg"="10/31/2019 11:17 AM, 23125 bytes, A Adds the file WpfAnimatedGif.dll"="4/19/2018 1:01 AM, 28160 bytes, A Adds the file WPFToolkit.dll"="4/19/2018 1:01 AM, 467288 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\Backup Adds the file 2019_07_22_052127.xml"="7/22/2019 6:21 AM, 65 bytes, A Adds the file 2019_07_22_052142.xml"="7/22/2019 6:21 AM, 65 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\de Adds the file pcpowerplus.resources.dll"="9/24/2019 10:21 AM, 73728 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\en Adds the file pcpowerplus.resources.dll"="9/24/2019 10:21 AM, 68608 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\fr Adds the file pcpowerplus.resources.dll"="9/24/2019 10:21 AM, 76288 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\ja-jp Adds the file pcpowerplus.resources.dll"="9/24/2019 10:21 AM, 86016 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\slider Adds the file Slider-1.jpg"="4/19/2018 1:01 AM, 77585 bytes, A Adds the file Slider-2.jpg"="4/19/2018 1:01 AM, 79413 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\uni Adds the file System.Data.SQLite.dll"="3/1/2018 10:21 PM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="3/1/2018 10:21 PM, 1051056 bytes, A Adds the file Uninstaller.exe"="9/24/2019 10:20 AM, 468992 bytes, A Adds the file Uninstaller.exe.config"="8/21/2019 3:28 AM, 1552 bytes, A Adds the file Uninstaller.pdb"="9/24/2019 10:20 AM, 259584 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\uni\de Adds the file Uninstaller.resources.dll"="9/24/2019 10:20 AM, 27648 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\uni\en Adds the file Uninstaller.resources.dll"="9/24/2019 10:20 AM, 25600 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\uni\ja-jp Adds the file Uninstaller.resources.dll"="9/24/2019 10:20 AM, 33280 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\x64 Adds the file SQLite.Interop.dll"="4/19/2018 1:01 AM, 1205248 bytes, A Adds the folder C:\Program Files (x86)\True PC Booster Master\x86 Adds the file SQLite.Interop.dll"="4/19/2018 1:01 AM, 903168 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True PC Booster Master Adds the file True PC Booster Master.lnk"="10/31/2019 11:17 AM, 1242 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\True PC Booster Master Adds the folder C:\Users\{username}\AppData\Roaming\True PC Booster Master\PC Repair Online Adds the folder C:\Users\{username}\AppData\Roaming\True PC Booster Master\PC Repair Online\setting Adds the file TPCBM.ash"="10/31/2019 11:29 AM, 590848 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file True PC Booster Master.lnk"="10/31/2019 11:17 AM, 1224 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file True PC Booster Master"="10/31/2019 11:17 AM, 3254 bytes, A Adds the file True PC Booster Master Startup"="10/31/2019 11:17 AM, 3276 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\FT\TPBM\Activation] "Insdate"="REG_SZ", "4YHHUl1i1Br9iF7MWsYJCuGaAfmboNGpoAgMpwXQ1BI=" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "lap"="REG_SZ", "MaJ2gPoqxd8XfUpiR6yGApWiy6PWHK7vLv3JQKF+yuU=" "lbp"="REG_SZ", "MaJ2gPoqxd8XfUpiR6yGApWiy6PWHK7vLv3JQKF+yuU=" "lr"="REG_SZ", "MaJ2gPoqxd8XfUpiR6yGApWiy6PWHK7vLv3JQKF+yuU=" "lsp"="REG_SZ", "MaJ2gPoqxd8XfUpiR6yGApWiy6PWHK7vLv3JQKF+yuU=" "Program"="REG_SZ", "True PC Booster Master" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FT\TPBM\Activation] "IsTrack"="REG_SZ", "1" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "Program"="REG_SZ", "True PC Booster Master" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61CB58F3-6B6F-488A-9163-2B56F3F44296}}_is1] "Comments"="REG_SZ", "True PC Booster Master" "Contact"="REG_SZ", "+1 (888)200-8889" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\True PC Booster Master\logo.ico" "DisplayName"="REG_SZ", "True PC Booster Master" "DisplayVersion"="REG_SZ", "1.0" "EstimatedSize"="REG_DWORD", 22389 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\True PC Booster Master" "Inno Setup: Icon Group"="REG_SZ", "True PC Booster Master" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "6.0.2 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20191031" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\True PC Booster Master\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Econosoft Global Services Pte. Ltd." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\True PC Booster Master\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\True PC Booster Master\unins000.exe"" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 0 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/31/19 Scan Time: 11:45 AM Log File: 85603082-fbcb-11e9-a177-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.629 Update Package Version: 1.0.13127 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234214 Threats Detected: 20 Threats Quarantined: 20 Time Elapsed: 14 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 PUP.Optional.PCBooster, C:\PROGRAM FILES (X86)\TRUE PC BOOSTER MASTER\PCPOWERPLUS_PROTECTION.EXE, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, C:\PROGRAM FILES (X86)\TRUE PC BOOSTER MASTER\PCPOWERPLUS.EXE, Quarantined, [587], [749298],1.0.13127 Module: 2 PUP.Optional.PCBooster, C:\PROGRAM FILES (X86)\TRUE PC BOOSTER MASTER\PCPOWERPLUS_PROTECTION.EXE, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, C:\PROGRAM FILES (X86)\TRUE PC BOOSTER MASTER\PCPOWERPLUS.EXE, Quarantined, [587], [749298],1.0.13127 Registry Key: 7 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\True PC Booster Master Startup, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{12C05BE5-E4D8-4B6A-99B1-232261167CD1}, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{12C05BE5-E4D8-4B6A-99B1-232261167CD1}, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\True PC Booster Master, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5BA42EA2-3F3C-4415-9A97-3E059C2FC45D}, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{5BA42EA2-3F3C-4415-9A97-3E059C2FC45D}, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{61CB58F3-6B6F-488A-9163-2B56F3F44296}}_is1, Quarantined, [587], [711523],1.0.13127 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 9 PUP.Optional.PCBooster, C:\WINDOWS\SYSTEM32\TASKS\True PC Booster Master Startup, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, C:\PROGRAM FILES (X86)\TRUE PC BOOSTER MASTER\PCPOWERPLUS_PROTECTION.EXE, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, C:\WINDOWS\SYSTEM32\TASKS\True PC Booster Master, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\True PC Booster Master.lnk, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, C:\USERS\PUBLIC\Desktop\True PC Booster Master.lnk, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, C:\PROGRAM FILES (X86)\TRUE PC BOOSTER MASTER\PCPOWERPLUS.EXE, Quarantined, [587], [749298],1.0.13127 PUP.Optional.PCBooster, C:\PROGRAM FILES (X86)\TRUE PC BOOSTER MASTER\UNINS000.EXE, Quarantined, [587], [711523],1.0.13127 PUP.Optional.PCBooster, C:\USERS\{username}\DESKTOP\TRUEPCBOOSTERMASTER.EXE, Quarantined, [587], [711523],1.0.13127 PUP.Optional.PCBooster, C:\USERS\{username}\DOWNLOADS\TRUEPCBOOSTERMASTER.EXE, Quarantined, [587], [711523],1.0.13127 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. What is Quick PC Tuneup?The Malwarebytes research team has determined that Quick PC Tuneup is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Quick PC Tuneup?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see this warning during install:and these screens during "operations":You may see this entry in your list of installed programs:and these tasks in your list of Scheduled Tasks:How did Quick PC Tuneup get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Quick PC Tuneup?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Quick PC Tuneup? No, Malwarebytes removes Quick PC Tuneup completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Quick PC Tuneup installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsYou may see these entries in FRST logs: (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup.exe (Econosoft Global Services Pte. Ltd.) [File not signed] C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup_protection.exe Task: {AFE76C5B-4FA4-4137-B90E-7822EFDCA653} - System32\Tasks\Quick PC Tuneup Protection Startup => C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup_protection.exe [346112 2019-09-13] (Econosoft Global Services Pte. Ltd.) [File not signed] Task: {F28089C0-D0C6-44BE-BFAE-F57EEC06950C} - System32\Tasks\Quick PC Tuneup => C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup.exe [7004976 2019-09-13] (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Windows\system32\Tasks\Quick PC Tuneup Protection Startup C:\Windows\system32\Tasks\Quick PC Tuneup C:\Users\Public\Desktop\Quick PC Tuneup.lnk C:\ProgramData\Desktop\Quick PC Tuneup.lnk C:\Users\{username}\AppData\Roaming\Quick PC Tuneup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick PC Tuneup C:\Program Files (x86)\Quick PC Tuneup Quick PC Tuneup (HKLM-x32\...\{BBE52FC2-032A-4981-8F4A-10FF6850CC47}}_is1) (Version: v1.0.0 - Econosoft Global Services Pte. Ltd.) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Quick PC Tuneup Adds the file Core.dll"="8/5/2019 7:50 AM, 237568 bytes, A Adds the file DiscUtils.Common.dll"="8/5/2019 7:50 AM, 23040 bytes, A Adds the file DiscUtils.dll"="8/5/2019 7:50 AM, 915456 bytes, A Adds the file DiscUtils.MSBuild.dll"="8/5/2019 7:50 AM, 8192 bytes, A Adds the file DynamicDataDisplay.dll"="8/5/2019 7:50 AM, 316416 bytes, A Adds the file errordetailsOpt.xml"="10/18/2019 10:57 AM, 572160 bytes, A Adds the file errorlog.txt"="8/5/2019 7:50 AM, 189 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="8/5/2019 7:50 AM, 49152 bytes, A Adds the file Interop.NATUPNPLib.dll"="8/5/2019 7:50 AM, 7680 bytes, A Adds the file Interop.NETCONLib.dll"="8/5/2019 7:50 AM, 10240 bytes, A Adds the file Interop.NetFwTypeLib.dll"="8/5/2019 7:50 AM, 19456 bytes, A Adds the file ISID.dll"="8/5/2019 7:50 AM, 1605120 bytes, A Adds the file logo.ico"="8/28/2019 5:30 PM, 21662 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="8/5/2019 7:50 AM, 171008 bytes, A Adds the file quickpctuneup.exe"="9/13/2019 9:26 AM, 7004976 bytes, A Adds the file quickpctuneup_protection.exe"="9/13/2019 5:12 AM, 346112 bytes, A Adds the file SharpCompress.dll"="8/5/2019 7:50 AM, 418304 bytes, A Adds the file System.Data.SQLite.dll"="8/5/2019 7:50 AM, 280576 bytes, A Adds the file System.Windows.Controls.Layout.Toolkit.dll"="8/5/2019 7:50 AM, 95064 bytes, A Adds the file unins000.dat"="10/18/2019 10:52 AM, 53731 bytes, A Adds the file unins000.exe"="10/18/2019 10:51 AM, 2556720 bytes, A Adds the file unins000.msg"="10/18/2019 10:52 AM, 23069 bytes, A Adds the file WpfAnimatedGif.dll"="8/5/2019 7:50 AM, 28160 bytes, A Adds the file WPFToolkit.dll"="8/5/2019 7:50 AM, 467288 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\de Adds the file quickpctuneup.resources.dll"="9/13/2019 9:25 AM, 77824 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\en Adds the file quickpctuneup.resources.dll"="9/13/2019 9:25 AM, 71168 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\fr Adds the file quickpctuneup.resources.dll"="9/13/2019 9:25 AM, 76288 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\ja-jp Adds the file quickpctuneup.resources.dll"="9/13/2019 9:25 AM, 88576 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\slider Adds the folder C:\Program Files (x86)\Quick PC Tuneup\uni Adds the file System.Data.SQLite.dll"="8/5/2019 7:52 AM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="8/5/2019 7:52 AM, 1051056 bytes, A Adds the file Uninstaller.exe"="9/13/2019 5:12 AM, 603648 bytes, A Adds the file Uninstaller.exe.config"="8/29/2019 8:59 PM, 1567 bytes, A Adds the file Uninstaller.pdb"="9/13/2019 5:12 AM, 448000 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\uni\de Adds the file Uninstaller.resources.dll"="9/13/2019 5:12 AM, 74752 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\uni\en Adds the file Uninstaller.resources.dll"="9/13/2019 5:12 AM, 68096 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\uni\ja-jp Adds the file Uninstaller.resources.dll"="9/13/2019 5:12 AM, 84992 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\uni\x64 Adds the file SQLite.Interop.dll"="8/5/2019 7:50 AM, 1534464 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\uni\x86 Adds the file SQLite.Interop.dll"="8/5/2019 7:50 AM, 1149440 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\x64 Adds the file SQLite.Interop.dll"="8/5/2019 7:50 AM, 1205248 bytes, A Adds the folder C:\Program Files (x86)\Quick PC Tuneup\x86 Adds the file SQLite.Interop.dll"="8/5/2019 7:50 AM, 903168 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick PC Tuneup Adds the file Quick PC Tuneup.lnk"="10/18/2019 10:52 AM, 1189 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Quick PC Tuneup Adds the folder C:\Users\{username}\AppData\Roaming\Quick PC Tuneup\PC Repair Online Adds the folder C:\Users\{username}\AppData\Roaming\Quick PC Tuneup\PC Repair Online\setting Adds the file pbp_sett.ash"="10/18/2019 10:52 AM, 0 bytes, A Adds the file QPT_sett.ash"="10/18/2019 10:57 AM, 302080 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Quick PC Tuneup.lnk"="10/18/2019 10:52 AM, 1171 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Quick PC Tuneup"="10/18/2019 10:52 AM, 3244 bytes, A Adds the file Quick PC Tuneup Protection Startup"="10/18/2019 10:52 AM, 3264 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\FT\QPT\Activation] "Insdate"="REG_SZ", "rZirgo8sJa6whLM/mrq8zsitzmS0ydEnzU2+/YGPR88=" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "lap"="REG_SZ", "lzgkSmxXNaWpj17mZ6LXYNmptcAMwM4WPgNnlKziD78=" "lbp"="REG_SZ", "lzgkSmxXNaWpj17mZ6LXYNmptcAMwM4WPgNnlKziD78=" "lr"="REG_SZ", "lzgkSmxXNaWpj17mZ6LXYNmptcAMwM4WPgNnlKziD78=" "lsp"="REG_SZ", "lzgkSmxXNaWpj17mZ6LXYNmptcAMwM4WPgNnlKziD78=" "PN"="REG_SZ", "1-888-200-8889" "Program"="REG_SZ", "Quick PC Tuneup" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FT\QPT\Activation] "IsTrack"="REG_SZ", "1" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "Program"="REG_SZ", "Quick PC Tuneup" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BBE52FC2-032A-4981-8F4A-10FF6850CC47}}_is1] "Comments"="REG_SZ", "Quick PC Tuneup" "Contact"="REG_SZ", "+1(888)200-8889" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Quick PC Tuneup\logo.ico" "DisplayName"="REG_SZ", "Quick PC Tuneup" "DisplayVersion"="REG_SZ", "v1.0.0" "EstimatedSize"="REG_DWORD", 22497 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Quick PC Tuneup" "Inno Setup: Icon Group"="REG_SZ", "Quick PC Tuneup" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "6.0.2 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20191018" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Quick PC Tuneup\" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Econosoft Global Services Pte. Ltd." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Quick PC Tuneup\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Quick PC Tuneup\unins000.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/18/19 Scan Time: 11:04 AM Log File: 3bbc3ce0-f186-11e9-946a-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.12961 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 234418 Threats Detected: 84 Threats Quarantined: 84 Time Elapsed: 10 min, 28 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup.exe, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup_protection.exe, Quarantined, [584], [749295],1.0.12961 Module: 4 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\x64\SQLite.Interop.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\x64\SQLite.Interop.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup.exe, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup_protection.exe, Quarantined, [584], [749295],1.0.12961 Registry Key: 9 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\WOW6432NODE\FT\QPT, Quarantined, [1402], [749301],1.0.12961 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Quick PC Tuneup, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F28089C0-D0C6-44BE-BFAE-F57EEC06950C}, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{F28089C0-D0C6-44BE-BFAE-F57EEC06950C}, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Quick PC Tuneup Protection Startup, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AFE76C5B-4FA4-4137-B90E-7822EFDCA653}, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{AFE76C5B-4FA4-4137-B90E-7822EFDCA653}, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BBE52FC2-032A-4981-8F4A-10FF6850CC47}}_is1, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\FT\QPT, Quarantined, [1402], [749301],1.0.12961 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\ja-jp, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\x64, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\x86, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\slider, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\de, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\en, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\ja-jp, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\x64, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\x86, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\de, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\en, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\fr, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\PROGRAM FILES (X86)\QUICK PC TUNEUP, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\QUICK PC TUNEUP, Quarantined, [584], [749296],1.0.12961 PUP.Optional.PCBooster, C:\Users\{username}\AppData\Roaming\Quick PC Tuneup\PC Repair Online\setting, Quarantined, [584], [749302],1.0.12961 PUP.Optional.PCBooster, C:\Users\{username}\AppData\Roaming\Quick PC Tuneup\PC Repair Online, Quarantined, [584], [749302],1.0.12961 PUP.Optional.PCBooster, C:\USERS\{username}\APPDATA\ROAMING\QUICK PC TUNEUP, Quarantined, [584], [749302],1.0.12961 File: 50 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\de\quickpctuneup.resources.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\en\quickpctuneup.resources.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\fr\quickpctuneup.resources.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\ja-jp\quickpctuneup.resources.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\de\Uninstaller.resources.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\en\Uninstaller.resources.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\ja-jp\Uninstaller.resources.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\x64\SQLite.Interop.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\x86\SQLite.Interop.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\System.Data.SQLite.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\System.Data.SQLite.xml, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\Uninstaller.exe, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\Uninstaller.exe.config, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\uni\Uninstaller.pdb, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\x64\SQLite.Interop.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\x86\SQLite.Interop.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\Core.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\DiscUtils.Common.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\DiscUtils.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\DiscUtils.MSBuild.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\DynamicDataDisplay.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\errordetailsOpt.xml, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\errorlog.txt, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\Interop.IWshRuntimeLibrary.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\Interop.NATUPNPLib.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\Interop.NETCONLib.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\Interop.NetFwTypeLib.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\ISID.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\logo.ico, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\Microsoft.Win32.TaskScheduler.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup.exe, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\quickpctuneup_protection.exe, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\SharpCompress.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\System.Data.SQLite.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\System.Windows.Controls.Layout.Toolkit.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\unins000.dat, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\unins000.exe, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\unins000.msg, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\WpfAnimatedGif.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\Program Files (x86)\Quick PC Tuneup\WPFToolkit.dll, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\WINDOWS\SYSTEM32\TASKS\Quick PC Tuneup, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Quick PC Tuneup.lnk, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\USERS\PUBLIC\Desktop\Quick PC Tuneup.lnk, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\WINDOWS\SYSTEM32\TASKS\Quick PC Tuneup Protection Startup, Quarantined, [584], [749295],1.0.12961 PUP.Optional.PCBooster, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick PC Tuneup\Quick PC Tuneup.lnk, Quarantined, [584], [749296],1.0.12961 PUP.Optional.PCBooster, C:\Users\{username}\AppData\Roaming\Quick PC Tuneup\PC Repair Online\setting\pbp_sett.ash, Quarantined, [584], [749302],1.0.12961 PUP.Optional.PCBooster, C:\Users\{username}\AppData\Roaming\Quick PC Tuneup\PC Repair Online\setting\QPT_sett.ash, Quarantined, [584], [749302],1.0.12961 PUP.Optional.PCBooster, C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\LOCALCOPY\{57D9D2C9-54A0-4AF0-8D30-1DE5AC803F1C}-QUICKPCTUNEUP.EXE, Quarantined, [584], [711523],1.0.12961 PUP.Optional.PCBooster, C:\USERS\{username}\APPDATA\LOCAL\TEMP\IS-0DDSB.TMP\QUICKPCTUNEUP.TMP, Quarantined, [584], [711523],1.0.12961 PUP.Optional.PCBooster, C:\USERS\{username}\DOWNLOADS\QUICKPCTUNEUP.EXE, Quarantined, [584], [711523],1.0.12961 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  4. What is Shark PC Protector?The Malwarebytes research team has determined that Shark PC Protector is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Shark PC Protector?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and this screen during "operations":You may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did Shark PC Protector get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Shark PC Protector?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Shark PC Protector? No, Malwarebytes removes Shark PC Protector completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Shark PC Protector installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Program Files (x86)\Shark PC Protector\sharkpcprotector.exe Task: {94427936-D024-4D0E-8A85-3496931204CE} - System32\Tasks\Shark PC Protector => C:\Program Files (x86)\Shark PC Protector\sharkpcprotector.exe [3240752 2019-06-06] (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) S2 COMServices; C:\Program Files (x86)\Shark PC Protector\svc//COMServices.exe [X] C:\Windows\System32\Tasks\Shark PC Protector C:\Users\Public\Desktop\Shark PC Protector.lnk C:\Users\{username}\AppData\Roaming\Shark PC Protector C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark PC Protector C:\Program Files (x86)\Shark PC Protector C:\Users\{username}\Downloads\Trojan.Worm.720266.msh C:\Users\{username}\Downloads\Trojan.Worm.361461.msh Shark PC Protector (HKLM-x32\...\{E6302A5A-54A4-4A53-9BE7-EA9AC128D298}}_is1) (Version: 1.0 - Econosoft Global Services Pte. Ltd.) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Shark PC Protector Adds the file Interop.NATUPNPLib.dll"="4/19/2018 12:25 PM, 7168 bytes, A Adds the file Interop.NETCONLib.dll"="4/19/2018 12:25 PM, 9728 bytes, A Adds the file Interop.NetFwTypeLib.dll"="4/19/2018 12:25 PM, 19456 bytes, A Adds the file Interop.Shell32.dll"="4/19/2018 12:25 PM, 36864 bytes, A Adds the file Interop.WUApiLib.dll"="4/19/2018 12:25 PM, 73728 bytes, A Adds the file ksb.bat"="8/8/2018 9:05 PM, 208 bytes, A Adds the file logo.ico"="6/6/2019 2:49 PM, 21662 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="4/19/2018 12:31 PM, 171008 bytes, A Adds the file sharkpcprotector.exe"="6/6/2019 7:59 PM, 3240752 bytes, A Adds the file SharpCompress.dll"="4/19/2018 12:35 PM, 418304 bytes, A Adds the file Sys_Trace.xml"="4/19/2018 12:45 PM, 46 bytes, A Adds the file System.Data.SQLite.dll"="4/19/2018 12:45 PM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="4/19/2018 12:45 PM, 1051056 bytes, A Adds the file unins000.dat"="8/5/2019 9:17 AM, 64650 bytes, A Adds the file unins000.exe"="8/5/2019 9:16 AM, 732976 bytes, A Adds the file unins000.msg"="8/5/2019 9:17 AM, 11573 bytes, A Adds the file WpfAnimatedGif.dll"="4/19/2018 12:20 PM, 28160 bytes, A Adds the file WPFToolkit.dll"="4/19/2018 12:20 PM, 467288 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\Backup Adds the folder C:\Program Files (x86)\Shark PC Protector\de Adds the file sharkpcprotector.resources.dll"="6/6/2019 7:58 PM, 29696 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\en Adds the file sharkpcprotector.resources.dll"="6/6/2019 7:58 PM, 27136 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\ja-jp Adds the file sharkpcprotector.resources.dll"="6/6/2019 7:58 PM, 33280 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\uni Adds the file System.Data.SQLite.dll"="4/19/2018 12:45 PM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="4/19/2018 12:45 PM, 1051056 bytes, A Adds the file Uninstaller.exe"="6/6/2019 7:51 PM, 527152 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\uni\en Adds the file Uninstaller.resources.dll"="6/6/2019 7:51 PM, 25600 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\uni\ja-jp Adds the file Uninstaller.resources.dll"="6/6/2019 7:51 PM, 33280 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\uni\x64 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1534464 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\uni\x86 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1149440 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\x64 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1534464 bytes, A Adds the folder C:\Program Files (x86)\Shark PC Protector\x86 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1149440 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark PC Protector Adds the file Shark PC Protector.lnk"="8/5/2019 9:17 AM, 1231 bytes, A Adds the file Uninstall Shark PC Protector.lnk"="8/5/2019 9:17 AM, 1191 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Shark PC Protector\PC Repair Online\Backup Adds the folder C:\Users\{username}\AppData\Roaming\Shark PC Protector\PC Repair Online\setting Adds the file pbp_sett.ash"="8/5/2019 9:19 AM, 2043904 bytes, A In the existing folder C:\Users\{username}\Downloads Adds the file Trojan.Worm.361461.msh"="8/1/2019 1:21 PM, 259 bytes, A Adds the file Trojan.Worm.720266.msh"="8/1/2019 1:21 PM, 259 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Shark PC Protector.lnk"="8/5/2019 9:17 AM, 1213 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Shark PC Protector"="8/5/2019 9:17 AM, 3252 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\FT\SPP\Activation] "Insdate"="REG_SZ", "0vk82II+kwASrHMk467xg06RZVH33BDSyywI+67hxko=" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "lap"="REG_SZ", "1qGZiOOFObHe4TpZYfRFLO1Z730z7GABrbVp9jOxcMo=" "lbp"="REG_SZ", "1qGZiOOFObHe4TpZYfRFLO1Z730z7GABrbVp9jOxcMo=" "lr"="REG_SZ", "2NQXF+b/h86YyDSWaGiUCTkIftjJWmJhQDtWYmdPLtw=" "lsp"="REG_SZ", "1qGZiOOFObHe4TpZYfRFLO1Z730z7GABrbVp9jOxcMo=" "PN"="REG_SZ", "+1(888)200-8889" "Program"="REG_SZ", "Shark PC Protector" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FT\SPP\Activation] "IsTrack"="REG_SZ", "1" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "Program"="REG_SZ", "Shark PC Protector" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E6302A5A-54A4-4A53-9BE7-EA9AC128D298}}_is1] "Comments"="REG_SZ", "Shark PC Protector" "Contact"="REG_SZ", "0800-183-3940" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Shark PC Protector\logo.ico" "DisplayName"="REG_SZ", "Shark PC Protector" "DisplayVersion"="REG_SZ", "1.0" "EstimatedSize"="REG_DWORD", 13749 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Shark PC Protector" "Inno Setup: Icon Group"="REG_SZ", "Shark PC Protector" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20190805" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Shark PC Protector\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Econosoft Global Services Pte. Ltd." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Shark PC Protector\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Shark PC Protector\unins000.exe"" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\COMServices] "DisplayName"="REG_SZ", "COMServices" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\Shark PC Protector\svc//COMServices.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Shark PC Protector"="REG_SZ", ""C:\Program Files (x86)\Shark PC Protector\ksb.bat"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/5/19 Scan Time: 9:26 AM Log File: 60fc5026-b752-11e9-88c6-00ffdcc6fdfc.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11862 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236500 Threats Detected: 70 Threats Quarantined: 70 Time Elapsed: 8 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\sharkpcprotector.exe, Quarantined, [1514], [709339],1.0.11862 Module: 2 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\x64\SQLite.Interop.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\sharkpcprotector.exe, Quarantined, [1514], [709339],1.0.11862 Registry Key: 9 PUP.Optional.SharkPCProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SHARK PC PROTECTOR, Quarantined, [1514], [709341],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94427936-D024-4D0E-8A85-3496931204CE}, Quarantined, [1514], [709341],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{94427936-D024-4D0E-8A85-3496931204CE}, Quarantined, [1514], [709341],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E6302A5A-54A4-4A53-9BE7-EA9AC128D298}}_is1, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SOFTWARE\FT\SPP, Quarantined, [1514], [709343],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SOFTWARE\WOW6432NODE\FT\SPP, Quarantined, [1514], [709343],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\COMSERVICES, Quarantined, [1514], [709345],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SOFTWARE\MICROSOFT\TRACING\sharkpcprotector_RASAPI32, Quarantined, [1514], [709344],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SOFTWARE\MICROSOFT\TRACING\sharkpcprotector_RASMANCS, Quarantined, [1514], [709344],1.0.11862 Registry Value: 3 PUP.Optional.SharkPCProtector, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Shark PC Protector, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\COMSERVICES|IMAGEPATH, Quarantined, [1514], [709345],1.0.11862 PUP.Optional.SharkPCProtector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94427936-D024-4D0E-8A85-3496931204CE}|PATH, Quarantined, [1514], [709349],1.0.11862 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 17 PUP.Optional.SharkPCProtector, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SHARK PC PROTECTOR, Quarantined, [1514], [709340],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\ja-jp, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\x64, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\x86, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\Backup, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\en, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\ja-jp, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\x64, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\x86, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\de, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\en, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\PROGRAM FILES (X86)\SHARK PC PROTECTOR, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Users\{username}\AppData\Roaming\Shark PC Protector\PC Repair Online\setting, Quarantined, [1514], [709336],1.0.11862 PUP.Optional.SharkPCProtector, C:\Users\{username}\AppData\Roaming\Shark PC Protector\PC Repair Online\Backup, Quarantined, [1514], [709336],1.0.11862 PUP.Optional.SharkPCProtector, C:\Users\{username}\AppData\Roaming\Shark PC Protector\PC Repair Online, Quarantined, [1514], [709336],1.0.11862 PUP.Optional.SharkPCProtector, C:\USERS\{username}\APPDATA\ROAMING\SHARK PC PROTECTOR, Quarantined, [1514], [709336],1.0.11862 File: 38 PUP.Optional.SharkPCProtector, C:\WINDOWS\SYSTEM32\TASKS\SHARK PC PROTECTOR, Quarantined, [1514], [709341],1.0.11862 PUP.Optional.SharkPCProtector, C:\USERS\PUBLIC\DESKTOP\SHARK PC PROTECTOR.LNK, Quarantined, [1514], [709337],1.0.11862 PUP.Optional.SharkPCProtector, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SHARK PC PROTECTOR\UNINSTALL SHARK PC PROTECTOR.LNK, Quarantined, [1514], [709340],1.0.11862 PUP.Optional.SharkPCProtector, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark PC Protector\Shark PC Protector.lnk, Quarantined, [1514], [709340],1.0.11862 PUP.Optional.SharkPCProtector, C:\PROGRAM FILES (X86)\SHARK PC PROTECTOR\UNINS000.MSG, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\de\sharkpcprotector.resources.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\en\sharkpcprotector.resources.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\ja-jp\sharkpcprotector.resources.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\en\Uninstaller.resources.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\ja-jp\Uninstaller.resources.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\x64\SQLite.Interop.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\x86\SQLite.Interop.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\System.Data.SQLite.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\System.Data.SQLite.xml, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\uni\Uninstaller.exe, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\x64\SQLite.Interop.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\x86\SQLite.Interop.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\Interop.NATUPNPLib.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\Interop.NETCONLib.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\Interop.NetFwTypeLib.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\Interop.Shell32.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\Interop.WUApiLib.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\ksb.bat, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\logo.ico, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\Microsoft.Win32.TaskScheduler.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\sharkpcprotector.exe, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\SharpCompress.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\System.Data.SQLite.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\System.Data.SQLite.xml, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\Sys_Trace.xml, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\unins000.dat, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\unins000.exe, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\WpfAnimatedGif.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Program Files (x86)\Shark PC Protector\WPFToolkit.dll, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Shark PC Protector.lnk, Quarantined, [1514], [709339],1.0.11862 PUP.Optional.SharkPCProtector, C:\Users\{username}\AppData\Roaming\Shark PC Protector\PC Repair Online\setting\pbp_sett.ash, Quarantined, [1514], [709336],1.0.11862 PUP.Optional.PCBooster, C:\USERS\{username}\APPDATA\LOCAL\TEMP\IS-492UD.TMP\SHARKPCPROTECTOR.TMP, Quarantined, [566], [711523],1.0.11862 PUP.Optional.PCBooster, C:\USERS\{username}\DESKTOP\SHARKPCPROTECTOR.EXE, Quarantined, [566], [711523],1.0.11862 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  5. What is PC Speeder Pro?The Malwarebytes research team has determined that PC Speeder Pro is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with PC Speeder Pro?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and this type of screens during "operations":You may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did PC Speeder Pro get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove PC Speeder Pro?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of PC Speeder Pro? No, Malwarebytes removes PC Speeder Pro completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the PC Speeder Pro installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsYou may see these entries in FRST logs: (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Program Files (x86)\PC Speeder Pro\pcspeederpro.exe Task: {2E1B7583-29FF-47EA-9B8F-82D5AFE98E8F} - System32\Tasks\PC Speeder Pro => C:\Program Files (x86)\PC Speeder Pro\pcspeederpro.exe [2760496 2019-07-03] (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Windows\System32\Tasks\PC Speeder Pro C:\Users\Public\Desktop\PC Speeder Pro.lnk C:\Users\{username}\AppData\Roaming\PC Speeder Pro C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speeder Pro C:\Program Files (x86)\PC Speeder Pro PC Speeder Pro (HKLM-x32\...\{C111065E-6304-4ECE-8716-E8FBF449871E}}_is1) (Version: 1.0 - Econosoft Global Services Pte. Ltd.) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\PC Speeder Pro Adds the file Interop.NATUPNPLib.dll"="4/19/2018 12:25 PM, 7168 bytes, A Adds the file Interop.NETCONLib.dll"="4/19/2018 12:25 PM, 9728 bytes, A Adds the file Interop.NetFwTypeLib.dll"="4/19/2018 12:25 PM, 19456 bytes, A Adds the file Interop.Shell32.dll"="4/19/2018 12:25 PM, 36864 bytes, A Adds the file Interop.WUApiLib.dll"="4/19/2018 12:25 PM, 73728 bytes, A Adds the file logo.ico"="7/1/2019 4:15 PM, 21662 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="4/19/2018 12:31 PM, 171008 bytes, A Adds the file pcspeederpro.exe"="7/3/2019 1:16 PM, 2760496 bytes, A Adds the file SharpCompress.dll"="4/19/2018 12:35 PM, 418304 bytes, A Adds the file Sys_Trace.xml"="4/19/2018 12:45 PM, 46 bytes, A Adds the file System.Data.SQLite.dll"="4/19/2018 12:45 PM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="4/19/2018 12:45 PM, 1051056 bytes, A Adds the file unins000.dat"="7/29/2019 8:49 AM, 63700 bytes, A Adds the file unins000.exe"="7/29/2019 8:47 AM, 732976 bytes, A Adds the file unins000.msg"="7/29/2019 8:49 AM, 11557 bytes, A Adds the file WpfAnimatedGif.dll"="4/19/2018 12:20 PM, 28160 bytes, A Adds the file WPFToolkit.dll"="4/19/2018 12:20 PM, 467288 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\Backup Adds the folder C:\Program Files (x86)\PC Speeder Pro\de Adds the file pcspeederpro.resources.dll"="7/3/2019 1:16 PM, 29184 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\en Adds the file pcspeederpro.resources.dll"="7/3/2019 1:16 PM, 27136 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\ja-jp Adds the file pcspeederpro.resources.dll"="7/3/2019 1:16 PM, 33280 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\uni Adds the file System.Data.SQLite.dll"="4/19/2018 12:45 PM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="4/19/2018 12:45 PM, 1051056 bytes, A Adds the file Uninstaller.exe"="7/2/2019 3:30 PM, 461104 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\uni\de Adds the file Uninstaller.resources.dll"="7/2/2019 3:30 PM, 27648 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\uni\en Adds the file Uninstaller.resources.dll"="7/2/2019 3:30 PM, 25600 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\uni\ja-jp Adds the file Uninstaller.resources.dll"="7/2/2019 3:30 PM, 33280 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\uni\x64 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1534464 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\uni\x86 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1149440 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\x64 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1534464 bytes, A Adds the folder C:\Program Files (x86)\PC Speeder Pro\x86 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1149440 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speeder Pro Adds the file PC Speeder Pro.lnk"="7/29/2019 8:49 AM, 1175 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\PC Speeder Pro\PC Repair Online\Backup Adds the folder C:\Users\{username}\AppData\Roaming\PC Speeder Pro\PC Repair Online\setting Adds the file psp_sett.ash"="7/29/2019 8:51 AM, 114688 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file PC Speeder Pro.lnk"="7/29/2019 8:49 AM, 1157 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file PC Speeder Pro"="7/29/2019 8:49 AM, 3240 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\FT\PSP\Activation] "Insdate"="REG_SZ", "Vmgh0PR1mg20SmdYPyx/VC+phVAxhb2QOk+f7XxIMdk=" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "lap"="REG_SZ", "R4KkhFSHCGPJ+uLr1axaBaVpIFfH/wkC9+vP6r7DhMo=" "lbp"="REG_SZ", "R4KkhFSHCGPJ+uLr1axaBaVpIFfH/wkC9+vP6r7DhMo=" "lr"="REG_SZ", "jSXc9IKVZAGleWWb1nxC/totNceqhUGj1uuN2Szyxd8=" "lsp"="REG_SZ", "R4KkhFSHCGPJ+uLr1axaBaVpIFfH/wkC9+vP6r7DhMo=" "lstup"="REG_SZ", "33628" "PN"="REG_SZ", "+1(888)200-8889" "Program"="REG_SZ", "PC Speeder Pro" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FT\PSP\Activation] "IsTrack"="REG_SZ", "1" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "Program"="REG_SZ", "PC Speeder Pro" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C111065E-6304-4ECE-8716-E8FBF449871E}}_is1] "Comments"="REG_SZ", "PC Speeder Pro" "Contact"="REG_SZ", "0800-183-3940" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\PC Speeder Pro\logo.ico" "DisplayName"="REG_SZ", "PC Speeder Pro" "DisplayVersion"="REG_SZ", "1.0" "EstimatedSize"="REG_DWORD", 13242 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\PC Speeder Pro" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "PC Speeder Pro" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20190729" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\PC Speeder Pro\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Econosoft Global Services Pte. Ltd." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\PC Speeder Pro\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\PC Speeder Pro\unins000.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/29/19 Scan Time: 10:34 AM Log File: befe0e3e-b1db-11e9-b4d1-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11762 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236477 Threats Detected: 66 Threats Quarantined: 66 Time Elapsed: 7 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\pcspeederpro.exe, Quarantined, [1378], [711525],1.0.11762 Module: 2 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\x64\SQLite.Interop.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\pcspeederpro.exe, Quarantined, [1378], [711525],1.0.11762 Registry Key: 8 PUP.Optional.PCSpeederPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Speeder Pro, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2E1B7583-29FF-47EA-9B8F-82D5AFE98E8F}, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2E1B7583-29FF-47EA-9B8F-82D5AFE98E8F}, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C111065E-6304-4ECE-8716-E8FBF449871E}}_is1, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\WOW6432NODE\FT\PSP, Quarantined, [1368], [711536],1.0.11762 PUP.Optional.PCSpeederPro, HKLM\SOFTWARE\MICROSOFT\TRACING\pcspeederpro_RASAPI32, Quarantined, [1378], [711529],1.0.11762 PUP.Optional.PCSpeederPro, HKLM\SOFTWARE\MICROSOFT\TRACING\pcspeederpro_RASMANCS, Quarantined, [1378], [711529],1.0.11762 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\FT\PSP, Quarantined, [1368], [711536],1.0.11762 Registry Value: 1 PUP.Optional.PCSpeederPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2E1B7583-29FF-47EA-9B8F-82D5AFE98E8F}|PATH, Quarantined, [1378], [711535],1.0.11762 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\ja-jp, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\x64, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\x86, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\Backup, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\de, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\en, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\ja-jp, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\x64, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\x86, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\de, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\en, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\PROGRAM FILES (X86)\PC SPEEDER PRO, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC SPEEDER PRO, Quarantined, [1378], [711526],1.0.11762 PUP.Optional.PCSpeederPro, C:\Users\{username}\AppData\Roaming\PC Speeder Pro\PC Repair Online\setting, Quarantined, [1378], [711528],1.0.11762 PUP.Optional.PCSpeederPro, C:\Users\{username}\AppData\Roaming\PC Speeder Pro\PC Repair Online\Backup, Quarantined, [1378], [711528],1.0.11762 PUP.Optional.PCSpeederPro, C:\Users\{username}\AppData\Roaming\PC Speeder Pro\PC Repair Online, Quarantined, [1378], [711528],1.0.11762 PUP.Optional.PCSpeederPro, C:\USERS\{username}\APPDATA\ROAMING\PC SPEEDER PRO, Quarantined, [1378], [711528],1.0.11762 File: 36 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\de\pcspeederpro.resources.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\en\pcspeederpro.resources.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\ja-jp\pcspeederpro.resources.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\de\Uninstaller.resources.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\en\Uninstaller.resources.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\ja-jp\Uninstaller.resources.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\x64\SQLite.Interop.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\x86\SQLite.Interop.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\System.Data.SQLite.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\System.Data.SQLite.xml, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\uni\Uninstaller.exe, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\x64\SQLite.Interop.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\x86\SQLite.Interop.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\pcspeederpro.exe, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\Interop.NATUPNPLib.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\Interop.NETCONLib.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\Interop.NetFwTypeLib.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\Interop.Shell32.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\Interop.WUApiLib.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\logo.ico, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\Microsoft.Win32.TaskScheduler.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\SharpCompress.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\System.Data.SQLite.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\System.Data.SQLite.xml, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\Sys_Trace.xml, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\unins000.dat, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\unins000.exe, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\unins000.msg, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\WpfAnimatedGif.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\Program Files (x86)\PC Speeder Pro\WPFToolkit.dll, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\WINDOWS\SYSTEM32\TASKS\PC Speeder Pro, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\PC Speeder Pro.lnk, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\USERS\PUBLIC\Desktop\PC Speeder Pro.lnk, Quarantined, [1378], [711525],1.0.11762 PUP.Optional.PCSpeederPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speeder Pro\PC Speeder Pro.lnk, Quarantined, [1378], [711526],1.0.11762 PUP.Optional.PCSpeederPro, C:\Users\{username}\AppData\Roaming\PC Speeder Pro\PC Repair Online\setting\psp_sett.ash, Quarantined, [1378], [711528],1.0.11762 PUP.Optional.PCBooster, C:\USERS\{username}\DESKTOP\PSPSETUP.EXE, Quarantined, [566], [711523],1.0.11762 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. What is PC Booster Pro?The Malwarebytes research team has determined that PC Booster Pro is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with PC Booster Pro?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and these screens during "operations":You may see this entry in your list of installed programs:and these tasks in your list of Scheduled Tasks:How did PC Booster Pro get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove PC Booster Pro?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of PC Booster Pro? No, Malwarebytes removes PC Booster Pro completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the PC Booster Pro installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsYou may see these entries in FRST logs: (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Program Files (x86)\PC Booster Pro\pcboosterpro.exe (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Program Files (x86)\PC Booster Pro\pcboosterpro_protection.exe Task: {0DAC30DF-DCFD-4CDD-8079-F9DE4BA96845} - System32\Tasks\PC Booster Pro => C:\Program Files (x86)\PC Booster Pro\pcboosterpro.exe [7099184 2019-07-19] (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) <==== ATTENTION Task: {6E4C3F84-D8BD-4F65-A7D0-C7447CCCD508} - System32\Tasks\PC Booster Pro Protection Startup => C:\Program Files (x86)\PC Booster Pro\pcboosterpro_protection.exe [400688 2019-07-17] (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) <==== ATTENTION C:\Windows\System32\Tasks\PC Booster Pro Protection Startup C:\Windows\System32\Tasks\PC Booster Pro C:\Users\{username}\AppData\Roaming\PC Booster Pro C:\Users\Public\Desktop\PC Booster Pro.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Booster Pro C:\Program Files (x86)\PC Booster Pro PC Booster Pro (HKLM-x32\...\{59067503-5AF7-46A3-A052-3CB044D4D66E}}_is1) (Version: 1.0 - Econosoft Global Services Pte. Ltd.) <==== ATTENTION Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\PC Booster Pro Adds the file Core.dll"="4/19/2018 12:31 PM, 237568 bytes, A Adds the file DiscUtils.Common.dll"="4/19/2018 12:31 PM, 23040 bytes, A Adds the file DiscUtils.dll"="4/19/2018 12:31 PM, 915456 bytes, A Adds the file DiscUtils.MSBuild.dll"="4/19/2018 12:31 PM, 8192 bytes, A Adds the file DynamicDataDisplay.dll"="4/19/2018 12:31 PM, 316416 bytes, A Adds the file errordetailsOpt.xml"="7/22/2019 8:57 AM, 942818 bytes, A Adds the file errorlog.txt"="7/12/2019 1:16 PM, 189 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="4/19/2018 12:31 PM, 49152 bytes, A Adds the file Interop.NATUPNPLib.dll"="4/19/2018 12:31 PM, 7680 bytes, A Adds the file Interop.NETCONLib.dll"="4/19/2018 12:31 PM, 10240 bytes, A Adds the file Interop.NetFwTypeLib.dll"="4/19/2018 12:31 PM, 19456 bytes, A Adds the file logo.ico"="7/3/2019 4:43 PM, 21662 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="4/19/2018 12:31 PM, 171008 bytes, A Adds the file OptErr.xml"="4/19/2018 12:31 PM, 10 bytes, A Adds the file pcboosterpro.exe"="7/19/2019 8:55 PM, 7099184 bytes, A Adds the file pcboosterpro_protection.exe"="7/17/2019 9:01 PM, 400688 bytes, A Adds the file System.Data.SQLite.dll"="4/19/2018 12:31 PM, 280576 bytes, A Adds the file System.Windows.Controls.Layout.Toolkit.dll"="4/19/2018 12:31 PM, 95064 bytes, A Adds the file unins000.dat"="7/22/2019 8:51 AM, 41438 bytes, A Adds the file unins000.exe"="7/22/2019 8:51 AM, 732976 bytes, A Adds the file unins000.msg"="7/22/2019 8:51 AM, 11509 bytes, A Adds the file WpfAnimatedGif.dll"="4/19/2018 12:31 PM, 28160 bytes, A Adds the file WPFToolkit.dll"="4/19/2018 12:31 PM, 467288 bytes, A Adds the folder C:\Program Files (x86)\PC Booster Pro\Backup Adds the folder C:\Program Files (x86)\PC Booster Pro\de Adds the file pcboosterpro.resources.dll"="7/19/2019 8:55 PM, 74752 bytes, A Adds the folder C:\Program Files (x86)\PC Booster Pro\en Adds the file pcboosterpro.resources.dll"="7/19/2019 8:55 PM, 68096 bytes, A Adds the folder C:\Program Files (x86)\PC Booster Pro\ja-jp Adds the file pcboosterpro.resources.dll"="7/19/2019 8:55 PM, 84480 bytes, A Adds the folder C:\Program Files (x86)\PC Booster Pro\slider Adds the file Slider-1.jpg"="4/19/2018 12:31 PM, 77585 bytes, A Adds the file Slider-2.jpg"="4/19/2018 12:31 PM, 79413 bytes, A Adds the folder C:\Program Files (x86)\PC Booster Pro\uni Adds the file System.Data.SQLite.dll"="3/2/2018 6:51 AM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="3/2/2018 6:51 AM, 1051056 bytes, A Adds the file Uninstaller.exe"="7/19/2019 7:35 PM, 438576 bytes, A Adds the folder C:\Program Files (x86)\PC Booster Pro\x64 Adds the file SQLite.Interop.dll"="4/19/2018 12:31 PM, 1205248 bytes, A Adds the folder C:\Program Files (x86)\PC Booster Pro\x86 Adds the file SQLite.Interop.dll"="4/19/2018 12:31 PM, 903168 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Booster Pro Adds the file PC Booster Pro.lnk"="7/22/2019 8:51 AM, 1175 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\PC Booster Pro\PC Repair Online\setting Adds the file pbp_sett.ash"="7/22/2019 8:57 AM, 475136 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file PC Booster Pro.lnk"="7/22/2019 8:51 AM, 1157 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file PC Booster Pro"="7/22/2019 8:52 AM, 3240 bytes, A Adds the file PC Booster Pro Protection Startup"="7/22/2019 8:52 AM, 3262 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\FT\PBP\Activation] "Insdate"="REG_SZ", "AhGEQd6dAycGlZ2CEFN4ya5sWW9n8yh9i+XNgkkCElw=" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "lap"="REG_SZ", "KghKgyRSdUVtN2GtX/nj0OQdq/biWtxM9Q6/UFmRwGg=" "lbp"="REG_SZ", "KghKgyRSdUVtN2GtX/nj0OQdq/biWtxM9Q6/UFmRwGg=" "lr"="REG_SZ", "KghKgyRSdUVtN2GtX/nj0OQdq/biWtxM9Q6/UFmRwGg=" "lsp"="REG_SZ", "KghKgyRSdUVtN2GtX/nj0OQdq/biWtxM9Q6/UFmRwGg=" "PN"="REG_SZ", "+1(888)200-8889" "Program"="REG_SZ", "PC Booster Pro" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FT\PBP\Activation] "IsTrack"="REG_SZ", "1" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "Program"="REG_SZ", "PC Booster Pro" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{59067503-5AF7-46A3-A052-3CB044D4D66E}}_is1] "Comments"="REG_SZ", "PC Booster Pro" "Contact"="REG_SZ", "0800-183-3940" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\PC Booster Pro\logo.ico" "DisplayName"="REG_SZ", "PC Booster Pro" "DisplayVersion"="REG_SZ", "1.0" "EstimatedSize"="REG_DWORD", 17655 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\PC Booster Pro" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "PC Booster Pro" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20190722" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\PC Booster Pro\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Econosoft Global Services Pte. Ltd." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\PC Booster Pro\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\PC Booster Pro\unins000.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/22/19 Scan Time: 9:05 AM Log File: 0770bdd4-ac4f-11e9-852c-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11664 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236334 Threats Detected: 81 Threats Quarantined: 81 Time Elapsed: 7 min, 26 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\pcboosterpro.exe, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\pcboosterpro_protection.exe, Quarantined, [1369], [709551],1.0.11664 Module: 4 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\x64\SQLite.Interop.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\x64\SQLite.Interop.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\pcboosterpro.exe, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\pcboosterpro_protection.exe, Quarantined, [1369], [709551],1.0.11664 Registry Key: 11 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\FT\PBP, Quarantined, [1369], [709557],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\MICROSOFT\TRACING\pcboosterpro_RASAPI32, Quarantined, [1369], [709556],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\MICROSOFT\TRACING\pcboosterpro_RASMANCS, Quarantined, [1369], [709556],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Booster Pro, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0DAC30DF-DCFD-4CDD-8079-F9DE4BA96845}, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0DAC30DF-DCFD-4CDD-8079-F9DE4BA96845}, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Booster Pro Protection Startup, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6E4C3F84-D8BD-4F65-A7D0-C7447CCCD508}, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{6E4C3F84-D8BD-4F65-A7D0-C7447CCCD508}, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{59067503-5AF7-46A3-A052-3CB044D4D66E}}_is1, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\WOW6432NODE\FT\PBP, Quarantined, [1369], [709557],1.0.11664 Registry Value: 1 PUP.Optional.PCBoosterPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{59067503-5AF7-46A3-A052-3CB044D4D66E}}_IS1|DISPLAYNAME, Quarantined, [1369], [709558],1.0.11664 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\ja-jp, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\x64, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\x86, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\Backup, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\slider, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\de, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\en, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\ja-jp, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\x64, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\x86, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\de, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\en, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\PROGRAM FILES (X86)\PC BOOSTER PRO, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC BOOSTER PRO, Quarantined, [1369], [709552],1.0.11664 PUP.Optional.PCBoosterPro, C:\Users\{username}\AppData\Roaming\PC Booster Pro\PC Repair Online\setting, Quarantined, [1369], [709554],1.0.11664 PUP.Optional.PCBoosterPro, C:\Users\{username}\AppData\Roaming\PC Booster Pro\PC Repair Online, Quarantined, [1369], [709554],1.0.11664 PUP.Optional.PCBoosterPro, C:\USERS\{username}\APPDATA\ROAMING\PC BOOSTER PRO, Quarantined, [1369], [709554],1.0.11664 File: 45 PUP.Optional.PCBoosterPro, C:\USERS\PUBLIC\DESKTOP\PC BOOSTER PRO.LNK, Quarantined, [1369], [709553],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\de\pcboosterpro.resources.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\en\pcboosterpro.resources.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\ja-jp\pcboosterpro.resources.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\slider\Slider-1.jpg, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\slider\Slider-2.jpg, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\de\Uninstaller.resources.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\en\Uninstaller.resources.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\ja-jp\Uninstaller.resources.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\x64\SQLite.Interop.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\x86\SQLite.Interop.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\System.Data.SQLite.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\System.Data.SQLite.xml, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\uni\Uninstaller.exe, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\x64\SQLite.Interop.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\x86\SQLite.Interop.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\Interop.NetFwTypeLib.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\Core.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\DiscUtils.Common.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\DiscUtils.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\DiscUtils.MSBuild.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\DynamicDataDisplay.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\errordetailsOpt.xml, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\errorlog.txt, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\Interop.IWshRuntimeLibrary.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\Interop.NATUPNPLib.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\Interop.NETCONLib.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\logo.ico, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\Microsoft.Win32.TaskScheduler.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\OptErr.xml, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\pcboosterpro.exe, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\pcboosterpro_protection.exe, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\System.Data.SQLite.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\System.Windows.Controls.Layout.Toolkit.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\unins000.dat, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\unins000.exe, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\unins000.msg, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\WpfAnimatedGif.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\Program Files (x86)\PC Booster Pro\WPFToolkit.dll, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\WINDOWS\SYSTEM32\TASKS\PC Booster Pro, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\PC Booster Pro.lnk, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\WINDOWS\SYSTEM32\TASKS\PC Booster Pro Protection Startup, Quarantined, [1369], [709551],1.0.11664 PUP.Optional.PCBoosterPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Booster Pro\PC Booster Pro.lnk, Quarantined, [1369], [709552],1.0.11664 PUP.Optional.PCBoosterPro, C:\Users\{username}\AppData\Roaming\PC Booster Pro\PC Repair Online\setting\pbp_sett.ash, Quarantined, [1369], [709554],1.0.11664 PUP.Optional.PCBoosterPro, C:\USERS\{username}\DESKTOP\PCBOOSTERPRO.EXE, Quarantined, [1369], [709559],1.0.11664 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.