Jump to content

Recommended Posts

What is Fast Computer?

The Malwarebytes research team has determined that Fast Computer is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.

How do I know if I am infected with Fast Computer?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see these warnings during install:

warning1.png

warning2.png

and these types of screens during "operations":

warning5.png

warning6.png

You may see this entry in your list of installed programs:

warning4.png

How did Fast Computer get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:

website.png

How do I remove Fast Computer?

Our program Malwarebytes can detect and remove this potentially unwanted application.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of Fast Computer?

  • No, Malwarebytes removes Fast Computer completely.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the Fast Computer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
 

protection1.png


and both Malwarebytes Premium and Browser Guard block access to their domain:
 

protection2.png


Technical details for experts

You may see these entries in FRST logs:
 

(AMS Software LLC -> AMS Software) C:\Program Files (x86)\Fast Computer\OptimAdmin.exe
C:\Users\{username}\AppData\Roaming\AMS Software
C:\Users\Public\Desktop\Ускоритель Компьютера.lnk
C:\ProgramData\Desktop\Ускоритель Компьютера.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ускоритель Компьютера
C:\Program Files (x86)\Fast Computer
(AMS Software ) C:\Users\{username}\Desktop\FastComputerOT.exe

Ускоритель Компьютера 4.0 (HKLM-x32\...\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1) (Version: 4.0 - AMS Software)
Shortcut: C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ускоритель Компьютера.lnk -> C:\Program Files (x86)\Fast Computer\OptimAdmin.exe (AMS Software) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Ускоритель Компьютера.lnk -> C:\Program Files (x86)\Fast Computer\OptimAdmin.exe (AMS Software) <==== Cyrillic

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\Fast Computer
       Adds the file ArnMngr.exe"="1/20/2020 2:50 PM, 5240064 bytes, A
       Adds the file InstUtils.exe"="1/20/2020 2:50 PM, 38144 bytes, A
       Adds the file libeay32.dll"="2/17/2016 8:57 AM, 1192320 bytes, A
       Adds the file License.txt"="8/13/2015 10:46 AM, 964 bytes, A
       Adds the file msvcr120.dll"="2/19/2016 6:43 PM, 970912 bytes, A
       Adds the file Optim.exe"="1/20/2020 2:50 PM, 30642944 bytes, A
       Adds the file OptimAdmin.exe"="1/20/2020 2:50 PM, 30643456 bytes, A
       Adds the file ssleay32.dll"="12/30/2019 12:07 PM, 291200 bytes, A
       Adds the file unins000.dat"="5/4/2020 8:54 AM, 35945 bytes, A
       Adds the file unins000.exe"="5/4/2020 8:53 AM, 1187535 bytes, A
       Adds the file UninstallUtils.dll"="4/3/2018 1:50 PM, 829440 bytes, A
       Adds the file Обзорный видеоурок.mp4"="4/13/2018 6:33 PM, 14363257 bytes, A
    Adds the folder C:\Program Files (x86)\Fast Computer\Data\Animation
       Adds the file SysInfo.gif"="9/28/2015 12:19 PM, 10881 bytes, A
    Adds the folder C:\Program Files (x86)\Fast Computer\Data\Fonts
       Adds the file OpenSans.ttf"="8/26/2015 12:42 PM, 217360 bytes, A
       Adds the file OpenSans-Light.ttf"="11/3/2012 6:48 AM, 222412 bytes, A
       Adds the file pfdindisplaypro-bold.ttf"="6/30/2015 11:52 AM, 409476 bytes, A
       Adds the file pfdindisplaypro-reg.ttf"="6/30/2015 11:52 AM, 430168 bytes, A
       Adds the file pfdindisplaypro-thin.ttf"="6/30/2015 12:10 PM, 505868 bytes, A
    Adds the folder C:\Program Files (x86)\Fast Computer\LibAV
       Adds the file avcodec-52.dll"="9/21/2012 1:45 PM, 9948672 bytes, A
       Adds the file avcore-0.dll"="9/21/2012 1:44 PM, 57856 bytes, A
       Adds the file avdevice-52.dll"="9/21/2012 1:44 PM, 16384 bytes, A
       Adds the file avfilter-1.dll"="9/21/2012 1:44 PM, 131072 bytes, A
       Adds the file avformat-52.dll"="9/21/2012 1:45 PM, 950784 bytes, A
       Adds the file avutil-50.dll"="9/21/2012 1:45 PM, 122880 bytes, A
       Adds the file SDL.dll"="9/21/2012 1:44 PM, 321536 bytes, A
       Adds the file swscale-0.dll"="9/21/2012 1:44 PM, 222720 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ускоритель Компьютера
       Adds the file Купить полную версию.url"="5/4/2020 8:54 AM, 59 bytes, A
       Adds the file Он-лайн учебник.url"="5/4/2020 8:54 AM, 62 bytes, A
       Adds the file Сайт программы.url"="5/4/2020 8:54 AM, 50 bytes, A
       Adds the file Удалить программу.lnk"="5/4/2020 8:54 AM, 1060 bytes, A
       Adds the file Ускоритель Компьютера.lnk"="5/4/2020 8:54 AM, 1070 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\AMS Software
    Adds the folder C:\Users\{username}\AppData\Roaming\AMS Software\AmsOptim
       Adds the file DelList.txt"="5/4/2020 8:55 AM, 0 bytes, A
       Adds the file ListOfDelayedStart.dat"="5/4/2020 8:55 AM, 216 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\AMS Software\AmsOptim\RegList
       Adds the file RegList.dat"="5/4/2020 8:55 AM, 2 bytes, A
    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
       Adds the file Ускоритель Компьютера.lnk"="5/4/2020 8:54 AM, 1070 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Other\Dayly
       Adds the file Emotion.sor"="5/4/2020 8:55 AM, 8 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file Ускоритель Компьютера.lnk"="5/4/2020 8:54 AM, 1052 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Fast Computer\Optim.exe"
       "DisplayName"="REG_SZ", "Ускоритель Компьютера 4.0"
       "DisplayVersion"="REG_SZ", "4.0"
       "EstimatedSize"="REG_DWORD", 101801
       "HelpLink"="REG_SZ", "http://fast-computer.su/support.php"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Fast Computer"
       "Inno Setup: Deselected Tasks"="REG_SZ", ""
       "Inno Setup: Icon Group"="REG_SZ", "Ускоритель Компьютера"
       "Inno Setup: Language"="REG_SZ", "russian"
       "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon,pintotaskbar"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.2 (u)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20200504"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Fast Computer\"
       "MajorVersion"="REG_DWORD", 4
       "MinorVersion"="REG_DWORD", 0
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "AMS Software"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Fast Computer\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Fast Computer\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://fast-computer.su/"
       "URLUpdateInfo"="REG_SZ", "http://fast-computer.su/download.php"
    [HKEY_CURRENT_USER\Software\AMS Software\AmsOptim]
       "AmsNewsRuns"="REG_DWORD", 2
       "CheckUpdates"="REG_BINARY, ....
       "PromoVal"="REG_SZ", "OT"
       "TreeViewClean_chrome_cookie"="REG_DWORD", 0
       "TreeViewClean_chrome_formss"="REG_DWORD", 0
       "TreeViewClean_chrome_passwords"="REG_DWORD", 0
       "TreeViewClean_chromium_cookie"="REG_DWORD", 0
       "TreeViewClean_chromium_formss"="REG_DWORD", 0
       "TreeViewClean_chromium_passwords"="REG_DWORD", 0
       "TreeViewClean_cleanall_download_folder"="REG_DWORD", 0
       "TreeViewClean_download_folder"="REG_DWORD", 0
       "TreeViewClean_edge_cookie"="REG_DWORD", 0
       "TreeViewClean_edge_forms"="REG_DWORD", 0
       "TreeViewClean_edge_passwords"="REG_DWORD", 0
       "TreeViewClean_firefox_cookie"="REG_DWORD", 0
       "TreeViewClean_firefox_forms"="REG_DWORD", 0
       "TreeViewClean_firefox_passwords"="REG_DWORD", 0
       "TreeViewClean_ie_cookie"="REG_DWORD", 0
       "TreeViewClean_ie_passwords"="REG_DWORD", 0
       "TreeViewClean_opera_cookie"="REG_DWORD", 0
       "TreeViewClean_opera_forms"="REG_DWORD", 0
       "TreeViewClean_opera_passwords"="REG_DWORD", 0
       "TreeViewClean_yandex_cookie"="REG_DWORD", 0
       "TreeViewClean_yandex_forms"="REG_DWORD", 0
       "TreeViewClean_yandex_passwords"="REG_DWORD", 0
       "TreeViewCleanPlanner_chrome_cookie"="REG_DWORD", 0
       "TreeViewCleanPlanner_chrome_formss"="REG_DWORD", 0
       "TreeViewCleanPlanner_chrome_passwords"="REG_DWORD", 0
       "TreeViewCleanPlanner_chromium_cookie"="REG_DWORD", 0
       "TreeViewCleanPlanner_chromium_formss"="REG_DWORD", 0
       "TreeViewCleanPlanner_chromium_passwords"="REG_DWORD", 0
       "TreeViewCleanPlanner_cleanall_download_folder"="REG_DWORD", 0
       "TreeViewCleanPlanner_download_folder"="REG_DWORD", 0
       "TreeViewCleanPlanner_edge_cookie"="REG_DWORD", 0
       "TreeViewCleanPlanner_edge_forms"="REG_DWORD", 0
       "TreeViewCleanPlanner_edge_passwords"="REG_DWORD", 0
       "TreeViewCleanPlanner_firefox_cookie"="REG_DWORD", 0
       "TreeViewCleanPlanner_firefox_forms"="REG_DWORD", 0
       "TreeViewCleanPlanner_firefox_passwords"="REG_DWORD", 0
       "TreeViewCleanPlanner_ie_cookie"="REG_DWORD", 0
       "TreeViewCleanPlanner_ie_passwords"="REG_DWORD", 0
       "TreeViewCleanPlanner_opera_cookie"="REG_DWORD", 0
       "TreeViewCleanPlanner_opera_forms"="REG_DWORD", 0
       "TreeViewCleanPlanner_opera_passwords"="REG_DWORD", 0
       "TreeViewCleanPlanner_yandex_cookie"="REG_DWORD", 0
       "TreeViewCleanPlanner_yandex_forms"="REG_DWORD", 0
       "TreeViewCleanPlanner_yandex_passwords"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\Fast\Test]
       "Sweestreet"="REG_BINARY, ....

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/4/20
Scan Time: 9:04 AM
Log File: 8a4412d4-8dd5-11ea-a233-00ffdcc6fdfc.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.889
Update Package Version: 1.0.23386
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 233312
Threats Detected: 27
Threats Quarantined: 26
Time Elapsed: 3 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER\OPTIMADMIN.EXE, Quarantined, 928, 816969, , , , 

Module: 4
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER\LIBAV\AVUTIL-50.DLL, Quarantined, 928, 817386, , , , 
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER\LIBAV\AVCODEC-52.DLL, Quarantined, 928, 817386, , , , 
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER\LIBAV\AVCORE-0.DLL, Quarantined, 928, 817386, , , , 
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER\OPTIMADMIN.EXE, Quarantined, 928, 816969, , , , 

Registry Key: 3
PUP.Optional.FastComputer, HKCU\SOFTWARE\AMS SOFTWARE\AmsOptim, Quarantined, 928, 816654, 1.0.23386, , ame, 
PUP.Optional.FastComputer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_IS1, Quarantined, 928, 816966, 1.0.23386, , ame, 
PUP.Optional.FastComputer, HKCU\SOFTWARE\FAST\TEST, Quarantined, 928, 816607, 1.0.23386, , ame, 

Registry Value: 2
PUP.Optional.FastComputer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_IS1|HELPLINK, Quarantined, 928, 816966, 1.0.23386, , ame, 
PUP.Optional.FastComputer, HKCU\SOFTWARE\FAST\TEST|SWEESTREET, Quarantined, 928, 816607, 1.0.23386, , ame, 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.FastComputer, C:\Users\{username}\AppData\Roaming\AMS Software\AmsOptim\RegList, Quarantined, 928, 816957, , , , 
PUP.Optional.FastComputer, C:\USERS\{username}\APPDATA\ROAMING\AMS SOFTWARE\AMSOPTIM, Quarantined, 928, 816957, 1.0.23386, , ame, 
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER, Removal Failed, 928, 817386, 1.0.23386, , ame, 
PUP.Optional.FastComputer, C:\USERS\{username}\APPDATA\ROAMING\OTHER\DAYLY, Quarantined, 928, 816958, 1.0.23386, , ame, 

File: 13
PUP.Optional.FastComputer, C:\Users\{username}\AppData\Roaming\AMS Software\AmsOptim\RegList\RegList.dat, Quarantined, 928, 816957, , , , 
PUP.Optional.FastComputer, C:\Users\{username}\AppData\Roaming\AMS Software\AmsOptim\DelList.txt, Quarantined, 928, 816957, , , , 
PUP.Optional.FastComputer, C:\Users\{username}\AppData\Roaming\AMS Software\AmsOptim\ListOfDelayedStart.dat, Quarantined, 928, 816957, , , , 
PUP.Optional.FastComputer, C:\USERS\{username}\APPDATA\ROAMING\OTHER\DAYLY\EMOTION.SOR, Quarantined, 928, 816958, 1.0.23386, , ame, 
PUP.Optional.FastComputer, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\FAST COMPUTER SETUP 4.0 - CHANGES.TXT.LNK, Quarantined, 928, 816956, 1.0.23386, , ame, 
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER\LIBAV\AVUTIL-50.DLL, Quarantined, 928, 817386, 1.0.23386, , ame, 
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER\LIBAV\AVCODEC-52.DLL, Quarantined, 928, 817386, 1.0.23386, , ame, 
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER\LIBAV\AVCORE-0.DLL, Quarantined, 928, 817386, 1.0.23386, , ame, 
PUP.Optional.FastComputer, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Ускоритель Компьютера.lnk, Quarantined, 928, 816969, , , , 
PUP.Optional.FastComputer, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Ускоритель Компьютера.lnk, Quarantined, 928, 816969, , , , 
PUP.Optional.FastComputer, C:\USERS\PUBLIC\Desktop\Ускоритель Компьютера.lnk, Quarantined, 928, 816969, , , , 
PUP.Optional.FastComputer, C:\PROGRAM FILES (X86)\FAST COMPUTER\OPTIMADMIN.EXE, Quarantined, 928, 816969, 1.0.23386, , ame, 
PUP.Optional.FastComputer, C:\USERS\{username}\DESKTOP\FASTCOMPUTEROT.EXE, Quarantined, 928, 816930, 1.0.23386, , ame, 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.