Jump to content

Recommended Posts

What is PC Gold Optimizer?

The Malwarebytes research team has determined that PC Gold Optimizer is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.

How do I know if I am infected with PC Gold Optimizer?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this type of warnings during install:

warning1.png

and this type of screens during "operations":

warning5.png

warning6.png

warning7.png

You may see this entry in your list of installed programs:

warning4.png

How did PC Gold Optimizer get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:

website.png

How do I remove PC Gold Optimizer?

Our program Malwarebytes can detect and remove this potentially unwanted application.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of PC Gold Optimizer?

  • No, Malwarebytes removes PC Gold Optimizer completely.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the PC Gold Optimizer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
 

protection1.png

 

protection2.png


Technical details for experts

You may see these entries in FRST logs:
 

(Alliance Antivirus Private Limited -> ) C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe
HKCU\...\Run: [Winzard System Repair] => C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe [1061544 2020-09-29] (Alliance Antivirus Private Limited -> )
C:\Users\{username}\Desktop\PC Gold Optimizer and system repair.lnk
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair
C:\Program Files (x86)\PC Gold Optimizer and system repair
C:\Windows\systemrell.mkv

PC Gold Optimizer and system repair 1.1.0 (HKLM-x32\...\PC Gold Optimizer and system repair) (Version: 1.1.0 - The Alliance Tech)

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\PC Gold Optimizer and system repair
       Adds the file MaterialDesignColors.dll"="5/25/2020 4:53 AM, 299520 bytes, A
       Adds the file MaterialDesignThemes.Wpf.dll"="5/25/2020 4:53 AM, 7420928 bytes, A
       Adds the file PC Gold Optimizer and system repair.exe"="9/29/2020 8:11 PM, 1061544 bytes, A
       Adds the file PC Gold Optimizer and system repair.url"="10/13/2020 9:04 AM, 52 bytes, A
       Adds the file ServiceStack.Client.dll"="12/10/2017 10:54 PM, 198144 bytes, A
       Adds the file ServiceStack.Interfaces.dll"="12/10/2017 10:54 PM, 138240 bytes, A
       Adds the file ServiceStack.Text.dll"="12/10/2017 9:53 AM, 408576 bytes, A
       Adds the file shield.ico"="9/6/2020 6:45 PM, 120446 bytes, A
       Adds the file Stripe.dll"="12/9/2017 10:12 PM, 74240 bytes, A
       Adds the file sysfunction.bin"="9/29/2020 7:00 PM, 1 bytes, A
       Adds the file sysset.bin"="10/13/2020 9:04 AM, 1 bytes, A
       Adds the file System.Buffers.dll"="2/19/2020 5:05 AM, 20856 bytes, A
       Adds the file System.Numerics.Vectors.dll"="5/15/2018 9:29 AM, 115856 bytes, A
       Adds the file uninst.exe"="10/13/2020 9:04 AM, 156495 bytes, A
       Adds the file WpfAnimatedGif.dll"="3/28/2020 1:57 PM, 42496 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair
       Adds the file PC Gold Optimizer and system repair.lnk"="10/13/2020 9:04 AM, 1367 bytes, A
       Adds the file Uninstall.lnk"="10/13/2020 9:04 AM, 1004 bytes, A
       Adds the file Website.lnk"="10/13/2020 9:04 AM, 1367 bytes, A
    In the existing folder C:\Users\{username}\Desktop
       Adds the file PC Gold Optimizer and system repair.lnk"="10/13/2020 9:04 AM, 1331 bytes, A
    In the existing folder C:\Windows
       Adds the file systemrell.mkv"="9/28/2020 5:20 PM, 6441793 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PC Gold Optimizer and system repair.exe]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Gold Optimizer and system repair]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe"
       "DisplayName"="REG_SZ", "PC Gold Optimizer and system repair 1.1.0"
       "DisplayVersion"="REG_SZ", "1.1.0"
       "Publisher"="REG_SZ", "The Alliance Tech"
       "UninstallString"="REG_SZ", "C:\Program Files (x86)\PC Gold Optimizer and system repair\uninst.exe"
       "URLInfoAbout"="REG_SZ", "https://www.thepcgold.com/"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "Winzard System Repair"="REG_SZ", "C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/13/20
Scan Time: 9:14 AM
Log File: b4aaeb2e-0d23-11eb-aded-080027235d76.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1061
Update Package Version: 1.0.31268
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 231774
Threats Detected: 15
Threats Quarantined: 14
Time Elapsed: 5 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.PCGold, C:\PROGRAM FILES (X86)\PC GOLD OPTIMIZER AND SYSTEM REPAIR\PC GOLD OPTIMIZER AND SYSTEM REPAIR.EXE, Quarantined, 3564, 863406, , , , , 40D98372009CA5B24BBD05EC06A65594, D061CFA1A3F86A8CBABACABBA0F419E99A868BE96B2427A851F6D26558ADC451

Module: 1
PUP.Optional.PCGold, C:\PROGRAM FILES (X86)\PC GOLD OPTIMIZER AND SYSTEM REPAIR\PC GOLD OPTIMIZER AND SYSTEM REPAIR.EXE, Quarantined, 3564, 863406, , , , , 40D98372009CA5B24BBD05EC06A65594, D061CFA1A3F86A8CBABACABBA0F419E99A868BE96B2427A851F6D26558ADC451

Registry Key: 1
PUP.Optional.PCGold, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Gold Optimizer and system repair, Quarantined, 3564, 865033, 1.0.31268, , ame, , , 

Registry Value: 1
PUP.Optional.PCGold, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Winzard System Repair, Quarantined, 3564, 863406, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.PCGold, C:\PROGRAM FILES (X86)\PC Gold Optimizer and system repair, Removal Failed, 3564, 865031, 1.0.31268, , ame, , , 
PUP.Optional.PCGold, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC Gold Optimizer and system repair, Quarantined, 3564, 865032, 1.0.31268, , ame, , , 

File: 6
PUP.Optional.PCGold, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.lnk, Quarantined, 3564, 865032, , , , , 38B0C72B451B63F9BA7E37FF585C6E71, 4D1DCD8DA7462021C611C1266EBDC120DA899B7D6D5458AD75EE9D93B16A1DD3
PUP.Optional.PCGold, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair\Uninstall.lnk, Quarantined, 3564, 865032, , , , , 94E0FEC92F96562EFAF3017F0C91EFAD, B2E47F5E8DD11F054284FBF027BF8D917927D83674CF283B7BE1BD481F546287
PUP.Optional.PCGold, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair\Website.lnk, Quarantined, 3564, 865032, , , , , 66208D826A5A1D7C8490C262DFA51D27, 5CA10652FD1E20867BFC5F26DE995392D0E66156824BC7426B9C68E10E0C20CB
PUP.Optional.PCGold, C:\USERS\{username}\Desktop\PC Gold Optimizer and system repair.lnk, Quarantined, 3564, 863406, , , , , BF089D8F4B47E4B831B910F2E7B5FC19, FA50455D7884C15B20FE743D1A790C51FD06F7DEB0EEC8A00F15CC1EBE7111A8
PUP.Optional.PCGold, C:\PROGRAM FILES (X86)\PC GOLD OPTIMIZER AND SYSTEM REPAIR\PC GOLD OPTIMIZER AND SYSTEM REPAIR.EXE, Quarantined, 3564, 863406, 1.0.31268, , ame, , 40D98372009CA5B24BBD05EC06A65594, D061CFA1A3F86A8CBABACABBA0F419E99A868BE96B2427A851F6D26558ADC451
PUP.Optional.PCGold, C:\USERS\{username}\DOWNLOADS\SETUP.EXE, Quarantined, 3564, 863406, 1.0.31268, , ame, , 524AC21DFEE8FE081C15872F1973E475, 3615FC855A22AE05E4BB2F77635B664D81AEC12E612B2AB850E413EC43169CB8

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.