Jump to content

Recommended Posts

  • Staff

What is WinZip Disk Tools?

WinZip Disk Tools is a disk optimizer that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.

How do I know if I am affected by WinZip Disk Tools?

This is how the main screen of the disk optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this type of windows during install:

warning1.png

warning2.png

and this type of screens during operations:

warning5.png

You may see this entry in your list of installed programs:

warning4.png

and this task in your list of Scheduled Tasks:

warning3.png

How did WinZip Disk Tools get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website.

website.png

How do I remove WinZip Disk Tools?

Our program Malwarebytes can detect and remove this PUP. It is however recommended to use the built-in uninstaller first.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

removal.png

 

Is there anything else I need to do to get rid of WinZip Disk Tools?

  • No, Malwarebytes removes WinZip Disk Tools completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

What if I want to keep WinZip Disk Tools?

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary files or folder(s) that belong to the software.

If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.

We hope our application and this guide have helped you in dealing with this disk optimizer.

Technical details for experts

You may see these entries in FRST logs:
 

(Corel Corporation -> WinZip Computing, S.L. (WinZip Computing)) C:\Program Files (x86)\WinZip Disk Tools\wzdisktools.exe
Task: {01D654FB-B515-4525-ACC7-6A41AD0E5440} - System32\Tasks\wzdt_notifier_executor => C:\Program Files (x86)\WinZip Disk Tools\notifier.exe [1911216 2020-11-26] (Corel Corporation -> Corel Corporation)
Task: {3A7CB461-F267-4644-ADC5-B8DE530D406E} - System32\Tasks\WinZip Disk Tools => C:\Program Files (x86)\WinZip Disk Tools\wzdisktools.exe [2611632 2020-11-26] (Corel Corporation -> WinZip Computing, S.L. (WinZip Computing))
S2 wzdtDiskOptimizer; C:\Program Files (x86)\WinZip Disk Tools\wzdtDefragSrv64.exe [315312 2020-11-26] (Corel Corporation -> WinZip Computing, S.L. (WinZip Computing))
C:\Windows\system32\Tasks\wzdt_notifier_executor
C:\Windows\system32\Tasks\WinZip Disk Tools
C:\Users\Public\Desktop\WinZip Disk Tools.lnk
C:\ProgramData\Desktop\WinZip Disk Tools.lnk
C:\Users\{username}\AppData\Roaming\WZDT
C:\Users\{username}\AppData\Roaming\WinZip
C:\ProgramData\WinZip
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Disk Tools
C:\Program Files (x86)\WinZip Disk Tools
(WinZip International LLC ) C:\Users\{username}\Desktop\wzdt1.exe

WinZip Disk Tools (HKLM-x32\...\{98BF4032-C5AB-48ee-B14C-8B20FC1703FE}_is1) (Version: 1.0.100.18371 - Corel Corporation)

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools
       Adds the file AsInvoker.exe"="11/26/2020 2:56 PM, 115120 bytes, A
       Adds the file asohtm.dll"="11/17/2020 1:19 PM, 326576 bytes, A
       Adds the file asores.dll"="11/26/2020 2:56 PM, 7588784 bytes, A
       Adds the file atl90.dll"="8/2/2013 3:06 PM, 161784 bytes, A
       Adds the file helper.dll"="11/26/2020 2:56 PM, 2337712 bytes, A
       Adds the file HighestAvailable.exe"="11/26/2020 2:56 PM, 140208 bytes, A
       Adds the file KillwzdtProcesses.exe"="11/26/2020 2:56 PM, 127408 bytes, A
       Adds the file lang.lng"="12/22/2020 9:11 AM, 1616 bytes, A
       Adds the file MFC90CHS.dll"="8/2/2013 3:06 PM, 38912 bytes, A
       Adds the file MFC90CHT.dll"="8/2/2013 3:06 PM, 39936 bytes, A
       Adds the file MFC90DEU.dll"="8/2/2013 3:06 PM, 66560 bytes, A
       Adds the file MFC90ENU.dll"="8/2/2013 3:06 PM, 56832 bytes, A
       Adds the file MFC90ESN.dll"="8/2/2013 3:06 PM, 65024 bytes, A
       Adds the file MFC90ESP.dll"="8/2/2013 3:06 PM, 65024 bytes, A
       Adds the file MFC90FRA.dll"="8/2/2013 3:06 PM, 66048 bytes, A
       Adds the file MFC90ITA.dll"="8/2/2013 3:06 PM, 64512 bytes, A
       Adds the file MFC90JPN.dll"="8/2/2013 3:06 PM, 46592 bytes, A
       Adds the file MFC90KOR.dll"="8/2/2013 3:06 PM, 46080 bytes, A
       Adds the file mfc90u.dll"="8/2/2013 3:06 PM, 3783672 bytes, A
       Adds the file Microsoft.VC90.ATL.manifest"="8/2/2013 3:06 PM, 353 bytes, A
       Adds the file Microsoft.VC90.CRT.manifest"="8/2/2013 3:06 PM, 391 bytes, A
       Adds the file Microsoft.VC90.MFC.manifest"="8/2/2013 3:06 PM, 349 bytes, A
       Adds the file Microsoft.VC90.MFCLOC.manifest"="8/2/2013 3:06 PM, 670 bytes, A
       Adds the file msvcp90.dll"="8/2/2013 3:06 PM, 572928 bytes, A
       Adds the file msvcr90.dll"="8/2/2013 3:06 PM, 655872 bytes, A
       Adds the file notifier.exe"="11/26/2020 2:56 PM, 1911216 bytes, A
       Adds the file RequireAdministrator.exe"="11/26/2020 2:56 PM, 115120 bytes, A
       Adds the file Tray.exe"="11/26/2020 2:56 PM, 2079664 bytes, A
       Adds the file unins000.dat"="12/22/2020 9:11 AM, 45453 bytes, A
       Adds the file unins000.exe"="12/22/2020 9:10 AM, 1232816 bytes, A
       Adds the file unins000.msg"="12/22/2020 9:11 AM, 22701 bytes, A
       Adds the file wzdisktools.exe"="11/26/2020 2:56 PM, 2611632 bytes, A
       Adds the file wzdtDefragServiceManager.exe"="11/26/2020 2:56 PM, 122288 bytes, A
       Adds the file wzdtDefragSrv.exe"="11/26/2020 2:56 PM, 291760 bytes, A
       Adds the file wzdtDefragSrv64.exe"="11/26/2020 2:56 PM, 315312 bytes, A
       Adds the file wzdtHelper.dll"="11/26/2020 2:56 PM, 1215920 bytes, A
       Adds the file wzdtsys.dll"="11/26/2020 2:56 PM, 1484720 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\DA
       Adds the file aso.ini"="11/20/2020 1:17 PM, 147112 bytes, A
       Adds the file client.ini"="11/26/2020 2:06 PM, 15292 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 131816 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\DE
       Adds the file aso.ini"="11/20/2020 4:23 PM, 162764 bytes, A
       Adds the file client.ini"="11/26/2020 11:15 AM, 16424 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 144428 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\DefragReport
       Adds the file footer_left.jpg"="8/5/2013 5:23 PM, 25435 bytes, A
       Adds the file footer_middle.jpg"="8/5/2013 5:23 PM, 22324 bytes, A
       Adds the file footer_right.jpg"="8/5/2013 5:22 PM, 25433 bytes, A
       Adds the file left_border.jpg"="8/5/2013 5:22 PM, 25144 bytes, A
       Adds the file line3px_Blue.jpg"="8/2/2013 3:06 PM, 11194 bytes, A
       Adds the file Report_header_left_image.jpg"="8/6/2013 5:41 PM, 27599 bytes, A
       Adds the file Report_header_leftText.jpg"="8/5/2013 5:24 PM, 31607 bytes, A
       Adds the file Report_header_top_middle.jpg"="8/5/2013 5:24 PM, 22103 bytes, A
       Adds the file Report_header_top_right.jpg"="8/5/2013 5:24 PM, 30369 bytes, A
       Adds the file right_border.jpg"="8/5/2013 5:23 PM, 25142 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\ENG
       Adds the file aso.ini"="11/20/2020 1:17 PM, 140496 bytes, A
       Adds the file client.ini"="11/26/2020 11:12 AM, 14688 bytes, A
       Adds the file DiskOpt.ini"="9/27/2018 2:43 PM, 129630 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\ES
       Adds the file aso.ini"="11/20/2020 1:17 PM, 159012 bytes, A
       Adds the file client.ini"="11/26/2020 2:02 PM, 16716 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 143192 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\FI
       Adds the file aso.ini"="11/20/2020 1:17 PM, 146388 bytes, A
       Adds the file client.ini"="11/26/2020 1:45 PM, 15498 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 132714 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\FR
       Adds the file aso.ini"="11/20/2020 4:14 PM, 166528 bytes, A
       Adds the file client.ini"="11/26/2020 11:14 AM, 17160 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 145014 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\IT
       Adds the file aso.ini"="11/20/2020 1:17 PM, 156880 bytes, A
       Adds the file client.ini"="11/26/2020 2:28 PM, 16062 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 139160 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\JA
       Adds the file aso.ini"="11/20/2020 1:17 PM, 102144 bytes, A
       Adds the file client.ini"="11/26/2020 2:31 PM, 11464 bytes, A
       Adds the file DiskOpt.ini"="7/11/2016 1:01 PM, 99350 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\NL
       Adds the file aso.ini"="11/20/2020 1:17 PM, 155918 bytes, A
       Adds the file client.ini"="11/26/2020 11:13 AM, 16086 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 136664 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\NO
       Adds the file aso.ini"="11/20/2020 1:17 PM, 141010 bytes, A
       Adds the file client.ini"="11/26/2020 1:35 PM, 14688 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 127418 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\PT_BR
       Adds the file aso.ini"="11/20/2020 1:17 PM, 150754 bytes, A
       Adds the file client.ini"="11/26/2020 11:16 AM, 15866 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 138410 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\RU
       Adds the file aso.ini"="11/20/2020 1:17 PM, 156426 bytes, A
       Adds the file client.ini"="11/26/2020 11:16 AM, 16422 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 137280 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\SV
       Adds the file aso.ini"="11/20/2020 1:17 PM, 146734 bytes, A
       Adds the file client.ini"="11/26/2020 1:45 PM, 15058 bytes, A
       Adds the file DiskOpt.ini"="11/19/2020 2:14 PM, 130682 bytes, A
    Adds the folder C:\Program Files (x86)\WinZip Disk Tools\ZH_CN
       Adds the file aso.ini"="11/20/2020 1:17 PM, 84186 bytes, A
       Adds the file client.ini"="11/26/2020 2:39 PM, 9928 bytes, A
       Adds the file DiskOpt.ini"="7/11/2016 1:03 PM, 86998 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Disk Tools
       Adds the file Uninstall WinZip Disk Tools.lnk"="12/22/2020 9:11 AM, 1190 bytes, A
       Adds the file WinZip Disk Tools.lnk"="12/22/2020 9:11 AM, 1418 bytes, A
    Adds the folder C:\ProgramData\WinZip\WZDT\WinZip Disk Tools\DefragReport
       Adds the file footer_left.jpg"="8/5/2013 5:23 PM, 25435 bytes, A
       Adds the file footer_middle.jpg"="8/5/2013 5:23 PM, 22324 bytes, A
       Adds the file footer_right.jpg"="8/5/2013 5:22 PM, 25433 bytes, A
       Adds the file left_border.jpg"="8/5/2013 5:22 PM, 25144 bytes, A
       Adds the file line3px_Blue.jpg"="8/2/2013 3:06 PM, 11194 bytes, A
       Adds the file Report_header_left_image.jpg"="8/6/2013 5:41 PM, 27599 bytes, A
       Adds the file Report_header_leftText.jpg"="8/5/2013 5:24 PM, 31607 bytes, A
       Adds the file Report_header_top_middle.jpg"="8/5/2013 5:24 PM, 22103 bytes, A
       Adds the file Report_header_top_right.jpg"="8/5/2013 5:24 PM, 30369 bytes, A
       Adds the file right_border.jpg"="8/5/2013 5:23 PM, 25142 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\WinZip\WZDT\WinZip Disk Tools
    Adds the folder C:\Users\{username}\AppData\Roaming\WZDT
       Adds the file lci.lci"="12/22/2020 9:11 AM, 686 bytes, HA
       Adds the file uid.txt"="12/22/2020 9:11 AM, 35 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file WinZip Disk Tools.lnk"="12/22/2020 9:11 AM, 1400 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file WinZip Disk Tools"="12/22/2020 9:11 AM, 3132 bytes, A
       Adds the file wzdt_notifier_executor"="12/22/2020 9:11 AM, 3604 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5D00ACD3-C15B-5ABD-4CAA-61ADA0DA12E0}]
       "(Default)"="REG_SZ", "Media Clip"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5D00ACD3-C15B-5ABD-4CAA-61ADA0DA12E0}\NotInsertable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5D00ACD3-C15B-5ABD-4CAA-61ADA0DA12E0}\TreatAs]
       "(Default)"="REG_SZ", "{F20DA720-C02F-11CE-927B-0800095AE340}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98BF4032-C5AB-48ee-B14C-8B20FC1703FE}_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\WinZip Disk Tools\wzdisktools.exe"
       "DisplayName"="REG_SZ", "WinZip Disk Tools"
       "DisplayVersion"="REG_SZ", "1.0.100.18371"
       "EstimatedSize"="REG_DWORD", 169778
       "HelpLink"="REG_SZ", "https://goto.winzip.com/action/?product=WZDT&LinkType=Help"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\WinZip Disk Tools"
       "Inno Setup: Icon Group"="REG_SZ", "WinZip Disk Tools"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20201222"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\WinZip Disk Tools\"
       "MajorVersion"="REG_DWORD", 1
       "MinorVersion"="REG_DWORD", 0
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Corel Corporation"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\WinZip Disk Tools\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\WinZip Disk Tools\unins000.exe""
       "URLInfoAbout"="REG_SZ", "https://goto.winzip.com/action/?product=WZDT&LinkType=Help"
       "URLUpdateInfo"="REG_SZ", "https://www.winzipsystemtools.com"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Disk Tools]
       "ASO3AFFILIATE"="REG_SZ", ""
       "ASO3CAM"="REG_SZ", "default"
       "ASOBUILDFOR"="REG_SZ", "WINZIP"
       "BUILD_ID"="REG_SZ", "1"
       "installed_date"="REG_SZ", "22-12-2020"
       "TELNO"="REG_SZ", "(855) 716-7029"
       "TELNOFR"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools]
       "BuyNowURL"="REG_SZ", "https://goto.winzip.com/action/?product=WZDT&LinkType=Purchase"
       "ReNewURL"="REG_SZ", "https://goto.winzip.com/action/?product=WZDT&LinkType=Renew"
       "TrialType"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wzdtDiskOptimizer]
       "DisplayName"="REG_SZ", "wzdtDiskOptimizer"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\WinZip Disk Tools\wzdtDefragSrv64.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools]
       "ASO3AFFILIATE"="REG_SZ", ""
       "ASO3CAM"="REG_SZ", "default"
       "ASOBUILDFOR"="REG_SZ", "WINZIP"
       "BUILD_ID"="REG_SZ", "1"
       "InstalledPath"="REG_SZ", "C:\Program Files (x86)\WinZip Disk Tools"
       "RunAtStartUp"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\ScanStatusForLauncher\SysClean]
       "iconStatus"="REG_DWORD", 0
       "LastScanDateTime"="REG_SZ", "12/22/2020 9:15:45 AM"
       "MSG"="REG_SZ", "2511 junk items detected
       "MSGOnHome"="REG_SZ", "2511 junk items detected"
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools]
       "PF_1"="REG_SZ", "Tue. December 22, 2020. 09:15 AM"
       "PF_2"="REG_SZ", "2,511"
       "PF_3"="REG_DWORD", 2511
       "PF_6"="REG_SZ", "952.78 MB"
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\Disk Tools - WinZip Disk Tools\Advanced]
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\Disk Tools - WinZip Disk Tools\LocationDrives]
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\Disk Tools - WinZip Disk Tools\LocationFolders]
       "0"="REG_SZ", "C:\Windows\Temp"
       "1"="REG_SZ", "C:\Users\{username}\AppData\Local\Temp"
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\Disk Tools - WinZip Disk Tools\Removal]
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\Disk Tools - WinZip Disk Tools\Settings]
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\FilesToSearch]
       "SEARCH_ALL_FILES"="REG_DWORD", 1
       "SEARCH_COMPRESSED_FILES"="REG_DWORD", 1
       "SEARCH_IMAGE_FILES"="REG_DWORD", 1
       "SEARCH_MUSIC_FILES"="REG_DWORD", 1
       "SEARCH_OFFICE_DOCUMENTS"="REG_DWORD", 1
       "SEARCH_VIDEO_FILES"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\FindOptions]
       "CRCSIZELIMIT"="REG_DWORD", 1
       "FILECRC"="REG_DWORD", 0
       "FILENAME"="REG_DWORD", 1
       "FILESIZE"="REG_DWORD", 1
       "FILETIME"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\IgnoreList]
       "*winzip disk tools*"="REG_SZ", ""
       "c:\users\{username}\appdata\local\microsoft\windows\burn\burn*"="REG_SZ", ""
       "c:\users\{username}\appdata\roaming\microsoft\windows\network shortcuts*"="REG_SZ", ""
       "c:\users\{username}\appdata\roaming\microsoft\windows\printer shortcuts*"="REG_SZ", ""
       "c:\users\{username}\appdata\roaming\microsoft\windows\sendto*"="REG_SZ", ""
       "c:\users\{username}\favorites*"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\MaskList]
       "*.---"="REG_DWORD", 1
       "*.$$$"="REG_DWORD", 1
       "*.$db"="REG_DWORD", 1
       "*.?$?"="REG_DWORD", 0
       "*.??$"="REG_DWORD", 1
       "*.??~"="REG_DWORD", 1
       "*.?~?"="REG_DWORD", 0
       "*.^"="REG_DWORD", 0
       "*.___"="REG_DWORD", 1
       "*._dd"="REG_DWORD", 0
       "*._detmp"="REG_DWORD", 0
       "*._mp"="REG_DWORD", 1
       "*.~*"="REG_DWORD", 1
       "*.~mp"="REG_DWORD", 1
       "*.aps"="REG_DWORD", 0
       "*.bak"="REG_DWORD", 0
       "*.chk"="REG_DWORD", 1
       "*.db$"="REG_DWORD", 1
       "*.dmp"="REG_DWORD", 1
       "*.err"="REG_DWORD", 0
       "*.ftg"="REG_DWORD", 0
       "*.fts"="REG_DWORD", 1
       "*.gid"="REG_DWORD", 1
       "*.ilk"="REG_DWORD", 0
       "*.log"="REG_DWORD", 0
       "*.ncb"="REG_DWORD", 0
       "*.nch"="REG_DWORD", 0
       "*.old"="REG_DWORD", 1
       "*.pch"="REG_DWORD", 0
       "*.prv"="REG_DWORD", 0
       "*.sik"="REG_DWORD", 0
       "*.temp"="REG_DWORD", 1
       "*.tmp"="REG_DWORD", 1
       "*.wbk"="REG_DWORD", 0
       "*log.txt"="REG_DWORD", 0
       "~*.*"="REG_DWORD", 1
       "0*.nch"="REG_DWORD", 0
       "chklist.*"="REG_DWORD", 1
       "CHKLIST.MS"="REG_DWORD", 0
       "mscreate.dir"="REG_DWORD", 1
       "thumbs.db"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Disk Tools\WinZip Disk Tools\Schedule]
       "WZDT-Optimize"="REG_SZ", "Scan Not Scheduled"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/22/20
Scan Time: 9:21 AM
Log File: acdab16c-442e-11eb-8f31-080027235d76.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.34609
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 232607
Threats Detected: 30
Threats Quarantined: 30
Time Elapsed: 3 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 2
PUP.Optional.WinZipDiskTools, C:\PROGRAM FILES (X86)\WINZIP DISK TOOLS\WZDTHELPER.DLL, Quarantined, 16772, 888187, , , , , F47456DC3D423DA9238140B9630DF4BB, 84A114AE4844C422C70F6C9032D49A8ACFFE0017D9EB158FE4B488784F251BC4
PUP.Optional.WinZipDiskTools, C:\PROGRAM FILES (X86)\WINZIP DISK TOOLS\ASORES.DLL, Quarantined, 16772, 888187, , , , , EB09F9F39D430199573357EED2AB8DC1, 610D6F179A2F0B12FEBEE8E4B6EAFA689B9D6271AED51A882A20B491818EE4D0

Registry Key: 10
PUP.Optional.WinZipDiskTools, HKCU\SOFTWARE\NICO MAK COMPUTING\WinZip Disk Tools, Quarantined, 16772, 888410, 1.0.34609, , ame, , , 
PUP.Optional.WinZipDiskTools, HKLM\SOFTWARE\WOW6432NODE\NICO MAK COMPUTING\WinZip Disk Tools, Quarantined, 16772, 888184, 1.0.34609, , ame, , , 
PUP.Optional.WinZipDiskTools, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wzdtDiskOptimizer, Quarantined, 16772, 888185, 1.0.34609, , ame, , , 
PUP.Optional.WinZipDiskTools, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{98BF4032-C5AB-48EE-B14C-8B20FC1703FE}_IS1, Quarantined, 16772, 888183, 1.0.34609, , ame, , , 
PUP.Optional.WinZipDiskTools, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\wzdt_notifier_executor, Quarantined, 16772, 888180, , , , , , 
PUP.Optional.WinZipDiskTools, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{01D654FB-B515-4525-ACC7-6A41AD0E5440}, Quarantined, 16772, 888180, , , , , , 
PUP.Optional.WinZipDiskTools, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{01D654FB-B515-4525-ACC7-6A41AD0E5440}, Quarantined, 16772, 888180, , , , , , 
PUP.Optional.WinZipDiskTools, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinZip Disk Tools, Quarantined, 16772, 888180, , , , , , 
PUP.Optional.WinZipDiskTools, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3A7CB461-F267-4644-ADC5-B8DE530D406E}, Quarantined, 16772, 888180, , , , , , 
PUP.Optional.WinZipDiskTools, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{3A7CB461-F267-4644-ADC5-B8DE530D406E}, Quarantined, 16772, 888180, , , , , , 

Registry Value: 1
PUP.Optional.WinZipDiskTools, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{98BF4032-C5AB-48EE-B14C-8B20FC1703FE}_IS1|DISPLAYNAME, Quarantined, 16772, 888183, 1.0.34609, , ame, , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.WinZipDiskTools, C:\PROGRAM FILES (X86)\WINZIP DISK TOOLS, Quarantined, 16772, 888174, 1.0.34609, , ame, , , 
PUP.Optional.WinZipDiskTools, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WINZIP DISK TOOLS, Quarantined, 16772, 888175, 1.0.34609, , ame, , , 
PUP.Optional.WinZipDiskTools, C:\PROGRAMDATA\WINZIP\WZDT, Quarantined, 16772, 888177, 1.0.34609, , ame, , , 
PUP.Optional.WinZipDiskTools, C:\USERS\{username}\APPDATA\ROAMING\WINZIP\WZDT, Quarantined, 16772, 888177, 1.0.34609, , ame, , , 
PUP.Optional.WinZipDiskTools, C:\USERS\{username}\APPDATA\ROAMING\WZDT, Quarantined, 16772, 888179, 1.0.34609, , ame, , , 

File: 12
PUP.Optional.WinZipDiskTools, C:\USERS\PUBLIC\DESKTOP\WINZIP DISK TOOLS.LNK, Quarantined, 16772, 888176, 1.0.34609, , ame, , 4B534F2FC7EBF3A77BE31190197AFA84, 4D898FC70346F4D79577FB266800535FABDFD337B3EDBADF8E34D45ACEB85399
PUP.Optional.WinZipDiskTools, C:\PROGRAM FILES (X86)\WINZIP DISK TOOLS\WZDTDEFRAGSRV64.EXE, Quarantined, 16772, 888185, , , , , B761B7BBB915310FFDBF841EEC308B16, 879BD9EA55E0D97C805B359133F428A006269D4AD4AE620F63AD2DC51A303116
PUP.Optional.WinZipDiskTools, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Disk Tools\Uninstall WinZip Disk Tools.lnk, Quarantined, 16772, 888175, , , , , 50DAB1B044BE5A26FA03A284AFA40749, 82292B4E6F87B861C316F48F5A6330757A33D4A617520C1A36E79F598CD25788
PUP.Optional.WinZipDiskTools, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Disk Tools\WinZip Disk Tools.lnk, Quarantined, 16772, 888175, , , , , 3C8F65698BE0CE1E2E7016522543FABC, 16CBDC585AC73F8B7C3AC6AAD6A080F979BE3C4CBD9F7B4E89FD9CB2FC1B585E
PUP.Optional.WinZipDiskTools, C:\USERS\{username}\APPDATA\ROAMING\WZDT\LCI.LCI, Quarantined, 16772, 888179, 1.0.34609, , ame, , 595DFB849F4065D05E2D58E9451C9BEA, 950B4CA7552AE2506738D2B711EDAADF0FCEDA21CF7B012B197D3540031C3EF4
PUP.Optional.WinZipDiskTools, C:\Users\{username}\AppData\Roaming\WZDT\uid.txt, Quarantined, 16772, 888179, , , , , CA7059C8E93DD36CF1DACDDB4E7474DB, 77026F864DBDDA13BC6074DF71C37BCD3947AF6896F4FC6AFCB1B3064776305B
PUP.Optional.WinZipDiskTools, C:\PROGRAM FILES (X86)\WINZIP DISK TOOLS\WZDTHELPER.DLL, Quarantined, 16772, 888187, 1.0.34609, , ame, , F47456DC3D423DA9238140B9630DF4BB, 84A114AE4844C422C70F6C9032D49A8ACFFE0017D9EB158FE4B488784F251BC4
PUP.Optional.WinZipDiskTools, C:\PROGRAM FILES (X86)\WINZIP DISK TOOLS\ASORES.DLL, Quarantined, 16772, 888187, 1.0.34609, , ame, , EB09F9F39D430199573357EED2AB8DC1, 610D6F179A2F0B12FEBEE8E4B6EAFA689B9D6271AED51A882A20B491818EE4D0
PUP.Optional.WinZipDiskTools, C:\WINDOWS\SYSTEM32\TASKS\wzdt_notifier_executor, Quarantined, 16772, 888180, 1.0.34609, , ame, , C57C4C29C77AD10E13EB42334CAA06B3, EC55498E25FB35251AA91A035CFFDA5802036B2FC3FC936A2545B81955688CC5
PUP.Optional.WinZipDiskTools, C:\WINDOWS\SYSTEM32\TASKS\WinZip Disk Tools, Quarantined, 16772, 888180, 1.0.34609, , ame, , 7849263AF7B870CBF0689A32B9365881, 8256804D52005D9739F9EDED51F980A160BB16D3C946D62CED4ED496EC166C6A
PUP.Optional.WinZipDiskTools, C:\DOWNLOADS\WZDT1.EXE, Quarantined, 16772, 888187, 1.0.34609, , ame, , 52FBF47B94482AFF4BFE1992B86512E6, 75712ED4252554268C12766DC55BA415F459BFD54F477F6DA9EB15236982E074
PUP.Optional.WinZipDiskTools, C:\USERS\{username}\DESKTOP\WZDT1.EXE, Quarantined, 16772, 888187, 1.0.34609, , ame, , 52FBF47B94482AFF4BFE1992B86512E6, 75712ED4252554268C12766DC55BA415F459BFD54F477F6DA9EB15236982E074

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.