home

chkact.exe

chkact

Optisoft LLC

The application chkact.exe by Optisoft has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Microsoft  (signed by Optisoft LLC)

Product:
chkact

Version:
1.0.0.0

MD5:
4e2fb981043fc8b558420fdb4ce0c730

SHA-1:
d2545e8df8603a1672f776225695840b4e00d7ba

SHA-256:
e1300641098e1731ad9cc8402b9b46a67c865822ad89c55b2517ca4bb369dbad

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
5/6/2024 9:48:04 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen4
7.11.198.178

Reason Heuristics
PUP.Optional.Task.G
14.12.29.18

File size:
361.1 KB (369,776 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2014

Original file name:
chkact.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\optimum pc boost\chkact.exe

Digital Signature
Signed by:
Optisoft LLC

Authority:
Symantec Corporation

Valid from:
8/30/2014 6:00:00 PM

Valid to:
8/5/2015 5:59:59 PM

Subject:
CN=Optisoft LLC, O=Optisoft LLC, L=Sunrise, S=Florida, C=US, SERIALNUMBER=L14000046385, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
352F3A4609F98635955551CE0F837EAD

File PE Metadata
Compilation timestamp:
12/27/2014 6:36:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:Bxg9/R4c0n31is/kaLd6eiEqMN2H5nl3o2yBUm:Ba/Y3Ms/xMJMNkonUm

Entry address:
0x5A1DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 44, 03, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, C0, 05, 00, E8, 02, 00, 00, 00, 00, 00, 00, E8, 02...
 
[+]

Entropy:
6.0514

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
352.5 KB (360,960 bytes)

Scheduled Task
Task name:
Optimum_Protect

Trigger:
Daily (Runs daily at 4:41 PM)

Action:
chkact.exe \C:kill


Remove chkact.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.