home

opprosetup.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application opprosetup.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 36 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
12813d3074dd2934df1a3fddbbea28ab

SHA-1:
e2c18b66abf958983415a6fae3e3a30595a1860a

SHA-256:
4f42e58bc6ef2476f5c8497174bb6ffcb9041b4bf0006c6f554f2e01ee3e4288

Scanner detections:
36 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/26/2024 10:26:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OBI
864

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OptimizerPro
2014.09.08

Avira AntiVirus
Adware/SpeedingUpMyPC.D.7
7.11.144.50

avast!
Win32:Adware-gen [Adw]
2014.9-140923

AVG
OptimizerPro
2015.0.3342

Baidu Antivirus
Adware.Win32.SpeedingUpMyPC
4.0.3.14125

Bitdefender
Adware.Agent.OBI
1.0.20.1330

Comodo Security
UnclassifiedMalware
18843

Dr.Web
Trojan.NtRootKit.17528
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.OBI
8.14.09.23.03

ESET NOD32
Win32/SpeedingUpMyPC
8.10080

Fortinet FortiGate
Riskware/Agent
9/23/2014

F-Prot
W32/A-d7153df2
v6.4.7.1.166

F-Secure
Adware.Agent.OBI
11.2014-23-09_3

G Data
Win32.Application.OptimizerPro
14.9.24

herdProtect (fuzzy)
variant of optprosetup.exe (PUP)
2014.12.5.19

IKARUS anti.virus
AdWare.Bprotector
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12683

Kaspersky
not-a-virus:RiskTool.Win32.Agent
14.0.0.3207

McAfee
Artemis!F6D91AA268E0
5600.6998

MicroWorld eScan
Adware.Agent.OBI
15.0.0.798

NANO AntiVirus
Riskware.Win32.Agent.dbyndl
0.28.0.60698

nProtect
Adware.Agent.OBI
14.05.19.01

Panda Antivirus
Trj/Chgt.C
14.09.23.03

Qihoo 360 Security
Win32/Virus.RiskTool.825
1.0.0.1015

Reason Heuristics
PUP.Installer.PCUtilities.K
14.9.23.15

Total Defense
Win32/Tnega.MHdEFO
37.0.11042

Trend Micro House Call
Suspicious_GEN.F47V0704
7.2.266

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
28350

Zillya! Antivirus
Trojan.Black.Win32.16768
2.0.0.1846

File size:
5.3 MB (5,586,504 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\opprosetup.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/18/2014 4:34:54 PM

Valid to:
4/18/2015 4:34:54 PM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B6A44F88EC8CF

File PE Metadata
Compilation timestamp:
7/2/2014 11:45:30 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:ScoyLL9KCXD0Uy7EXMGxj7vInVZVLKaH4vJLxAN1N7mTWu+VxA/IIxBT8UNbyyGT:SELLfXAUyDGd7uVZ1KaGAN1N71BlIxBc

Entry address:
0x3D74C

Entry point:
55, 8B, EC, 83, C4, F0, B8, F8, A5, 43, 00, E8, 14, C4, FC, FF, E8, 03, 86, FC, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
240.5 KB (246,272 bytes)

Remove opprosetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.