home

optimizerpro.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerpro.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 13 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. It is also typically executed from the user's temporary directory.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
d09709d5ca25e5fed545ec9c0f2a5453

SHA-1:
710b7b104cab3c06c1f73b73370315624304ac28

SHA-256:
e7efb454b7d7b7661b36892b36e832f7b34f4ced58a36fbeca7612d2d3ee8ae5

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/26/2024 6:40:41 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.WPM
921

AhnLab V3 Security
PUP/Win32.OptimizerPro
2014.07.29

AVG
Adware Generic5.ATRO
2014.0.3986

Dr.Web
Trojan.NtRootKit.17528
9.0.1.05190

ESET NOD32
Win32/AdWare.SpeedingUpMyPC.L application
7.0.302.0

F-Secure
Application.WPM
11.2014-28-07_2

G Data
Win32.Application.OptimizerPro
14.7.24

IKARUS anti.virus
AdWare.Bprotector
t3scan.1.6.1.0

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.494

MicroWorld eScan
Application.WPM
15.0.0.627

Panda Antivirus
Trj/Genetic.gen
14.07.28.12

Reason Heuristics
PUP.PCUtilities.M
14.8.8.3

Total Defense
Win32/Tnega.MHdEFO
37.0.11085

File size:
5.9 MB (6,182,920 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\optimizerpro.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/18/2014 4:34:54 PM

Valid to:
4/18/2015 4:34:54 PM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B6A44F88EC8CF

File PE Metadata
Compilation timestamp:
7/24/2014 3:27:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:uCdXle1FJREp011ZMoGcjOehvkJA7mAyzeCbmmrcUPdKjl8dq99xR4iw7fn7+2hR:zSFJV11GYz6wVo6mQUE+qbxRJwP+2R3l

Entry address:
0x3D74C

Entry point:
55, 8B, EC, 83, C4, F0, B8, F8, A5, 43, 00, E8, 14, C4, FC, FF, E8, 03, 86, FC, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
240.5 KB (246,272 bytes)

Remove optimizerpro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.