home

optimizerpro.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerpro.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 15 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. It is also typically executed from the user's temporary directory.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
7e93072f2ce0f8ea30025e479d3b08e1

SHA-1:
7a7ffe06bc1b0b7d0f29db8097d8f43471aa0e3a

SHA-256:
e04a8ca7cf367e737267755ee8f608d9de562024e1ab2461b7a71d9b13ddb9b0

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/24/2024 8:14:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Bprotector.B
1023

Agnitum Outpost
Trojan.BProtector
7.1.1

Avira AntiVirus
Adware/BProtector.B.1
7.11.144.32

AVG
MalSign.Generic
2015.0.3501

Bitdefender
Adware.Bprotector.B
1.0.20.535

Dr.Web
Trojan.PWS.Tibia.2591
9.0.1.0107

Emsisoft Anti-Malware
Adware.Bprotector
8.14.04.17.11

ESET NOD32
Win32/SpeedingUpMyPC
8.9692

F-Secure
Adware.Bprotector.B
11.2014-17-04_5

G Data
Adware.Bprotector
14.4.24

herdProtect (fuzzy)
variant of offer1.exe (PUP)
2014.7.6.23

McAfee
Artemis!7A340105C476
5600.7157

MicroWorld eScan
Adware.Bprotector.B
15.0.0.321

nProtect
Adware.Bprotector.B
14.04.17.03

Reason Heuristics
PUP.PCUtilities.M
14.8.8.3

File size:
6.8 MB (7,136,776 bytes)

File type:
Executable application (Win32 EXE)

Language:
Serbian (Latin, Serbia)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\26\optimizerpro.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/5/2013 12:29:35 PM

Valid to:
4/3/2015 8:23:14 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
4/11/2014 8:39:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:Z4PUxzcXZ6EJHx99Fs7zIGEEn5I6eis0GY3631:Z4OAdZshEE66dG5

Entry address:
0x6869

Entry point:
E8, 67, 5F, 00, 00, E9, 89, FE, FF, FF, FF, 35, 84, E2, 41, 00, FF, 15, 58, 60, 41, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, D9, 53, 00, 00, 6A, 01, 6A, 00, E8, FC, 2E, 00, 00, 83, C4, 0C, E9, C1, 2E, 00, 00, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B...
 
[+]

Entropy:
7.9877  (probably packed)

Code size:
81.5 KB (83,456 bytes)

Remove optimizerpro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.