home

optimizerpro.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerpro.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 18 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. It is also typically executed from the user's temporary directory.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
769ec8289f4661c125108fe1b5d611b8

SHA-1:
c8d3c5752d3296b2de9292d77bf0aa085a59a2bb

SHA-256:
2340f205aa635bfd6674d4a5e15ed2ee85790e27f5482668edb0e76a90b22507

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/25/2024 3:52:18 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.WPM
920

AhnLab V3 Security
PUP/Win32.OptimizerPro
2014.07.30

AVG
OptimizerPro
2015.0.3398

Dr.Web
Trojan.NtRootKit.17528
9.0.1.05190

ESET NOD32
Win32/SpeedingUpMyPC (variant)
8.10164

F-Secure
Application.WPM
11.2014-30-07_4

G Data
Win32.Application.OptimizerPro
14.7.24

herdProtect (fuzzy)
variant of optprosetup.exe (PUP)
2014.9.10.5

IKARUS anti.virus
AdWare.Bprotector
t3scan.1.6.1.0

Kaspersky
not-a-virus:RiskTool.Win32.Agent
14.0.0.3484

McAfee
Artemis!769EC8289F46
5600.7054

MicroWorld eScan
Application.WPM
15.0.0.633

NANO AntiVirus
Riskware.Win32.Agent.dcyoxs
0.28.2.61148

Panda Antivirus
Trj/Genetic.gen
14.07.30.03

Qihoo 360 Security
Win32/Virus.RiskTool.825
1.0.0.1015

Reason Heuristics
PUP.PCUtilities.M
14.8.8.3

Total Defense
Win32/Tnega.MHdEFO
37.0.11088

File size:
5.9 MB (6,182,976 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\optimizerpro.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/18/2014 10:34:54 AM

Valid to:
4/18/2015 10:34:54 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B6A44F88EC8CF

File PE Metadata
Compilation timestamp:
7/24/2014 9:27:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:mCdXle1FJREp011ZMoGcjOehvkJA7mAyzeCbmmrcUPdKjl8dq99xR4iw7fn7+2hh:bSFJV11GYz6wVo6mQUE+qbxRJwP+2R39

Entry address:
0x3D74C

Entry point:
55, 8B, EC, 83, C4, F0, B8, F8, A5, 43, 00, E8, 14, C4, FC, FF, E8, 03, 86, FC, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9744

Developed / compiled with:
Microsoft Visual C++

Code size:
240.5 KB (246,272 bytes)

Remove optimizerpro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.