Home / malware SoftwareBundler:Win32/WinOptimizer
First posted on 10 December 2014.
Source: MicrosoftAliases :
There are no other names known for SoftwareBundler:Win32/WinOptimizer.
Explanation :
Threat behavior
Installation
This program can create the following files on your PC:
- %ALLUSERSPROFILE% \Documents\Optimizer\load_config.ini
- %ALLUSERSPROFILE% \Documents\Optimizer\log.ini
- %ProgramFiles% \Windows Optimizer\avasts.exe
- %ProgramFiles% \Windows Optimizer\load_config.ini
- %ProgramFiles% \Windows Optimizer\optimizer.exe
- %ProgramFiles% \Windows Optimizer\powermgr.exe
- %ProgramFiles% \Windows Optimizer\vmnet.exe
Payload
Downloads other unwanted software
This program can open your default web browser (including Internet Explorer, Google Chrome and Mozilla Firefox) and display a website that claims your browser is out of date. The message can look like the examples below:
If you click the "OK" button, the message will direct your web browser to download a file that contains other unwanted software. The message also prompts you to run the file.
We have seen it download the following unwanted software:
- Misleading:Win32/OptimizerElite
- Misleading:Win32/PerfectOptimizer
Contacts a remote server
We have seen this program contact the following server to update itself:
- download3.file-mirror.org/download/
.exe
Analysis by Ric Robielos
Symptoms
The following could indicate that you have this program on your PC:
- You have these files:
- %ALLUSERSPROFILE%\Documents\Optimizer\load_config.ini
- %ALLUSERSPROFILE%\Documents\Optimizer\log.ini
- %ProgramFiles%\Windows Optimizer\avasts.exe
- %ProgramFiles%\Windows Optimizer\load_config.ini
- %ProgramFiles%\Windows Optimizer\optimizer.exe
- %ProgramFiles%\Windows Optimizer\powermgr.exe
- %ProgramFiles%\Windows Optimizer\vmnet.exe
- You see these pop-up ads:
Last update 10 December 2014
