Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Relationships
optimizerpro1.exe
| MD5: | ca52ab39fc6eb75c519c77ce07104c6f |
| SHA1: | 3af404cf509637170f0a9549e40c787e10cf0a72 |
| SHA256: | 1a0fd894b4d55aa041f7b7e5403de539d3f01bde943e22dcf50a352977f6f242 |
Warning 7 antivirus scanners has detected malware.
Overview
optimizerpro1.exe is malware that executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges). It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It is installed with a couple of know programs including OptimizerPro published by WebPick Internet Holdings Ltd., OptimizerPro1 from WebPick Internet Holdings Ltd. and OptimizerPro1 by WebPick Internet Holdings Ltd..
Details
| File name: | optimizerpro1.exe |
| Typical file path: | C:\Documents and Settings\user\Application data\premium\optimizerpro1\optimizerpro1.exe |
| Size: | 228 KB (233,472 bytes) |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
OptimizerPro from BetterSoft is an adware program in the form of a process and a web browser plugin. The Plugin is designed to monitor the user's search and browsing habits and deliver advertising by overwriting the content HTML within the user's web browser. The background service which is executed as a Windows scheduled task is designed to make sure the web browser plugin remains active as well as automatically keeps the software upda...
|
WebPick Internet Holdings Ltd. |
|
OptimizerPro1 by Premuim, an umwanted and potentially harmful application is installed as a web browser plugin within Internet Explorer and Firefox. OptimizedPro1 uses the open source wxDownload Fast (also known as wxDFast) program to download and install additional bundled applications.
|
WebPick Internet Holdings Ltd. |
|
The Premium WxDFast program runs as a scheduled task utilizing the Windows Scheduled Tasks interface. WxDFast launches each time the computers boots and can bybass the standard UAC (user access control) prompts in order to run.
|
WebPick Internet Holdings Ltd. |
|
Codec by Premuim, an umwanted and potentially harmful application is installed as a web browser plugin within Internet Explorer and Firefox.
|
WebPick Internet Holdings Ltd. |
|
VaudiX (also known as OptimizerPro) is a potentially unwanted downloader.
Behaviors
Scheduled tasks
- The task 'SaveAsUpdaterTask{0031BEC3-16C7-42AC-9387-850A2E8F57E9}' runs on logon in the path '\SaveAsUpdaterTask{0031BEC3-16C7-42AC-9387-850A2E8F57E9}'
- The task 'OptimizerProUpdaterTask{178294BA-BA70-4C26-B2E9-F2FEE9B45DD3}' runs on logon in the path '\OptimizerProUpdaterTask{178294BA-BA70-4C26-B2E9-F2FEE9B45DD3}'
- Entry path '\OptimizerProUpdaterTask{178294BA-BA70-4C26-B2E9-F2FEE9B45DD3}'
- Entry path 'C:\WINXP\Tasks\OptimizerPro1UpdaterTask{59E92FD0-7E8F-4741-BCF6-E46FF1D53339}.job'
- Entry path '\OptimizerProUpdaterTask{863C8090-F210-44C1-ACA9-027DFCFFCA94}'
- Entry path 'C:\WINDOWS\Tasks\VaudiXUpdaterTask{9A84823D-68D7-4D44-9F94-75D88AA59478}.job'
- Entry path '\SaveAsUpdaterTask{835C14A1-DC93-4304-8003-6CEC3CB56E9F}'
- Entry path '\OptimizerProUpdaterTask{A64FC7CC-5976-49CC-ACD7-3F7235C5BB60}'
- Entry path '\OptimizerProUpdaterTask{5796A7A6-8A5E-4B3B-91F3-753CF1DDE555}'
- Entry path '\VaudiXUpdaterTask{B5E53462-63FE-4C8E-9CAF-264467044988}'
- Entry path '\VaudiXUpdaterTask{B4798F70-715A-4A54-8923-5EE57DEF2FDC}'
- Entry path '\VaudiXUpdaterTask{661E6B20-E235-4489-8812-4054F50C45E4}'
- Entry path '\VaudiXUpdaterTask{64FF67CF-4444-469B-A8BF-F5496F20A44F}'
- Entry path '\VaudiXUpdaterTask{51AF4573-102F-4A71-A667-443D012A2B13}'
- Entry path '\SaveAsUpdaterTask{CD545A5D-C5A0-4A4E-AD70-5CC454BC5027}'
- Entry path '\VaudiXUpdaterTask{83C270F8-8D49-459C-A92E-A3EE558D4B2A}'
- Entry path '\OptimizerProUpdaterTask{C466A580-E8D6-474C-BC39-50E589E23C3D}'
- Entry path '\VaudiXUpdaterTask{7FFFBB78-0C8E-490E-BEF9-572A319FD65A}'
- Entry path '\VaudiXUpdaterTask{89D5FC32-83E9-4283-955A-74FFDA2A38CC}'
- Entry path '\VaudiXUpdaterTask{4E7EF93F-4922-490A-A057-2FCBFF1B3038}'
- Entry path '\OptimizerProUpdaterTask{69828734-D6A0-4955-8343-3AC70D153464}'
- Entry path '\OptimizerProUpdaterTask{64BDCE71-B7FE-4CA7-BAEF-2F9721061AE9}'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\SaveAsUpdaterTask{0031BEC3-16C7-42AC-9387-850A2E8F57E9}'
- Login entry path '\OptimizerProUpdaterTask{178294BA-BA70-4C26-B2E9-F2FEE9B45DD3}'
- Login entry path 'C:\WINXP\Tasks\OptimizerPro1UpdaterTask{59E92FD0-7E8F-4741-BCF6-E46FF1D53339}.job'
- Login entry path '\OptimizerProUpdaterTask{863C8090-F210-44C1-ACA9-027DFCFFCA94}'
- Login entry path 'C:\WINDOWS\Tasks\VaudiXUpdaterTask{9A84823D-68D7-4D44-9F94-75D88AA59478}.job'
- Login entry path '\SaveAsUpdaterTask{835C14A1-DC93-4304-8003-6CEC3CB56E9F}'
- Login entry path '\OptimizerProUpdaterTask{A64FC7CC-5976-49CC-ACD7-3F7235C5BB60}'
- Login entry path '\OptimizerProUpdaterTask{5796A7A6-8A5E-4B3B-91F3-753CF1DDE555}'
- Login entry path '\VaudiXUpdaterTask{B5E53462-63FE-4C8E-9CAF-264467044988}'
- Login entry path '\VaudiXUpdaterTask{B4798F70-715A-4A54-8923-5EE57DEF2FDC}'
- Login entry path '\VaudiXUpdaterTask{661E6B20-E235-4489-8812-4054F50C45E4}'
- Login entry path '\VaudiXUpdaterTask{64FF67CF-4444-469B-A8BF-F5496F20A44F}'
- Login entry path '\VaudiXUpdaterTask{51AF4573-102F-4A71-A667-443D012A2B13}'
- Login entry path '\SaveAsUpdaterTask{CD545A5D-C5A0-4A4E-AD70-5CC454BC5027}'
- Login entry path '\VaudiXUpdaterTask{83C270F8-8D49-459C-A92E-A3EE558D4B2A}'
- Login entry path '\OptimizerProUpdaterTask{C466A580-E8D6-474C-BC39-50E589E23C3D}'
- Login entry path '\VaudiXUpdaterTask{7FFFBB78-0C8E-490E-BEF9-572A319FD65A}'
- Login entry path '\VaudiXUpdaterTask{89D5FC32-83E9-4283-955A-74FFDA2A38CC}'
- Login entry path '\VaudiXUpdaterTask{4E7EF93F-4922-490A-A057-2FCBFF1B3038}'
- Login entry path '\OptimizerProUpdaterTask{69828734-D6A0-4955-8343-3AC70D153464}'
- Login entry path '\OptimizerProUpdaterTask{64BDCE71-B7FE-4CA7-BAEF-2F9721061AE9}'
- Login entry path '\WxDFastUpdaterTask{978530A2-6723-455D-9B03-6407795BBC7C}'
Network connections
[UDP] listens on port 59371
Malware detections
Based on 40+ industry antivirus scanners, 7 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Dr.Web |
8.13.4.14 |
Adware.BGuard.3 |
| Emsisoft Anti-Malware |
3.0.0.575 |
Trojan.Win32.GenUpdater.AMN (A) |
| eSafe |
7.0.17.0 |
Win32.Trojan |
| ESET NOD32 |
7.8223 |
Win32/GenUpdater |
| PC Tools |
9.0.0.2 |
Downloader.Generic |
| Symantec |
20121.3.0.76 |
Downloader |
| VIPRE Antivirus |
16790 |
Trojan.Win32.Generic!BT |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00141964% | |
| Kernel CPU: | 0.00106682% | |
| User CPU: | 0.00035282% | |
| Kernel CPU time: | 221,749 ms/min | |
| CPU cycles: | 109,157/sec | |
| Context switches: | 1/sec | |
| Memory |
| Private memory: | 1.9 MB | |
| Private (maximum): | 4.12 MB | |
| Private (minimum): | 1.4 MB | |
| Non-paged memory: | 1.9 MB | |
| Virtual memory: | 47.33 MB | |
| Virtual memory (peak): | 51.64 MB | |
| Working set: | 1.93 MB | |
| Working set (peak): | 4.9 MB | |
| Page faults: | 2,525/min | |
| I/O |
| I/O read transfer: | 485 Bytes/sec | |
| I/O read operations: | 1/sec | |
| I/O write transfer: | 2 Bytes/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 271 Bytes/sec | |
| I/O other operations: | 6/sec | |
| Resource allocations |
| Threads: | 2 | |
| Handles: | 93 | |
| GUI GDI count: | 4 | |
| GUI USER count: | 1 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command lines: |
- C:\ProgramData\premium\vaudix\vaudix.exe /schedule /profilepath "C:\ProgramData\premium\vaudix\profile.ini"
- C:\ProgramData\premium\optimizerpro\optimizerpro.exe /schedule /profilepath "C:\ProgramData\premium\optimizerpro\profile.ini"
- C:\ProgramData\premium\saveas\saveas.exe /schedule /profilepath "C:\ProgramData\premium\saveas\profile.ini"
- "C:\ProgramData\premium\gadgetbox updater\gadgetbox updater.exe" /schedule /profilepath "C:\ProgramData\premium\gadgetbox updater\profile.ini"
- "C:\Documents and Settings\user\Application data\premium\optimizerpro1\profile.ini"
- "C:\Documents and Settings\user\Application data\premium\vaudix\profile.ini"
- C:\ProgramData\premium\optimizerpro1\optimizerpro1.exe /schedule /profilepath "C:\ProgramData\premium\optimizerpro1\profile.ini"
- (8 more)
|
| Owner: | SYSTEM |
| Parent processes: |
|
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
34.67% |
|
| Windows 7 Ultimate |
30.67% |
|
| Microsoft Windows XP |
14.67% |
|
| Windows 8 Pro |
13.33% |
|
| Windows Vista Home Basic |
4.00% |
|
| Windows Vista Ultimate |
2.67% |
|
Distribution by country
United States installs about 30.67% of optimizerpro1.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
36.84% |
|
| Dell |
31.58% |
|
| ASUS |
21.05% |
|
| GIGABYTE |
10.53% |
|
