1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: PUA.Optimizer Pro Installer Download 2

System Infected: PUA.Optimizer Pro Installer Download 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the Optimizer Pro activity on the system.

Additional Information

OptimizerPro is a potentially unwanted application that scans for potential problems on the computer.
This potentially unwanted application must be downloaded and executed manually.

When the program is executed, it creates the following files:
%UserProfile%\Desktop\Optimizer Pro.lnk
%UserProfile%\My Documents\Optimizer Pro\CookiesException.txt
%UserProfile%\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk
%UserProfile%\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk
%UserProfile%\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk
%UserProfile%\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk
%UserProfile%\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk
%ProgramFiles%\Optimizer Pro\bg_new1.bmp
%ProgramFiles%\Optimizer Pro\CookiesException.txt
%ProgramFiles%\Optimizer Pro\English.ini
%ProgramFiles%\Optimizer Pro\file_id.diz
%ProgramFiles%\Optimizer Pro\HomePage.url
%ProgramFiles%\Optimizer Pro\itdownload.dll
%ProgramFiles%\Optimizer Pro\OptimizerPro.chm
%ProgramFiles%\Optimizer Pro\OptimizerPro.exe
%ProgramFiles%\Optimizer Pro\OptProGuard.exe
%ProgramFiles%\Optimizer Pro\OptProHelper.dll
%ProgramFiles%\Optimizer Pro\OptProLauncher.exe
%ProgramFiles%\Optimizer Pro\OptProReminder.exe
%ProgramFiles%\Optimizer Pro\OptProSchedule.exe
%ProgramFiles%\Optimizer Pro\OptProSmartScan.exe
%ProgramFiles%\Optimizer Pro\OptProStart.exe
%ProgramFiles%\Optimizer Pro\OptProUninstaller.exe
%ProgramFiles%\Optimizer Pro\scan.gif
%ProgramFiles%\Optimizer Pro\sqlite3.dll
%ProgramFiles%\Optimizer Pro\StartupList.txt
%ProgramFiles%\Optimizer Pro\unins000.dat
%ProgramFiles%\Optimizer Pro\unins000.exe
%ProgramFiles%\Optimizer Pro\unins000.msg

Next, the program creates the following registry subkey:
HKEY_CURRENT_USER\Software\Optimizer Pro

Next, the program will scan the computer for the following items:
Invalid registry entries
Temporary Internet files and folders
Web history and cookies
Residual files
Invalid shortcuts

Affected

  • Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Response

No further action is required but you may wish to perform some of the following actions as a precautionary measure.
Run the Norton Power Eraser. (home users)
Run the Symantec Power Eraser. (business users)
Update your product definitions and perform a full system scan.
Submit suspicious files to Symantec for analysis.

If you believe that the signature is reported erroneously, please read the following:
Report a potential false positive to Symantec.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube