Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

ADWARE.PERFECTOPTIMIZER.RLK

 

 

 

Name:

Adware.Perfectoptimizer.rlk

Added:

April 27, 2011

Type:

Adware

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When Adware.Perfectoptimizer.rlk is executed, it performs the following activities:

It installs a fake security program named 'Perfect Optimizer 5'. Perfect Optimizer 5 is designed to look and act like a legitimate security Software. Once installed on your computer, it will try to scare the user by displaying fake security alerts and infections.

Perfect Optimizer 5 will look as follows:

Thirtyseven4 Antivirus Protects Against Perfect Optimizer 5

It drops the following files:

%Windir%\Tasks\PerfectOptimizer_Home.Job
%ProgramFiles%\Perfect Optimizer\unins000.dat
%ProgramFiles%\Perfect Optimizer\unins000.exe
%ProgramFiles%\Perfect Optimizer\Data\Service\campus_model.bat
%ProgramFiles%\Perfect Optimizer\Data\Service\default_model.bat
%ProgramFiles%\Perfect Optimizer\Data\Service\home_model.bat
%ProgramFiles%\Perfect Optimizer\Data\Service\interner_model.bat
%ProgramFiles%\Perfect Optimizer\Data\Service\notebook_model.bat
%ProgramFiles%\Perfect Optimizer\Data\Service\office_model.bat
%ProgramFiles%\Perfect Optimizer\config\about.bmp
%ProgramFiles%\Perfect Optimizer\config\head.bmp
%ProgramFiles%\Perfect Optimizer\config\Lng2Const.xml
%ProgramFiles%\Perfect Optimizer\config\logo.ico
%ProgramFiles%\Perfect Optimizer\config\Menu.xml
%ProgramFiles%\Perfect Optimizer\config\PerfectOptimzer.chm
%ProgramFiles%\Perfect Optimizer\config\register.jpg
%ProgramFiles%\Perfect Optimizer\config\SmallLogo.bmp
%ProgramFiles%\Perfect Optimizer\config\splash.jpg
%ProgramFiles%\Perfect Optimizer\config\website.url
%ProgramFiles%\Perfect Optimizer\ActiveX.dat
%ProgramFiles%\Perfect Optimizer\Apps.dat
%ProgramFiles%\Perfect Optimizer\Components.dat
%ProgramFiles%\Perfect Optimizer\website.url
%ProgramFiles%\Perfect Optimizer\PerfectOptimizer.exe
%ProgramFiles%\Perfect Optimizer\ActiveXSecurity.dll
%ProgramFiles%\Perfect Optimizer\DriverBackup.dll
%ProgramFiles%\Perfect Optimizer\FileShred.dll
%ProgramFiles%\Perfect Optimizer\JunkFileClean.dll
%ProgramFiles%\Perfect Optimizer\SystemBackup.dll
%ProgramFiles%\Perfect Optimizer\SEClean.DLL
%ProgramFiles%\Perfect Optimizer\SERes.DLL
%ProgramFiles%\Perfect Optimizer\Update.exe
%ProgramFiles%\Perfect Optimizer\MiracleLib.dll
%ProgramFiles%\Perfect Optimizer\WinUpdate.exe
%ProgramFiles%\Perfect Optimizer\License.dll
%ProgramFiles%\Perfect Optimizer\FreeUse.dll
%ProgramFiles%\Perfect Optimizer\aamd532.dll
%ProgramFiles%\Perfect Optimizer\Config.db
%ProgramFiles%\Perfect Optimizer\sqlite3.dll
%ProgramFiles%\Perfect Optimizer\InstallDll.dll
%ProgramFiles%\Perfect Optimizer\PerfectOptimizer.ini

It also creates/modifies the following registry entries:

ImagePath = "%ProgramFiles%\Perfect Optimizer\PerfectOptimizer.exe"
HKLM\Software\Weskysoft\PerfectOptimizer\5.2.6

Default = "%ProgramFiles%\Perfect Optimizer\PerfectOptimizer.exe "%1""
HKLM\Software\Classes\pofile\Shell\Open\Command

Default = "%ProgramFiles%\Perfect Optimizer\PerfectOptimizer.exe"
HKLM\Software\Classes\pofile\DefaultIcon

Default = "Perfect Optimizer License"
HKLM\Software\Classes\pofile

HKLM\Software\Weskysoft\Perfect Optimizer\5.2
HKLM\Software\Weskysoft\PerfectOptimizer\5.2.6
HKLM\Software\Weskysoft\PerfectOptimizer\6.0

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4