The Emsisoft malware research team has discoverd a new outbreak of the  Scanner adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DefragScanner.

Scanner is a rogue application, this is another variant of HDD Low, Disk Repair, Defragmenter, HDD Tools, Smart HDD, HDD Rescue, HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

• %UserProfile%\Desktop\Scanner.lnk
• %UserProfile%\Local Settings\Temp\%random%.exe
• %UserProfile%\Local Settings\Temp\%random%.dll
• %UserProfile%\Local Settings\Temp\%random_number%
• %UserProfile%\Local Settings\Temp\%random_number%.exe
• %UserProfile%\Start Menu\Programs\Scanner\
• %UserProfile%\Start Menu\Programs\Scanner\Scanner.lnk
• %UserProfile%\Start Menu\Programs\Scanner\Uninstall Scanner.lnk

Create new registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  (String) %random% = %UserProfile%\Local Settings\Temp\%random%.exe
  (String) %random% = %UserProfile%\Local Settings\Temp\%random_number%.exe

Screenshots:

How to remove the infection of Scanner (Adware.Win32.DefragScanner)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discoverd a new outbreak of the  HDD Low adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.HDDLow.

HDD Low is a rogue application, this is another variant of Disk Repair, Defragmenter, HDD Tools, Smart HDD, HDD Rescue, HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

• %UserProfile%\Desktop\HDD Low.lnk
• %UserProfile%\Local Settings\Temp\~%random%
• %UserProfile%\Local Settings\Temp\%random%
• %UserProfile%\Local Settings\Temp\%random%.exe
• %UserProfile%\Start Menu\Programs\HDD Low\
• %UserProfile%\Start Menu\Programs\HDD Low\Uninstall HDD Low.lnk
• %UserProfile%\Start Menu\Programs\HDD Low\HDD Low.lnk

Create new registry entry:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  (String) %random% = %UserProfile%\Local Settings\Temp\%random%.exe

Screenshots:

How to remove the infection of HDD Low (Adware.Win32.HDDLow)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discoverd a new outbreak of the  Disk Repair adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DiskRepair.

Disk Repair is a rogue application, this is another variant of Defragmenter, HDD Tools, Smart HDD, HDD Rescue, HDD Plus, HDD Diagnostic, Hard Drive Diagnostic, Disk Doctor, Win Defragmenter, WinDefrag, WinHDD, CheckDisk, Ultra Defragger, Quick Defragmenter, Smart Defragmenter, HDD Defragmenter, and System Defragmenter. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

• %AllUsersProfile%\Application Data\dfrg
• %AllUsersProfile%\Application Data\dfrgr
• %AllUsersProfile%\Application Data\%random%
• %AllUsersProfile%\Application Data\%random%.exe
• %UserProfile%\Desktop\Disk Repair.lnk
• %UserProfile%\Start Menu\Programs\Disk Repair\
• %UserProfile%\Start Menu\Programs\Disk Repair\Disk Repair.lnk
• %UserProfile%\Start Menu\Programs\Disk Repair\Uninstall Disk Repair.lnk

Create new registry entry:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  (String) %random% = %AllUsersProfile%\Application Data\%random%.exe

Screenshots:

How to remove the infection of Disk Repair (Adware.Win32.DiskRepair)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discoverd a new outbreak of the Windows Optimization Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.WindowsOptimizationCenter.

Windows Optimization Center is a rogue security product. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new file:

• %UserProfile%\Application Data\protect.exe

Create/modify registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Policies\System
  (DWORD) EnableLUA = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorAdmin = 0×00000000 (0)
  (DWORD) ConsentPromptBehaviorUser = 0×00000000 (0)
• HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon
  (SZ) Shell = %UserProfile%\Application Data\protect.exe

Screenshots:

How to remove the infection of Windows Optimization Center (Adware.Win32.WindowsOptimizationCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsisoft malware research team has discoverd a new outbreak of the SystemPro 2011 adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemPro2011.

SystemPro 2011 is a rogue security product. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

• %ProgramFiles%\SystemPro\
• %ProgramFiles%\SystemPro\SystemPro.exe
• %UserProfile%\Application Data\SystemPro\
• %UserProfile%\Application Data\SystemPro\activate_hdr_2.png
• %UserProfile%\Application Data\SystemPro\activate_hdr_bg.png
• %UserProfile%\Application Data\SystemPro\at.png
• %UserProfile%\Application Data\SystemPro\balloon_174.png
• %UserProfile%\Application Data\SystemPro\balloon_201.png
• %UserProfile%\Application Data\SystemPro\bg_button_a.png
• %UserProfile%\Application Data\SystemPro\bg_button_span.png
• %UserProfile%\Application Data\SystemPro\blank.gif
• %UserProfile%\Application Data\SystemPro\block_p_01.png
• %UserProfile%\Application Data\SystemPro\block_p_03.png
• %UserProfile%\Application Data\SystemPro\blue.png
• %UserProfile%\Application Data\SystemPro\critical_202.png
• %UserProfile%\Application Data\SystemPro\filder.png
• %UserProfile%\Application Data\SystemPro\i_1.png
• %UserProfile%\Application Data\SystemPro\i_2.png
• %UserProfile%\Application Data\SystemPro\i_3.png
• %UserProfile%\Application Data\SystemPro\level.png
• %UserProfile%\Application Data\SystemPro\loading.gif
• %UserProfile%\Application Data\SystemPro\logo.png
• %UserProfile%\Application Data\SystemPro\m.png
• %UserProfile%\Application Data\SystemPro\off.png
• %UserProfile%\Application Data\SystemPro\on.png
• %UserProfile%\Application Data\SystemPro\pay.gif
• %UserProfile%\Application Data\SystemPro\progressbar.gif
• %UserProfile%\Application Data\SystemPro\progressbar_bg_1.gif
• %UserProfile%\Application Data\SystemPro\prot.png
• %UserProfile%\Application Data\SystemPro\scan_res_icon.png
• %UserProfile%\Application Data\SystemPro\t01.png
• %UserProfile%\Application Data\SystemPro\t02.png
• %UserProfile%\Application Data\SystemPro\update.png
• %UserProfile%\Application Data\SystemPro\w1.png
• %UserProfile%\Application Data\SystemPro\w2.png
• %UserProfile%\Application Data\SystemPro\w3.png
• %UserProfile%\Application Data\SystemPro\w4.png
• %UserProfile%\Application Data\SystemPro\w5.png
• %UserProfile%\Application Data\SystemPro\warning_popup_072.png
• %UserProfile%\Application Data\SystemPro\warning_popup_200.png
• %UserProfile%\Application Data\SystemPro\windows_defender_gradient.png
• %UserProfile%\Application Data\SystemPro\windows_defender_shield.png
• %UserProfile%\Application Data\SystemPro\_001.png
• %UserProfile%\Application Data\SystemPro\_002.png
• %UserProfile%\Application Data\SystemPro\_005.png
• %UserProfile%\Application Data\SystemPro\_006.png
• %UserProfile%\Application Data\SystemPro\_007.png
• %UserProfile%\Application Data\SystemPro\_ico1.png
• %UserProfile%\Application Data\SystemPro\_ico2.png
• %UserProfile%\Application Data\SystemPro\_ico3.png
• %UserProfile%\Application Data\SystemPro\activate_01.png
• %UserProfile%\Application Data\SystemPro\activate_02.png
• %UserProfile%\Application Data\SystemPro\activate_03.png
• %UserProfile%\Application Data\SystemPro\activate_hdr_1.png
• %UserProfile%\Application Data\Uninstall_Security\
• %UserProfile%\Application Data\Uninstall_Security\uninstall_security.lnk
• %UserProfile%\Start Menu\Programs\Startup\SystemPro.lnk
• %UserProfile%\Start Menu\Programs\SystemPro\
• %UserProfile%\Start Menu\Programs\SystemPro\SystemPro.lnk

Create new registry entries:

• HKEY_CURRENT_USER\Software\SystemPro\
  (String) date = “1293027271″
  (Binary) config = 76 36 0A 56 7A 61 39 64…
  (String) scanner = “<scanner><params><last_scan>2010/12/22 21:15</last_scan><removed>0</removed></params>…”

Screenshots:

How to remove the infection of SystemPro 2011 (Adware.Win32.SystemPro2011)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.