PUP.Optional.Systweak

detection icon

Short bio

PUP.Optional.Systweak is Malwarebytes’ detection name for a family of potentially unwanted program (PUP) that originally presented itself as the optimization software called RegClean Pro. Once executed, it falsely shows users that it has found multiple errors in the registry. It then offers to fix these errors by giving users the option to purchase and download the full version of the software.

Symptoms

PUP.Optional.Systweak uses several Scheduled Tasks to gain persistence.

It also creates a shortcut file to the desktop:

Type and source of infection

PUP.Optional.Systweak can reach user systems via:

  • bundlers

Protection

Malwarebytes protects users from PUP.Optional.Systweak by using real-time protection.”>

Remediation

Malwarebytes can detect and remove PUP.Optional.Systweak without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Traces/IOCs

Associated files:

  • SHA256 B4F4DF28E07E1998746E9FFBE08F5E4607F5541132E856C3511956FB46E16FD9
  • AdvancedIdentityProtector.exe – SHA256 5CE0F79CBF2C20AE4DC1CE3589BF764B39BB29738419E00B6AB8FB993F91E302
  • setup.exe – SHA256 45D9275E9133A93D1DF57F279A5599575674CA65B0AE02B62F7DCAD6922EDF69
  • pcoptsetup_site.exe – SHA256 30205ECBE684484E1107E66BCF40C9B72EEAD41B47D71E34F03D46A9A8F4CA20
  • SHA256 E65736A87B78F43091C1337E6099EC4EB73E88F5AE9379A2556116C79840E22D
  • SHA256 EDBA227B87CA9BA3697A7D191022EDD42B29EC3D320630AFC54112DD0504927A
  • SHA256 8253D04F460DB0DA2CEB25E04DB05ECD8F80741693D1DA1C76D90974C978670D
  • SHA256 E0F0AF7EE8B3862659843CEBE67C0909AF0340A3FE7015D6C15070558F09DF24
  • SHA256 52EC05BDD4A4419A955B22321FF06C2392BFFBBF61D08E62A9C2E1D38A3E2DC7
  • SHA256 3BA66774EFDECC790DB593291442FFC40BB544FD7A3F4178E5388C40955C9AC8
  • SHA256 BF28A8EB57684F7819AE1C76282D26356590559F827EDDB576662BADA1D2C9FC
  • SHA256 0459D2FF37D1D07ECBBEBDFDAFCCD8243F4123311F808D2DE60017181D5349DD
  • SHA256 F6199F7B6003647EB27F4D629A8C219259CF1447D03ACADCE8ECF0A08531956B
  • SHA256 44C3321AB75C0691228BDA0CE4FA154233B23978C9220C33D07B46C1DFB479AB
  • SHA256 FFFA0EA00721F169F3322920B2DE20DC389E9DAFE33005BB678191714105BC01
  • SHA256 117721609F5904E749A3D7FD6575DE52621DA427D68F61862BF9AFC60C992D9F
  • SHA256 3B87CC2AE7661421ADCE87A3A160CAA80D877D3A969F84BF86BA063BB7354733
  • SHA256 768B45DD0A2633C0A9C33A694C138B3CA3CCE350F90A1B61988F5DC5573EB210
  • SHA256 B6541E55AF7EBFDCE5A5424CCD99C581E32F42C509D5EF5CC31BA5A353EF541B
  • sasnative64.exe – SHA256 DF9BEF0F7824CF2E6790C49E2EDBBFB7920D5ACA4E8952BAB489A1077676CBD3
  • pcupdater.exe – SHA256 2CD3D20B405CE08376061233BF4B733BE87B17A96B66FD26D52CA77E8F998367
  • SHA256 EDBA227B87CA9BA3697A7D191022EDD42B29EC3D320630AFC54112DD0504927A
  • SHA256 8275895D8050CAC37E364D4E32D5D47A6685E8CD2C8597B4F8984A02CB429716
  • AdvancedIdentityProtector.exe – SHA256 5CE0F79CBF2C20AE4DC1CE3589BF764B39BB29738419E00B6AB8FB993F91E302
  • DriverUpdater.exe – SHA256 FEE0248D6699FEBBE01385EE55B1376D3ECA7E6E78C61756AD2D152390195AA6
  • Solvusoftdd.exe – SHA256 E9A5309F421ECBAD9A79060FE36C21192843188859CC939CD43B867269EE88CA
  • WinThruster.exe – SHA256 8163BFAE07C868D898E15C6945588520FA595C0D9AA39BB6BEF2218758734BE0
  • roboot64.exe – SHA256 D382A07A0A10522270255107A939EEFDA580C9155628981E4D55899B51B7FFF6
  • SHA256 B11C73C36D173DC92E77608905EADD77D35D1AF835311D74432755C5D2415FBC
  • SHA256 CF9656C15A83BA148F93FB75178173DF69076929217BBB063C42CF62F51D51DB
  • SHA256 E1AC490122AED765AD05870794591EDAD397943CE17E9E226CC854DB68232D13
  • SHA256 A11834C86FC3777489F6AEBC50093DBC5A8691C804104C2EE2453B4376CB1AAD
  • SHA256 43FB8F51733A2D165240985947B06B80CB033226D7BFB035D250119AA5E39DFE
  • SHA256 8275895D8050CAC37E364D4E32D5D47A6685E8CD2C8597B4F8984A02CB429716
  • AdvancedIdentityProtector.exe – SHA256 9EAD05403C26D7BD78CA510EC4D6DBF2C0468E23E6F24DF6AADF905DDD8D2F25
  • SHA256 99B65932A84213257DD91860AD2F0556370732ACC88B55071CE868858DF87D56
  • WinThruster_2016_Setup.exe – SHA256 E86B57B00BE3D193E1DECF1892B365E76DC89BE34981C2E8458BC58393B18757
  • RegCleanPro.exe – SHA256 8C6E8E4E0795C49AF5150C0A35E716E5D209C74EE2984FBFBD061801058A6E0B
  • roboot64.exe – SHA256 638A4EB9676F88272FE73F60B89FB776CFDCCEC40BD4E23178DEA7D379C52ECC
  • SystemCleaner.exe – SHA256 54A12FDEB5836C4333A39CE9049FC35CD959E961BC66C8B6ADDF83C1BD323E65
detection icon

Related blog content

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams