PUP.Optional.UniversalPCMechanic
Short bio
GUI of Universal PC Mechanic
Symptoms
Scheduled Task for Universal PC Mechanic
Universal PC Mechanic icons
Type and source of infection
Website trying to scare users into thinking their system is infected
Aftermath
Programs like this might give users a false sense of security, possibly exposing them to malwareinfections. Users should be aware that the telephone numbers displayed by the programs in this family have been found to act as tech support scammers.
Protection
Malwarebytes blocks the Universal PC Mechanic installer.
Malwarebytes blocks the sites that make visitors think their systems are infected.
Remediation
Malwarebytes can detect and remove PUP.Optional.UniversalPCMechanic without further user interaction.
- Please download Malwarebytesto your desktop.
- Double-click MBSetup.exeand follow the prompts to install the program.
- When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantineto remove the found threats.
- Reboot the system if prompted to complete the removal process.
Malwarebytes removal log
A Malwarebytes log of removal will look similar to this:
Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 2/5/18Scan Time: 9:15 AMLog File: b58b0a42-0a4c-11e8-9439-080027750297.jsonAdministrator: Yes-Software Information-Version: 3.3.1.2183Components Version: 1.0.262Update Package Version: 1.0.3870License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 241428Threats Detected: 64Threats Quarantined: 64Time Elapsed: 2 min, 47 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 1PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe, Quarantined, [7622], [486080],1.0.3870Module: 7PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x64\SQLite.Interop.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Microsoft.TeamFoundation.Common.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\System.Data.SQLite.DLL, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\TAFactory.IconPack.dll, Quarantined, [7622], [486080],1.0.3870Registry Key: 7PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Universal PC Mechanic_Logon, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C9BAE049-02D8-43A8-99F1-46825D4C3CDB}, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{C9BAE049-02D8-43A8-99F1-46825D4C3CDB}, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0005F358-4516-4DC1-8E92-0210D7DDA29C}_is1, Quarantined, [7622], [486080],1.0.3870PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\SPCT-PR, Quarantined, [6571], [484509],1.0.3870PUP.Optional.UniversalPCMechanic, HKCU\SOFTWARE\Universal PC Mechanic on{computername}, Quarantined, [7622], [486085],1.0.3870PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\aHR0cDovL3d3dy5zbWFydHN5c3Rvb2xzLmNvbS8=, Quarantined, [6571], [440348],1.0.3870Registry Value: 2PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\SPCT-PR|PXL, Quarantined, [6571], [484509],1.0.3870PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0005F358-4516-4DC1-8E92-0210D7DDA29C}_is1|DISPLAYNAME, Quarantined, [7622], [486086],1.0.3870Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 8PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x64, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x86, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\PROGRAM FILES\Universal PC Mechanic on{computername}, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Universal PC Mechanic on{computername}, Quarantined, [7622], [486081],1.0.3870PUP.Optional.UniversalPCMechanic, C:\PROGRAMDATA\Universal PC Mechanic on{computername}, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}\smico, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\USERS\{username}\APPDATA\ROAMING\Universal PC Mechanic on{computername}, Quarantined, [7622], [486082],1.0.3870File: 39PUP.Optional.UniversalPCMechanic, C:\USERS\PUBLIC\DESKTOP\Universal PC Mechanic.lnk, Quarantined, [7622], [486083],1.0.3870PUP.Optional.UniversalPCMechanic, C:\PROGRAM FILES\Universal PC Mechanic on{computername}\unins000.dat, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\danish_apc_da.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\Dutch_apc_nl.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\english_apc_en.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\finish_apc_fi.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\French_apc_fr.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\german_apc_de.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\italian_apc_it.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\japanese_apc_ja.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\norwegian_apc_no.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\portuguese_apc_ptbr.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\russian_apc_ru.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\spanish_apc_es.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\swedish_apc_sv.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x64\SQLite.Interop.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x86\SQLite.Interop.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\AppRes.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\HtmlRenderer.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\HtmlRenderer.WinForms.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Microsoft.TeamFoundation.Common.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe.config, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\System.Data.SQLite.DLL, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\TAFactory.IconPack.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\TaskScheduler.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\unins000.exe, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\unins000.msg, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\WINDOWS\SYSTEM32\TASKS\Universal PC Mechanic_Logon, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal PC Mechanic on{computername}\Buy Universal PC Mechanic.lnk, Quarantined, [7622], [486081],1.0.3870PUP.Optional.UniversalPCMechanic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal PC Mechanic on{computername}\Uninstall Universal PC Mechanic.lnk, Quarantined, [7622], [486081],1.0.3870PUP.Optional.UniversalPCMechanic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal PC Mechanic on{computername}\Universal PC Mechanic.lnk, Quarantined, [7622], [486081],1.0.3870PUP.Optional.UniversalPCMechanic, C:\ProgramData\Universal PC Mechanic on{computername}\mpc.db, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}\Errorlog.txt, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}\exlist.bin, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}\res.xml, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\USERS\{username}\DESKTOP\USMSETUP.EXE, Quarantined, [7622], [486087],1.0.3870Physical Sector: 0(No malicious items detected)(end)
Add an exclusion
Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.
- Open Malwarebytes for Windows.
- Click the Detection History
- Click the Allow List
- To add an item to the Allow List, click Add.
- Select the exclusion type Allow a file or folderand use the Select a folderbutton to select the main folder for the software that you wish to keep.
- Repeat this for any secondary files or folder(s) that belong to the software.
Traces/IOC
Possible signs in FRST logs:() C:\Program Files\Universal PC Mechanic on{computername}\oscm.exeC:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}C:\Windows\System32\Tasks\Universal PC Mechanic_LogonC:\Users\Public\Desktop\Universal PC Mechanic.lnkC:\ProgramData\Universal PC Mechanic on{computername}C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal PC Mechanic on{computername}C:\Program Files\Universal PC Mechanic on{computername}Universal PC Mechanic (HKLM\...\{0005F358-4516-4DC1-8E92-0210D7DDA29C}_is1) (Version: 1.0.0.1344 - )Task:{C9BAE049-02D8-43A8-99F1-46825D4C3CDB} - System32\Tasks\Universal PC Mechanic_Logon=> C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe [2018-01-31] ()
SHA256: 23B6303B4398C7525AF4F29152180D2551FFAB4310D3C856183A271DF5E31321
Domains: smartsystools.com, commcheck.info
Files: oscm.exe, usmsetup.exe
US phone number: 855-332-0124The name of the program files folder for the programs in this family use the format{name of the program on %computername%}
Note: %computername% is an environmental variablethat is different per computer.