PUP.Optional.UniversalPCMechanic

detection icon

Short bio

main GUI

GUI of Universal PC Mechanic

Symptoms

scheduled task

Scheduled Task for Universal PC Mechanic

icons

Universal PC Mechanic icons

Aftermath

Programs like this might give users a false sense of security, possibly exposing them to malwareinfections. Users should be aware that the telephone numbers displayed by the programs in this family have been found to act as tech support scammers.

Protection

Malwarebytes blocks the Universal PC Mechanic installer.

block betteradssoftware.com

Malwarebytes blocks the sites that make visitors think their systems are infected.

Remediation

Malwarebytes can detect and remove PUP.Optional.UniversalPCMechanic without further user interaction.

  1. Please download Malwarebytesto your desktop.
  2. Double-click MBSetup.exeand follow the prompts to install the program.
  3. When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantineto remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

A Malwarebytes log of removal will look similar to this:

Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 2/5/18Scan Time: 9:15 AMLog File: b58b0a42-0a4c-11e8-9439-080027750297.jsonAdministrator: Yes-Software Information-Version: 3.3.1.2183Components Version: 1.0.262Update Package Version: 1.0.3870License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 241428Threats Detected: 64Threats Quarantined: 64Time Elapsed: 2 min, 47 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 1PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe, Quarantined, [7622], [486080],1.0.3870Module: 7PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x64\SQLite.Interop.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Microsoft.TeamFoundation.Common.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\System.Data.SQLite.DLL, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\TAFactory.IconPack.dll, Quarantined, [7622], [486080],1.0.3870Registry Key: 7PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Universal PC Mechanic_Logon, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C9BAE049-02D8-43A8-99F1-46825D4C3CDB}, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{C9BAE049-02D8-43A8-99F1-46825D4C3CDB}, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0005F358-4516-4DC1-8E92-0210D7DDA29C}_is1, Quarantined, [7622], [486080],1.0.3870PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\SPCT-PR, Quarantined, [6571], [484509],1.0.3870PUP.Optional.UniversalPCMechanic, HKCU\SOFTWARE\Universal PC Mechanic on{computername}, Quarantined, [7622], [486085],1.0.3870PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\aHR0cDovL3d3dy5zbWFydHN5c3Rvb2xzLmNvbS8=, Quarantined, [6571], [440348],1.0.3870Registry Value: 2PUP.Optional.MasterPCCleaner, HKLM\SOFTWARE\SPCT-PR|PXL, Quarantined, [6571], [484509],1.0.3870PUP.Optional.UniversalPCMechanic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0005F358-4516-4DC1-8E92-0210D7DDA29C}_is1|DISPLAYNAME, Quarantined, [7622], [486086],1.0.3870Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 8PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x64, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x86, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\PROGRAM FILES\Universal PC Mechanic on{computername}, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Universal PC Mechanic on{computername}, Quarantined, [7622], [486081],1.0.3870PUP.Optional.UniversalPCMechanic, C:\PROGRAMDATA\Universal PC Mechanic on{computername}, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}\smico, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\USERS\{username}\APPDATA\ROAMING\Universal PC Mechanic on{computername}, Quarantined, [7622], [486082],1.0.3870File: 39PUP.Optional.UniversalPCMechanic, C:\USERS\PUBLIC\DESKTOP\Universal PC Mechanic.lnk, Quarantined, [7622], [486083],1.0.3870PUP.Optional.UniversalPCMechanic, C:\PROGRAM FILES\Universal PC Mechanic on{computername}\unins000.dat, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\danish_apc_da.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\Dutch_apc_nl.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\english_apc_en.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\finish_apc_fi.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\French_apc_fr.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\german_apc_de.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\italian_apc_it.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\japanese_apc_ja.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\norwegian_apc_no.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\portuguese_apc_ptbr.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\russian_apc_ru.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\spanish_apc_es.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\langs\swedish_apc_sv.ini, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x64\SQLite.Interop.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\x86\SQLite.Interop.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\AppRes.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\HtmlRenderer.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\HtmlRenderer.WinForms.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Interop.IWshRuntimeLibrary.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Microsoft.TeamFoundation.Common.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\Microsoft.Win32.TaskScheduler.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe.config, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\System.Data.SQLite.DLL, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\TAFactory.IconPack.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\TaskScheduler.dll, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\unins000.exe, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Program Files\Universal PC Mechanic on{computername}\unins000.msg, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\WINDOWS\SYSTEM32\TASKS\Universal PC Mechanic_Logon, Quarantined, [7622], [486080],1.0.3870PUP.Optional.UniversalPCMechanic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal PC Mechanic on{computername}\Buy Universal PC Mechanic.lnk, Quarantined, [7622], [486081],1.0.3870PUP.Optional.UniversalPCMechanic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal PC Mechanic on{computername}\Uninstall Universal PC Mechanic.lnk, Quarantined, [7622], [486081],1.0.3870PUP.Optional.UniversalPCMechanic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal PC Mechanic on{computername}\Universal PC Mechanic.lnk, Quarantined, [7622], [486081],1.0.3870PUP.Optional.UniversalPCMechanic, C:\ProgramData\Universal PC Mechanic on{computername}\mpc.db, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}\Errorlog.txt, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}\exlist.bin, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}\res.xml, Quarantined, [7622], [486082],1.0.3870PUP.Optional.UniversalPCMechanic, C:\USERS\{username}\DESKTOP\USMSETUP.EXE, Quarantined, [7622], [486087],1.0.3870Physical Sector: 0(No malicious items detected)(end)

Add an exclusion

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select the exclusion type Allow a file or folderand use the Select a folderbutton to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary files or folder(s) that belong to the software.

If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use theBrowse button to select the file you wish to grant access.

Traces/IOC

Possible signs in FRST logs:() C:\Program Files\Universal PC Mechanic on{computername}\oscm.exeC:\Users\{username}\AppData\Roaming\Universal PC Mechanic on{computername}C:\Windows\System32\Tasks\Universal PC Mechanic_LogonC:\Users\Public\Desktop\Universal PC Mechanic.lnkC:\ProgramData\Universal PC Mechanic on{computername}C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal PC Mechanic on{computername}C:\Program Files\Universal PC Mechanic on{computername}Universal PC Mechanic (HKLM\…\{0005F358-4516-4DC1-8E92-0210D7DDA29C}_is1) (Version: 1.0.0.1344 – )Task:{C9BAE049-02D8-43A8-99F1-46825D4C3CDB} – System32\Tasks\Universal PC Mechanic_Logon=> C:\Program Files\Universal PC Mechanic on{computername}\oscm.exe [2018-01-31] ()

SHA256: 23B6303B4398C7525AF4F29152180D2551FFAB4310D3C856183A271DF5E31321

Domains: smartsystools.com, commcheck.info

Files: oscm.exe, usmsetup.exe

US phone number: 855-332-0124The name of the program files folder for the programs in this family use the format{name of the program on %computername%}

Note: %computername% is an environmental variablethat is different per computer.

detection icon

Related blog content

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams