ASC8 many viruses in files

[xxxy]

Welcome

I chceck my system for security and stability etc. and find this not so googd elements from Iobit -ASC 8 and his downloaded&installed components

http://i.imgur.com/Ro8BzOK.jpg

 

And in details looks that:

https://www.virustotal.com/pl/file/77f02bc235e6ec5dea903596c525d9e1286205d3f1e50094d001168f9e8245f8/analysis/ [TABLE]

[TR]

[TD]SHA256:[/TD]

[TD]77f02bc235e6ec5dea903596c525d9e1286205d3f1e50094d001168f9e8245f8[/TD]

[/TR]

[TR]

[TD]Nazwa pliku:[/TD]

[TD]CLIStart.exe[/TD]

[/TR]

[TR]

[TD]Wspó?czynnik wykrycia:[/TD]

[TD=class: text-red]1 / 56[/TD]

[/TR]

[TR]

[TD]Data analizy:[/TD]

[TD]2015-05-13 16:26:14 UTC ( 2 tygodnie, 3 dni temu )[/TD]

[/TR]

[/TABLE]

[TABLE=class: table table-striped]

[TR]

[TD=class: ltr]TheHacker[/TD]

[TD=class: ltr text-red]Trojan/Kryptik.apb[/TD]

[TD=class: ltr]20150511[/TD]

[/TR]

[/TABLE]

[h=5]Developer metadata[/h] Copyright

© 2008 Advanced Micro Devices, Inc.

 

Publisher Advanced Micro Devices, Inc.

Product Catalyst® Control Center

Original name CLIStart.exe

Internal name CLIStart

File version 1, 0, 0, 1

Description Catalyst® Control Center Launcher

 

[h=5]PE header basic information[/h] Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2010-01-14 02:58:59

Link date 3:58 AM 1/14/2010

Entry Point 0x00001F8B

Number of sections 4

 

[h=5]PE sections[/h] Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 28264 28672 6.58 8872fbebb6362ea9d77fc9ffd4e6f08e

.rdata 32768 10428 12288 5.00 49b506a08ef4fbec19f5c61f8eb52d7a

.data 45056 6492 4096 2.29 94a64b84ac539128d76fd51a8e983aee

.rsrc 53248 46664 49152 3.01 21399503e4affa80c18ef01b32a2ab42

 

[h=5]PE imports[/h] [+] ADVAPI32.dll

 

[+] KERNEL32.dll

 

[+] USER32.dll

 

 

[h=5]Number of PE resources by type[/h] RT_ICON 6

RT_MANIFEST 1

RT_VERSION 1

RT_GROUP_ICON 1

 

[h=5]Number of PE resources by language[/h] ENGLISH US 9

 

[h=5]File identification[/h] MD5 debba6f9aa45ba0380c67bf66fe71b6b

SHA1 417120799cc7ff65d945fee2b83b1c3aa5f4d27e

SHA256 77f02bc235e6ec5dea903596c525d9e1286205d3f1e50094d001168f9e8245f8

ssdeep

768:UGQTXyNzOi/MZsdXt32ArofkqMTkASHijyGFleprWv1tl+qqqqqqqqjxk3dWAm:PQPkXZCf4kA2wAQtlExk3cAm

 

authentihash bb42eb4701ddc4ae19f6edc1dc4b5162a21f155643b5ebb1f840afe9abdb17e0

imphash 311ef1ca7f5b0cbff8421e7b0da5a185

File size 96.0 KB ( 98304 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

 

[TABLE]

[TR]

[TD=class: field-key]TrID[/TD]

[TD=class: field-value]Win32 Executable MS Visual C++ (generic) (67.3%)

Win32 Dynamic Link Library (generic) (14.2%)

Win32 Executable (generic) (9.7%)

Generic Win/DOS Executable (4.3%)

DOS Executable Generic (4.3%)[/TD]

[/TR]

[/TABLE]

 

Tags

peexe

 

 

[h=5]VirusTotal metadata[/h] First submission 2010-05-08 08:45:41 UTC ( 5 lat temu )

Last submission 2015-05-13 16:26:14 UTC ( 2 tygodnie, 3 dni temu )

[TABLE]

[TR]

[TD=class: field-key]Nazwy plików[/TD]

[TD=class: field-value]CLIStart.exe

CLISTART.EXE

CLIStart

file-5356302_ex_

CLIStart.exe

clistart.exe

clistart.exe

CLIStart.exe

clistart.exe[/TD]

[/TR]

[/TABLE]

 

 

[h=5]Advanced heuristic and reputation engines[/h] ClamAV PUA

Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

 

Symantec reputation Suspicious.Insight

 

Other files

https://www.virustotal.com/pl/file/74e4470765affc9661fd23222e2af08ba293120c9576bc4793b2c9338c814da4/analysis/ [TABLE]

[TR]

[TD]SHA256:[/TD]

[TD]74e4470765affc9661fd23222e2af08ba293120c9576bc4793b2c9338c814da4[/TD]

[/TR]

[TR]

[TD]Nazwa pliku:[/TD]

[TD]ppwhw3ybu4ruysgnla5slmzo6rphqsro.dll[/TD]

[/TR]

[TR]

[TD]Wspó?czynnik wykrycia:[/TD]

[TD=class: text-red]1 / 56[/TD]

[/TR]

[TR]

[TD]Data analizy:[/TD]

[TD]2015-04-08 19:52:01 UTC ( 1 miesi?c, 3 tygodnie temu )[/TD]

[/TR]

[/TABLE]

 

 

[TABLE=class: table table-striped]

[TR]

[TD=class: ltr]DrWeb[/TD]

[TD=class: ltr text-red]Program.Unwanted.276[/TD]

[TD=class: ltr]20150408[/TD]

[/TR]

[/TABLE]

[h=5]Authenticode signature block[/h] Copyright

Copyright 2015

 

Publisher IObit Information Technology

Product ASCExtMenu Module

Original name ASCExtMenu.DLL

Internal name ASCExtMenu

File version 8, 0, 0, 2

Description ASCExtMenu Module

Signature verification Signed file, verified signature

Signing date 10:23 AM 1/19/2015

[TABLE]

[TR]

[TD=class: field-key]Signers[/TD]

[TD] [+] IObit Information Technology

[+] VeriSign Class 3 Code Signing 2010 CA

[+] VeriSign

[/TD]

[/TR]

[/TABLE]

 

[TABLE]

[TR]

[TD=class: field-key]Counter signers[/TD]

[TD] [+] Symantec Time Stamping Services Signer - G4

[+] Symantec Time Stamping Services CA - G2

[+] Thawte Timestamping CA

[/TD]

[/TR]

[/TABLE]

 

 

[h=5]PE header basic information[/h] Target machine x64

Compilation timestamp 2015-01-19 06:11:40

Entry Point 0x0000D474

Number of sections 6

 

[h=5]PE sections[/h] Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 101522 101888 6.35 f56f7c63620f5d255e6d5d8681f4de08

.rdata 106496 32233 32256 4.67 c580c9e6c8ba2fb858bf84b7b31d3376

.data 139264 16192 7680 2.72 14e38f6f3e7dd867c933ab3cbc9071d0

.pdata 155648 5124 5632 4.89 62cfe7afd5da00554e0a10f25b236418

.rsrc 163840 17668 17920 5.63 0ae5d1ef8f53c0b82b7d50f9139d140d

.reloc 184320 1566 2048 3.12 0db3f7925ad3bc8200d19cb36b6f921f

 

[h=5]PE imports[/h] [+] ADVAPI32.dll

 

[+] GDI32.dll

 

[+] KERNEL32.dll

 

[+] OLEAUT32.dll

 

[+] SHELL32.dll

 

[+] SHLWAPI.dll

 

[+] USER32.dll

 

[+] ole32.dll

 

 

[h=5]PE exports[/h] DllCanUnloadNow

DllGetClassObject

DllRegisterServer

DllUnregisterServer

 

[h=5]Number of PE resources by type[/h] RT_ICON 4

RT_GROUP_ICON 4

RT_BITMAP 2

TYPELIB 1

RT_MANIFEST 1

RT_STRING 1

REGISTRY 1

RT_VERSION 1

 

[h=5]Number of PE resources by language[/h] CHINESE SIMPLIFIED 14

ENGLISH US 1 [h=5]ExifTool file metadata[/h] CodeSize

101888

 

SubsystemVersion

5.2

 

InitializedDataSize

65536

 

ImageVersion

0.0

 

ProductName

ASCExtMenu Module

 

FileVersionNumber

8.0.0.2

 

UninitializedDataSize

0

 

LanguageCode

English (U.S.)

 

FileFlagsMask

0x003f

 

CharacterSet

Unicode

 

LinkerVersion

9.0

 

OriginalFilename

ASCExtMenu.DLL

 

MIMEType

application/octet-stream

 

Subsystem

Windows GUI

 

FileVersion

8, 0, 0, 2

 

TimeStamp

2015:01:19 07:11:40+01:00

 

FileType

Win64 DLL

 

PEType

PE32+

 

InternalName

ASCExtMenu

 

ProductVersion

8, 0, 0, 0

 

FileDescription

ASCExtMenu Module

 

OSVersion

5.2

 

FileOS

Win32

 

LegalCopyright

Copyright 2015

 

MachineType

AMD AMD64

 

CompanyName

IObit

 

LegalTrademarks

IObit

 

FileSubtype

0

 

ProductVersionNumber

8.0.0.0

 

EntryPoint

0xd474

 

ObjectFileType

Dynamic link library

 

 

 

 

https://www.virustotal.com/pl/file/43f764f03addaa3b6fcc3469d77f69486ab69899e41be49901752608d599e8d6/analysis/ [TABLE]

[TR]

[TD]SHA256:[/TD]

[TD]43f764f03addaa3b6fcc3469d77f69486ab69899e41be49901752608d599e8d6[/TD]

[/TR]

[TR]

[TD]Nazwa pliku:[/TD]

[TD]iobituninstaller.exe[/TD]

[/TR]

[TR]

[TD]Wspó?czynnik wykrycia:[/TD]

[TD=class: text-red]3 / 54[/TD]

[/TR]

[TR]

[TD]Data analizy:[/TD]

[TD]2015-05-30 16:47:23 UTC ( 21 minut temu )

[/TD]

[/TR]

[/TABLE]

 

 

[TABLE=class: table table-striped]

[TR]

[TD=class: ltr]DrWeb[/TD]

[TD=class: ltr text-red]Program.Unwanted.276[/TD]

[TD=class: ltr]20150530[/TD]

[/TR]

[TR]

[TD=class: ltr]GData[/TD]

[TD=class: ltr text-red]Win32.Adware.iObit.A[/TD]

[TD=class: ltr]20150530[/TD]

[/TR]

[TR]

[TD=class: ltr]TrendMicro-HouseCall[/TD]

[TD=class: ltr text-red]Suspicious_GEN.F47V0505[/TD]

[TD=class: ltr]20150530

[/TD]

[/TR]

[/TABLE]

[h=5]Authenticode signature block[/h] Copyright

Copyright© 2005-2015

 

Publisher IObit Information Technology

Product Uninstall Programs

File version 4.3.0.122

Description Uninstall Programs

Signature verification Signed file, verified signature

Signing date 6:13 AM 5/5/2015

[TABLE]

[TR]

[TD=class: field-key]Signers[/TD]

[TD] [+] IObit Information Technology

[+] VeriSign Class 3 Code Signing 2010 CA

[+] VeriSign

[/TD]

[/TR]

[/TABLE]

 

[TABLE]

[TR]

[TD=class: field-key]Counter signers[/TD]

[TD] [+] Symantec Time Stamping Services Signer - G4

[+] Symantec Time Stamping Services CA - G2

[+] Thawte Timestamping CA

[/TD]

[/TR]

[/TABLE]

 

 

[h=5]PE header basic information[/h] Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2015-05-05 05:12:02

Entry Point 0x00312044

Number of sections 10

 

[h=5]PE sections[/h] Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 3205196 3205632 6.43 9f4a886ca082821e363605403382a671

.itext 3211264 9448 9728 5.93 d5c7af0f124b1000e8e982be48f25ff7

.data 3223552 111504 111616 6.56 5a14063de5a855b6e07b94c5152e7db6

.bss 3338240 237284 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.idata 3575808 20964 20992 5.28 e5ed77c057469b83e8479bcde7f85bb4

.edata 3600384 87 512 1.01 f4ab88aa1478b0c663c21e8adbdf7999

.tls 3604480 284 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rdata 3608576 24 512 0.19 f8b015a43a7f929511a46877e6519f59

.reloc 3612672 183604 183808 6.69 fdb743eec178469b284872a1ab311cec

.rsrc 3796992 12348444 12348928 7.96 91e2a5ff57c2d96cd8c8cf03cd67da97

 

[h=5]Overlays[/h] MD5 7a264ee6971a045170791042feae2ece

File type data

Offset 15882752

Size 6432

Entropy 7.31

 

[h=5]PE imports[/h] [+] Kernel32.dll

 

[+] advapi32.dll

 

[+] comctl32.dll

 

[+] comdlg32.dll

 

[+] crypt32.dll

 

[+] gdi32.dll

 

[+] kernel32.dll

 

[+] mpr.dll

 

[+] msimg32.dll

 

[+] msvcrt.dll

 

[+] ntdll.dll

 

[+] ole32.dll

 

[+] oleaut32.dll

 

[+] shell32.dll

 

[+] shlwapi.dll

 

[+] user32.dll

 

[+] version.dll

 

[+] wininet.dll

 

[+] winmm.dll

 

[+] winspool.drv

 

[+] wsock32.dll

 

[+] wtsapi32.dll

 

 

[h=5]PE exports[/h] madTraceProcess

 

[h=5]Number of PE resources by type[/h] RT_STRING 35

RT_BITMAP 33

RT_RCDATA 28

RT_ICON 10

RT_GROUP_CURSOR 7

RT_CURSOR 7

RT_DIALOG 2

MAD 2

RT_MANIFEST 1

RT_VERSION 1

RT_GROUP_ICON 1

 

[h=5]Number of PE resources by language[/h] NEUTRAL 75

ENGLISH US 51

CHINESE SIMPLIFIED 1

 

[h=5]ExifTool file metadata[/h] CodeSize

3215360

 

SubsystemVersion

5.0

 

InitializedDataSize

12666368

 

ImageVersion

0.0

 

ProductName

Uninstall Programs

 

FileVersionNumber

4.3.0.122

 

UninitializedDataSize

0

 

LanguageCode

English (U.S.)

 

FileFlagsMask

0x003f

 

CharacterSet

Windows, Latin1

 

LinkerVersion

2.25

 

FileTypeExtension

exe

 

MIMEType

application/octet-stream

 

Subsystem

Windows GUI

 

FileVersion

4.3.0.122

 

TimeStamp

2015:05:05 06:12:02+01:00

 

FileType

Win32 EXE

 

PEType

PE32

 

ProductVersion

4.0.0.0

 

FileDescription

Uninstall Programs

 

OSVersion

5.0

 

FileOS

Win32

 

LegalCopyright

Copyright© 2005-2015

 

MachineType

Intel 386 or later, and compatibles

 

CompanyName

IObit

 

LegalTrademarks

IObit

 

FileSubtype

0

 

ProductVersionNumber

4.3.0.122

 

EntryPoint

0x312044

 

ObjectFileType

Executable application [h=5]File identification[/h] MD5 eaf81df89378481017c388f790d4fb84

SHA1 7b59eec6f692a5304c07a40b14e7cdf0c214bbfc

SHA256 43f764f03addaa3b6fcc3469d77f69486ab69899e41be49901752608d599e8d6

ssdeep

393216:mn/bWxkJoB4TbOL/YU4LUeCsVGwOdbYOJ5RXRMjNyChVIQQsRR6GL:mn9VTbVU41V4d5J5NcMSj

 

authentihash 939025ff8a0df0b30b9b5c1c3db5308079264aad73e3504bbc09373c87c9e651

imphash a5a227ea7c33ea698d4f7b1e1fdbc889

File size 15.2 MB ( 15889184 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

 

[TABLE]

[TR]

[TD=class: field-key]TrID[/TD]

[TD=class: field-value]Win32 Executable (generic) (42.5%)

Win16/32 Executable Delphi generic (19.5%)

Generic Win/DOS Executable (18.9%)

DOS Executable Generic (18.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)[/TD]

[/TR]

[/TABLE]

 

Tags

peexe signed overlay

 

 

[h=5]VirusTotal metadata[/h] First submission 2015-05-05 05:55:20 UTC ( 3 tygodnie, 4 dni temu )

Last submission 2015-05-30 16:47:23 UTC ( 21 minut temu )

[TABLE]

[TR]

[TD=class: field-key]Nazwy plików[/TD]

[TD=class: field-value]iobituninstaller (1).exe

iobituninstaller.exe

iobituninstaller installiert sich.exe

iobituninstaller_3.exe

IObitUninstaler.exe

iobituninstaller.exe

iobituninstaler.exe

IObitUninstaler.exe

iobituninstaller(1).exe

iobituninstaller.exe

IObit-Uninstaller-4.3.0.122-RainbowSky.ru.exe

Iobit_Uninstaller_v4.3.0.122.exe

EAF81DF89378481017C388F790D4FB84

583-iobituninstaller.exe

iobituninstaller_2.exe

IObitUninstaller201505051314.exe

iobituninstaller4.3.0.122.exe

IObit Uninstaller 4.3.0.122.exe

IObit Uninstaller 4.3.exe

iobituninstaller.exe

iobituninstaller.exe

IObit Uninstaller 4.3.0.122 Final.exe

IObitUninstaler.exe

IObit Uninstaller.exe[/TD]

[/TR]

[/TABLE]

 

 

[h=5]Advanced heuristic and reputation engines[/h] [h=5]Deleted files[/h] C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\43f764f03addaa3b6fcc3469d77f69486ab69899e41be49901752608d599e8d6.madExcept\. (failed)

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\43f764f03addaa3b6fcc3469d77f69486ab69899e41be49901752608d599e8d6.madExcept\.. (failed)

 

[h=5]Created mutexes[/h] madExceptSettingsMtx$794 (successful)

madToolsMsgHandlerMutex$340$417fcc (successful)

IObit_Uninstall (successful)

 

[h=5]Runtime DLLs[/h] c:\windows\system32\imm32.dll (successful)

imm32.dll (successful)

gdiplus.dll (successful)

kernel32.dll (successful)

wtsapi32.dll (successful)

olepro32.dll (successful)

msi.dll (successful)

oleaut32.dll (successful)

uxtheme.dll (successful)

user32.dll (successful)

 

 

[h=5]Additional details[/h] The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.

 

[h=5]UDP communications[/h] 191.233.81.105:123

 

 

https://www.virustotal.com/pl/file/0b136e068b56567635dfd5bde350b43790002357e35be175c94a82f701e55098/analysis/

 

[TABLE]

[TR]

[TD]SHA256:[/TD]

[TD]0b136e068b56567635dfd5bde350b43790002357e35be175c94a82f701e55098[/TD]

[/TR]

[TR]

[TD]Nazwa pliku:[/TD]

[TD]ASCService.exe[/TD]

[/TR]

[TR]

[TD]Wspó?czynnik wykrycia:[/TD]

[TD=class: text-red]2 / 57[/TD]

[/TR]

[TR]

[TD]Data analizy:[/TD]

[TD]2015-05-21 09:34:30 UTC ( 1 tydzie?, 2 dni temu )[/TD]

[/TR]

[/TABLE]

[TABLE=class: table table-striped]

[TR]

[TD=class: ltr]DrWeb[/TD]

[TD=class: ltr text-red]Program.Unwanted.276[/TD]

[TD=class: ltr]20150521[/TD]

[/TR]

[TR]

[TD=class: ltr]GData[/TD]

[TD=class: ltr text-red]Win32.Adware.iObit.A[/TD]

[TD=class: ltr]20150521

 

[/TD]

[/TR]

[/TABLE]

 

 

 

Copyright

Copyright© 2009-2015

 

Publisher IObit Information Technology

Product Advanced SystemCare

Original name Advanced SystemCare Service

File version 8.0.0.20

Description Advanced SystemCare Service

Signature verification Signed file, verified signature

Signing date 8:42 AM 4/3/2015

[TABLE]

[TR]

[TD=class: field-key]Signers[/TD]

[TD] [+] IObit Information Technology

[+] VeriSign Class 3 Code Signing 2010 CA

[+] VeriSign

[/TD]

[/TR]

[/TABLE]

 

[TABLE]

[TR]

[TD=class: field-key]Counter signers[/TD]

[TD] [+] Symantec Time Stamping Services Signer - G4

[+] Symantec Time Stamping Services CA - G2

[+] Thawte Timestamping CA

[/TD]

[/TR]

[/TABLE]

 

 

[h=5]PE header basic information[/h] Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2015-04-03 06:01:29

Entry Point 0x0006A494

Number of sections 10

 

[h=5]PE sections[/h] Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 429368 429568 6.43 bcfbad9b1df0dca400cd42a105dcccb3

.itext 434176 1272 1536 4.88 4dedf38ed63db497430624355dba44f0

.data 438272 15280 15360 6.20 0241c7fb065e75b6fad351bd39b6f014

.bss 454656 204496 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.idata 659456 37426 37888 5.35 0b25e06a632cc48f34630ebf80309e30

.edata 700416 81 512 0.89 6753df56637f4842310e90d7ce6c7b04

.tls 704512 220 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rdata 708608 24 512 0.19 8c4160a6c1c1d77f5a36a13a1d348e20

.reloc 712704 20400 20480 6.74 73b583c21f864361d7c77022006de3bc

.rsrc 733184 301568 301568 4.36 07493f90d89962997972a3cf77b2b543

 

[h=5]Overlays[/h] MD5 dd6ce63b17a66a98e94c8135df1d4341

File type data

Offset 808448

Size 6432

Entropy 7.31

 

[h=5]PE imports[/h] [+] Kernel32.dll

 

[+] NTdll.dll

 

[+] advapi32.dll

 

[+] comctl32.dll

 

[+] comdlg32.dll

 

[+] datastate.dll

 

[+] gdi32.dll

 

[+] kernel32.dll

 

[+] msimg32.dll

 

[+] rtl120.bpl

 

[+] shell32.dll

 

[+] user32.dll

 

[+] userenv.dll

 

[+] vcl120.bpl

 

[+] version.dll

 

[+] winmm.dll

 

[+] wsock32.dll

 

[+] wtsapi32.dll

 

 

[h=5]PE exports[/h] madTraceProcess

 

[h=5]Number of PE resources by type[/h] RT_ICON 5

RT_RCDATA 3

RT_STRING 1

RT_VERSION 1

RT_GROUP_ICON 1

 

[h=5]Number of PE resources by language[/h] CHINESE SIMPLIFIED 6

NEUTRAL 4

ENGLISH US 1

 

[h=5]ExifTool file metadata[/h] LegalTrademarks

IObit

 

UninitializedDataSize

0

 

LinkerVersion

2.25

 

ImageVersion

0.0

 

FileSubtype

0

 

FileVersionNumber

8.0.0.20

 

LanguageCode

English (U.S.)

 

FileFlagsMask

0x003f

 

CharacterSet

Windows, Latin1

 

InitializedDataSize

376320

 

EntryPoint

0x6a494

 

OriginalFileName

Advanced SystemCare Service

 

MIMEType

application/octet-stream

 

LegalCopyright

Copyright© 2009-2015

 

FileVersion

8.0.0.20

 

TimeStamp

2015:04:03 07:01:29+01:00

 

FileType

Win32 EXE

 

PEType

PE32

 

SubsystemVersion

5.0

 

ProductVersion

8.0.0.0

 

FileDescription

Advanced SystemCare Service

 

OSVersion

5.0

 

FileOS

Win32

 

Subsystem

Windows GUI

 

MachineType

Intel 386 or later, and compatibles

 

CompanyName

IObit

 

CodeSize

431104

 

ProductName

Advanced SystemCare

 

ProductVersionNumber

8.0.0.20

 

FileTypeExtension

exe

 

ObjectFileType

Executable application

[h=5]File identification[/h] MD5 acd4af1b9d6e6c0c5be470e5cf313fe6

SHA1 2e2e6472bf9db4050eadccfe7edbf797cdeee39f

SHA256 0b136e068b56567635dfd5bde350b43790002357e35be175c94a82f701e55098

ssdeep

12288:E+d5QJrpbWRpQmgDQdWJ6DdRTZstEipA+MVtRK6:EDrpbWBgOBIpA+MVtRK6

 

authentihash 97970dfbf49006f0c11613aeefba37e26e1d9870ca93935f5f7a5ca57a640eae

imphash aa2fffd78b14f1e6f6ba991299dcda84

File size 795.8 KB ( 814880 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

 

[TABLE]

[TR]

[TD=class: field-key]TrID[/TD]

[TD=class: field-value]Windows screen saver (55.3%)

Win32 Executable (generic) (19.0%)

Win16/32 Executable Delphi generic (8.7%)

Generic Win/DOS Executable (8.4%)

DOS Executable Generic (8.4%)[/TD]

[/TR]

[/TABLE]

 

Tags

peexe signed overlay

 

 

[h=5]VirusTotal metadata[/h] First submission 2015-04-09 10:57:02 UTC ( 1 miesi?c, 3 tygodnie temu )

Last submission 2015-05-21 09:34:30 UTC ( 1 tydzie?, 2 dni temu )

[TABLE]

[TR]

[TD=class: field-key]Nazwy plików[/TD]

[TD=class: field-value]ascservice.exe

ASCService.exe

ASCService.exe

ASCService.exe

ASCService.exe

ASCService.exe

ascservice.exe

ASCService.exe

ASCService.exe

Advanced SystemCare Service

is-qok2r.tmp

ASCService.exe

ASCService.exe

vt-upload-jiEaJK

file

ascservice.exe

ASCService.exe

ascservice.exe

scan_file[/TD]

[/TR]

[/TABLE]

 

 

 

[Scannan]

According to the virustotal results, these so called "viruses" you are concerned about are not seen as a danger by the market leading products, such as AVG,Malwarebytes, Avast etc....

They in fact have a very low score as regard to danger.

Adware and PUA's are unfortunately a fact of modern life and while they are annoying and should not be there, they can hardly be described as Viruses, and can usually be avoided during installation, by paying careful attention to the installation choices, and by setting your security settings correctly.

 

 

[Cicely]

Hi xxxy,

 

Thanks for your detailed feedbacks. It is guaranteed that all our products are free of virus, as Scannan said "these so called "viruses" you are concerned about are not seen as a danger by the market leading products, such as AVG,Malwarebytes, Avast ". The situation you mentioned is false positive and we are communicating with the programs producers to remove them.

 

To look into the issue further, please zip the files ppwhw3ybu4ruysgnla5slmzo6rphqsro.dll and CLIStart.exe (https://www.virustotal.com/en/file/74e4470765affc9661fd23222e2af08ba293120c9576bc4793b2c9338c814da4/analysis/ and https://www.virustotal.com/en/file/77f02bc235e6ec5dea903596c525d9e1286205d3f1e50094d001168f9e8245f8/analysis/)

 

Then send us the download links to get the files to analyze further.

 

Besides, to thanks for detailed feedback, I presented you a license code for Advanced SystemCare Pro. Please check your Private Message to get it.:-)

 

 

@ Scannsn, sincerely thanks for your timely and persuasive reply.:-)