PUA_SCAREAPP.GA
PUA,DiskDefragFree (Symantec); PUA.Optional.AuslogicsDiskDefrag (MalwareBytes); Win32:BoostSpeed-A (AVG)
Windows
Threat Type: Potentially Unwanted Application
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user.
It modifies the user's Internet Explorer home page into a certain website. This action allows the malware to point to a website which may contain malware, putting the affected computer at greater risk of malware infection.
TECHNICAL DETAILS
Arrival Details
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It may be manually installed by a user.
Installation
This Potentially Unwanted Application adds the following folders:
- %Application Data%\Auslogics
- %Application Data%\Auslogics\Disk Defrag
- %Application Data%\Auslogics\Disk Defrag\7.x
- %Program Files%\Auslogics
- %Program Files%\Auslogics\Driver Updater
- %Program Files%\Auslogics\Driver Updater\Data
- %Program Files%\Auslogics\Driver Updater\Lang
- %Program Files%\Auslogics\Driver Updater\Setup
- %Start Menu%\Programs\Auslogics
- %Start Menu%\Programs\Auslogics\Disk Defrag
- %Start Menu%\Programs\Auslogics\Driver Updater
- %User Temp%\_Del_{GUID}_driver-updater_setup
- %User Temp%\_Del_inst
- %User Temp%\is-{random characters}.tmp
- %User Temp%\is-{random characters}.tmp\_isetup
- {install path}
- {install path}\Disk Defrag
- {install path}\Disk Defrag\Data
- {install path}\Disk Defrag\Lang
- {install path}\Disk Defrag\Setup
(Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Program Files% is the Program Files folder, where it usually is C:\Program Files on all Windows operating system versions; C:\Program Files (x86) for 32-bit applications running on Windows 64-bit operating systems.. %Start Menu% is the Start Menu folder, where it usually is C:\Documents and Settings\{user name}\Start Menu on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)
It drops the following files:
- %Application Data%\Auslogics\Disk Defrag\7.x\$$$all.js{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$$$prefs.js{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$$$search.sqlite{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$$$Web Data{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$$$Web Data{random numbers}-journal
- %Program Files%\Auslogics\Driver Updater\ActionCenterForms.dll
- %Program Files%\Auslogics\Driver Updater\ActionCenterHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATDriverUpdater.dll
- %Program Files%\Auslogics\Driver Updater\ATPopupsHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATToolsExtHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATToolsStdHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATUpdatersHelper.dll
- %Program Files%\Auslogics\Driver Updater\AxComponentsRTL.bpl
- %Program Files%\Auslogics\Driver Updater\AxComponentsVCL.bpl
- %Program Files%\Auslogics\Driver Updater\CommonForms.Routine.dll
- %Program Files%\Auslogics\Driver Updater\CommonForms.Site.dll
- %Program Files%\Auslogics\Driver Updater\Data\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Data\main.ini
- %Program Files%\Auslogics\Driver Updater\Data\products.json
- %Program Files%\Auslogics\Driver Updater\DebugHelper.dll
- %Program Files%\Auslogics\Driver Updater\DPInst32.exe
- %Program Files%\Auslogics\Driver Updater\DPInst64.exe
- %Program Files%\Auslogics\Driver Updater\DriverHiveEngine.dll
- %Program Files%\Auslogics\Driver Updater\DriverUpdater.exe
- %Program Files%\Auslogics\Driver Updater\EULA.rtf
- %Program Files%\Auslogics\Driver Updater\GASender.exe
- %Program Files%\Auslogics\Driver Updater\GoogleAnalyticsHelper.dll
- %Program Files%\Auslogics\Driver Updater\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Lang\deu.lng
- %Program Files%\Auslogics\Driver Updater\Lang\enu.lng
- %Program Files%\Auslogics\Driver Updater\Lang\esp.lng
- %Program Files%\Auslogics\Driver Updater\Lang\fra.lng
- %Program Files%\Auslogics\Driver Updater\Lang\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Lang\ita.lng
- %Program Files%\Auslogics\Driver Updater\Lang\jpn.lng
- %Program Files%\Auslogics\Driver Updater\Lang\rus.lng
- %Program Files%\Auslogics\Driver Updater\Localizer.dll
- %Program Files%\Auslogics\Driver Updater\RescueCenterHelper.dll
- %Program Files%\Auslogics\Driver Updater\rtl160.bpl
- %Program Files%\Auslogics\Driver Updater\SendDebugLog.exe
- %Program Files%\Auslogics\Driver Updater\ServiceManagerHelper.dll
- %Program Files%\Auslogics\Driver Updater\Setup\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Setup\SetupCustom.dll
- %Program Files%\Auslogics\Driver Updater\sqlite3.dll
- %Program Files%\Auslogics\Driver Updater\SystemInformationHelper.dll
- %Program Files%\Auslogics\Driver Updater\TaskSchedulerHelper.dll
- %Program Files%\Auslogics\Driver Updater\unins000.dat
- %Program Files%\Auslogics\Driver Updater\unins000.exe
- %Program Files%\Auslogics\Driver Updater\unins000.msg
- %Program Files%\Auslogics\Driver Updater\vcl160.bpl
- %Program Files%\Auslogics\Driver Updater\vclimg160.bpl
- %Program Files%\Auslogics\Driver Updater\VolumesHelper.dll
- %Start Menu%\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag on the Web.url
- %Start Menu%\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag.lnk
- %Start Menu%\Programs\Auslogics\Disk Defrag\Check Your PC Performance.url
- %Start Menu%\Programs\Auslogics\Driver Updater\Auslogics Driver Updater on the Web.url
- %Start Menu%\Programs\Auslogics\Driver Updater\Auslogics Driver Updater.lnk
- %User Profile%\Desktop\Auslogics BoostSpeed 9.lnk
- %User Profile%\Desktop\Auslogics Disk Defrag.lnk
- %User Profile%\Desktop\Auslogics Driver Updater.lnk
- %User Temp%\_Del_{GUID}_driver-updater_setup\AxComponentsRTL.bpl
- %User Temp%\_Del_{GUID}_driver-updater_setup\GA.json
- %User Temp%\_Del_{GUID}_driver-updater_setup\GASender.exe
- %User Temp%\_Del_{GUID}_driver-updater_setup\GoogleAnalyticsHelper.dll
- %User Temp%\_Del_{GUID}_driver-updater_setup\rtl160.bpl
- %User Temp%\_Del_inst\AxComponentsRTL.bpl
- %User Temp%\_Del_inst\GA.json
- %User Temp%\_Del_inst\GASender.exe
- %User Temp%\_Del_inst\GoogleAnalyticsHelper.dll
- %User Temp%\_Del_inst\rtl160.bpl
- %User Temp%\{GUID}_boost-speed_setup.exe
- %User Temp%\{GUID}_driver-updater_setup.exe
- %User Temp%\Cab{random numbers}.tmp
- %User Temp%\is-{random characters}.tmp\$$$Cookies{random numbers}
- %User Temp%\is-{random characters}.tmp\$$$Databases.db{random numbers}
- %User Temp%\is-{random characters}.tmp\$$$Origin Bound Certs{random numbers}
- %User Temp%\is-{random characters}.tmp\_isetup\_shfoldr.dll
- %User Temp%\is-{random characters}.tmp\{GUID}_boost-speed_setup.tmp
- %User Temp%\is-{random characters}.tmp\{GUID}_driver-updater_setup.tmp
- %User Temp%\is-{random characters}.tmp\AxBrowsers.dll
- %User Temp%\is-{random characters}.tmp\AxComponentsRTL.bpl
- %User Temp%\is-{random characters}.tmp\AxComponentsVCL.bpl
- %User Temp%\is-{random characters}.tmp\boost_speed_stub_installer.exe
- %User Temp%\is-{random characters}.tmp\BrowserCareHelper.Agent.x32.dll
- %User Temp%\is-{random characters}.tmp\BrowserCareHelper.Agent.x64.dll
- %User Temp%\is-{random characters}.tmp\BrowserCareHelper.dll
- %User Temp%\is-{random characters}.tmp\CommonForms.Site.dll
- %User Temp%\is-{random characters}.tmp\DefaultBrowserFinder.exe
- %User Temp%\is-{random characters}.tmp\deu.lng
- %User Temp%\is-{random characters}.tmp\DiskDefrag.exe
- %User Temp%\is-{random characters}.tmp\driver_updater_stub_installer.exe
- %User Temp%\is-{random characters}.tmp\DriverUpdater.exe
- %User Temp%\is-{random characters}.tmp\enu.lng
- %User Temp%\is-{random characters}.tmp\esp.lng
- %User Temp%\is-{random characters}.tmp\EULA.rtf
- %User Temp%\is-{random characters}.tmp\fra.lng
- %User Temp%\is-{random characters}.tmp\GA.json
- %User Temp%\is-{random characters}.tmp\GASender.exe
- %User Temp%\is-{random characters}.tmp\GoogleAnalyticsHelper.dll
- %User Temp%\is-{random characters}.tmp\inst.tmp
- %User Temp%\is-{random characters}.tmp\ita.lng
- %User Temp%\is-{random characters}.tmp\jpn.lng
- %User Temp%\is-{random characters}.tmp\Localizer.dll
- %User Temp%\is-{random characters}.tmp\main.ini
- %User Temp%\is-{random characters}.tmp\reader.exe
- %User Temp%\is-{random characters}.tmp\rtl160.bpl
- %User Temp%\is-{random characters}.tmp\rus.lng
- %User Temp%\is-{random characters}.tmp\SetupCustom.dll
- %User Temp%\is-{random characters}.tmp\sqlite3.dll
- %User Temp%\is-{random characters}.tmp\vcl160.bpl
- %User Temp%\is-{random characters}.tmp\vclimg160.bpl
- %User Temp%\JavaDeployReg.log
- %User Temp%\Tar{random numbers}.tmp
- %Windows%\inf\battery.PNF
- %Windows%\inf\keyboard.PNF
- %Windows%\inf\machine.PNF
- %Windows%\inf\msports.PNF
- %Windows%\Tasks\Auslogics BoostSpeed Start BoostSpeed on {username} logon.job
- %Windows%\Tasks\Auslogics Driver Updater Scan.job
- %Windows%\Tasks\Auslogics Driver Updater Start Driver Updater on {username} logon.job
- {install path}\Disk Defrag\AxBrowsers.dll
- {install path}\Disk Defrag\AxComponentsRTL.bpl
- {install path}\Disk Defrag\AxComponentsVCL.bpl
- {install path}\Disk Defrag\cdefrag.exe
- {install path}\Disk Defrag\CommonForms.dll
- {install path}\Disk Defrag\CommonForms.Routine.dll
- {install path}\Disk Defrag\CommonForms.Site.dll
- {install path}\Disk Defrag\Data\is-{random characters}.tmp
- {install path}\Disk Defrag\Data\main.ini
- {install path}\Disk Defrag\DebugHelper.dll
- {install path}\Disk Defrag\DiskCleanerHelper.dll
- {install path}\Disk Defrag\DiskDefrag.exe
- {install path}\Disk Defrag\DiskDefragHelper.dll
- {install path}\Disk Defrag\DiskWipeHelper.dll
- {install path}\Disk Defrag\EULA.rtf
- {install path}\Disk Defrag\GASender.exe
- {install path}\Disk Defrag\GoogleAnalyticsHelper.dll
- {install path}\Disk Defrag\is-{random characters}.tmp
- {install path}\Disk Defrag\Lang\deu.lng
- {install path}\Disk Defrag\Lang\enu.lng
- {install path}\Disk Defrag\Lang\esp.lng
- {install path}\Disk Defrag\Lang\fra.lng
- {install path}\Disk Defrag\Lang\is-{random characters}.tmp
- {install path}\Disk Defrag\Lang\ita.lng
- {install path}\Disk Defrag\Lang\jpn.lng
- {install path}\Disk Defrag\Lang\rus.lng
- {install path}\Disk Defrag\Localizer.dll
- {install path}\Disk Defrag\ndefrg32.exe
- {install path}\Disk Defrag\RegistryCleanerHelper.dll
- {install path}\Disk Defrag\ReportHelper.dll
- {install path}\Disk Defrag\rtl160.bpl
- {install path}\Disk Defrag\SendDebugLog.exe
- {install path}\Disk Defrag\Setup\is-{random characters}.tmp
- {install path}\Disk Defrag\Setup\SetupCustom.dll
- {install path}\Disk Defrag\ShellExtension.ContextMenu.x32.dll
- {install path}\Disk Defrag\ShellExtension.ContextMenu.x64.dll
- {install path}\Disk Defrag\ShellExtension.dll
- {install path}\Disk Defrag\sqlite3.dll
- {install path}\Disk Defrag\TaskSchedulerHelper.dll
- {install path}\Disk Defrag\unins000.dat
- {install path}\Disk Defrag\unins000.exe
- {install path}\Disk Defrag\unins000.msg
- {install path}\Disk Defrag\vcl160.bpl
- {install path}\Disk Defrag\vclimg160.bpl
- {install path}\Disk Defrag\VolumesHelper.dll
(Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Program Files% is the Program Files folder, where it usually is C:\Program Files on all Windows operating system versions; C:\Program Files (x86) for 32-bit applications running on Windows 64-bit operating systems.. %Start Menu% is the Start Menu folder, where it usually is C:\Documents and Settings\{user name}\Start Menu on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.. %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.)
Other System Modifications
This Potentially Unwanted Application adds the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Disk Defrag
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Disk Defrag\7.x
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Disk Defrag\7.x\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Google Analytics Package
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Google Analytics Package\1.x
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Google Analytics Package\1.x\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_boost-speed
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_boost-speed\2.x
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_boost-speed\2.x\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_driver-updater
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_driver-updater\2.x
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_driver-updater\2.x\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x\Settings
It adds the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Disk Defrag\7.x\Settings
General.Cookie = diskdefragfree
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Disk Defrag\7.x\Settings
General.CookieLastAction = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Disk Defrag\7.x\Settings
General.Language = ENU
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Google Analytics Package\1.x\Settings
ClientID = {GUID}
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Disk Defrag\7.x\Settings
General.InstallDateTime = {hex values}
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_boost-speed\2.x\Settings
FirstStart = {numbers}
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_boost-speed\2.x\Settings
TryCount = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Disk Defrag\7.x\Settings
GoogleAnalytics.InstallDate = {hex values}
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_driver-updater\2.x\Settings
FirstStart = {numbers}
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
stub_installer_driver-updater\2.x\Settings
TryCount = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x\Settings
General.CookieLastAction = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x\Settings
General.Cookie = disk_defrag_du_last_step
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x\Settings
General.Language = ENU
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x\Settings
General.InstallDateTime = {hex values}
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x\Settings
DriverUpdater.UpdateDate = {hex values}
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x\Settings
DriverUpdater.InstallTime = {hex values}
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x\Settings
GoogleAnalytics.InstallDate = {hex values}
HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\
Driver Updater\1.x\Settings
ActionCenter.LastUpdateTime = {hex values}
Web Browser Home Page and Search Page Modification
This Potentially Unwanted Application modifies the user's Internet Explorer home page to the following websites:
- https://search.{BLOCKED}o.com/?fr=vmn&type=auslog_yaapp1_hp
SOLUTION
Step 1
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 2
Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.
Step 3
Remove PUA_SCAREAPP.GA by using its own Uninstall option
Step 4
Delete this registry key
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_LOCAL_MACHINE\SOFTWARE
- Auslogics
- Auslogics
Step 5
Search and delete this folder
- %Application Data%\Auslogics
- %Application Data%\Auslogics\Disk Defrag
- %Application Data%\Auslogics\Disk Defrag\7.x
- %Program Files%\Auslogics
- %Program Files%\Auslogics\Driver Updater
- %Program Files%\Auslogics\Driver Updater\Data
- %Program Files%\Auslogics\Driver Updater\Lang
- %Program Files%\Auslogics\Driver Updater\Setup
- %Start Menu%\Programs\Auslogics
- %Start Menu%\Programs\Auslogics\Disk Defrag
- %Start Menu%\Programs\Auslogics\Driver Updater
- %User Temp%\_Del_{GUID}_driver-updater_setup
- %User Temp%\_Del_inst
- %User Temp%\is-{random characters}.tmp
- %User Temp%\is-{random characters}.tmp\_isetup
- {install path}
- {install path}\Disk Defrag
- {install path}\Disk Defrag\Data
- {install path}\Disk Defrag\Lang
- {install path}\Disk Defrag\Setup
Step 6
Search and delete this file
- %Application Data%\Auslogics\Disk Defrag\7.x\$all.js{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$prefs.js{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$search.sqlite{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$Web Data{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$Web Data{random numbers}-journal
- %Program Files%\Auslogics\Driver Updater\ActionCenterForms.dll
- %Program Files%\Auslogics\Driver Updater\ActionCenterHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATDriverUpdater.dll
- %Program Files%\Auslogics\Driver Updater\ATPopupsHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATToolsExtHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATToolsStdHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATUpdatersHelper.dll
- %Program Files%\Auslogics\Driver Updater\AxComponentsRTL.bpl
- %Program Files%\Auslogics\Driver Updater\AxComponentsVCL.bpl
- %Program Files%\Auslogics\Driver Updater\CommonForms.Routine.dll
- %Program Files%\Auslogics\Driver Updater\CommonForms.Site.dll
- %Program Files%\Auslogics\Driver Updater\Data\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Data\main.ini
- %Program Files%\Auslogics\Driver Updater\Data\products.json
- %Program Files%\Auslogics\Driver Updater\DebugHelper.dll
- %Program Files%\Auslogics\Driver Updater\DPInst32.exe
- %Program Files%\Auslogics\Driver Updater\DPInst64.exe
- %Program Files%\Auslogics\Driver Updater\DriverHiveEngine.dll
- %Program Files%\Auslogics\Driver Updater\DriverUpdater.exe
- %Program Files%\Auslogics\Driver Updater\EULA.rtf
- %Program Files%\Auslogics\Driver Updater\GASender.exe
- %Program Files%\Auslogics\Driver Updater\GoogleAnalyticsHelper.dll
- %Program Files%\Auslogics\Driver Updater\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Lang\deu.lng
- %Program Files%\Auslogics\Driver Updater\Lang\enu.lng
- %Program Files%\Auslogics\Driver Updater\Lang\esp.lng
- %Program Files%\Auslogics\Driver Updater\Lang\fra.lng
- %Program Files%\Auslogics\Driver Updater\Lang\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Lang\ita.lng
- %Program Files%\Auslogics\Driver Updater\Lang\jpn.lng
- %Program Files%\Auslogics\Driver Updater\Lang\rus.lng
- %Program Files%\Auslogics\Driver Updater\Localizer.dll
- %Program Files%\Auslogics\Driver Updater\RescueCenterHelper.dll
- %Program Files%\Auslogics\Driver Updater\rtl160.bpl
- %Program Files%\Auslogics\Driver Updater\SendDebugLog.exe
- %Program Files%\Auslogics\Driver Updater\ServiceManagerHelper.dll
- %Program Files%\Auslogics\Driver Updater\Setup\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Setup\SetupCustom.dll
- %Program Files%\Auslogics\Driver Updater\sqlite3.dll
- %Program Files%\Auslogics\Driver Updater\SystemInformationHelper.dll
- %Program Files%\Auslogics\Driver Updater\TaskSchedulerHelper.dll
- %Program Files%\Auslogics\Driver Updater\unins000.dat
- %Program Files%\Auslogics\Driver Updater\unins000.exe
- %Program Files%\Auslogics\Driver Updater\unins000.msg
- %Program Files%\Auslogics\Driver Updater\vcl160.bpl
- %Program Files%\Auslogics\Driver Updater\vclimg160.bpl
- %Program Files%\Auslogics\Driver Updater\VolumesHelper.dll
- %Start Menu%\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag on the Web.url
- %Start Menu%\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag.lnk
- %Start Menu%\Programs\Auslogics\Disk Defrag\Check Your PC Performance.url
- %Start Menu%\Programs\Auslogics\Driver Updater\Auslogics Driver Updater on the Web.url
- %Start Menu%\Programs\Auslogics\Driver Updater\Auslogics Driver Updater.lnk
- %User Profile%\Desktop\Auslogics BoostSpeed 9.lnk
- %User Profile%\Desktop\Auslogics Disk Defrag.lnk
- %User Profile%\Desktop\Auslogics Driver Updater.lnk
- %User Temp%\_Del_{GUID}_driver-updater_setup\AxComponentsRTL.bpl
- %User Temp%\_Del_{GUID}_driver-updater_setup\GA.json
- %User Temp%\_Del_{GUID}_driver-updater_setup\GASender.exe
- %User Temp%\_Del_{GUID}_driver-updater_setup\GoogleAnalyticsHelper.dll
- %User Temp%\_Del_{GUID}_driver-updater_setup\rtl160.bpl
- %User Temp%\_Del_inst\AxComponentsRTL.bpl
- %User Temp%\_Del_inst\GA.json
- %User Temp%\_Del_inst\GASender.exe
- %User Temp%\_Del_inst\GoogleAnalyticsHelper.dll
- %User Temp%\_Del_inst\rtl160.bpl
- %User Temp%\{GUID}_boost-speed_setup.exe
- %User Temp%\{GUID}_driver-updater_setup.exe
- %User Temp%\Cab{random numbers}.tmp
- %User Temp%\is-{random characters}.tmp\$Cookies{random numbers}
- %User Temp%\is-{random characters}.tmp\$Databases.db{random numbers}
- %User Temp%\is-{random characters}.tmp\$Origin Bound Certs{random numbers}
- %User Temp%\is-{random characters}.tmp\_isetup\_shfoldr.dll
- %User Temp%\is-{random characters}.tmp\{GUID}_boost-speed_setup.tmp
- %User Temp%\is-{random characters}.tmp\{GUID}_driver-updater_setup.tmp
- %User Temp%\is-{random characters}.tmp\AxBrowsers.dll
- %User Temp%\is-{random characters}.tmp\AxComponentsRTL.bpl
- %User Temp%\is-{random characters}.tmp\AxComponentsVCL.bpl
- %User Temp%\is-{random characters}.tmp\boost_speed_stub_installer.exe
- %User Temp%\is-{random characters}.tmp\BrowserCareHelper.Agent.x32.dll
- %User Temp%\is-{random characters}.tmp\BrowserCareHelper.Agent.x64.dll
- %User Temp%\is-{random characters}.tmp\BrowserCareHelper.dll
- %User Temp%\is-{random characters}.tmp\CommonForms.Site.dll
- %User Temp%\is-{random characters}.tmp\DefaultBrowserFinder.exe
- %User Temp%\is-{random characters}.tmp\deu.lng
- %User Temp%\is-{random characters}.tmp\DiskDefrag.exe
- %User Temp%\is-{random characters}.tmp\driver_updater_stub_installer.exe
- %User Temp%\is-{random characters}.tmp\DriverUpdater.exe
- %User Temp%\is-{random characters}.tmp\enu.lng
- %User Temp%\is-{random characters}.tmp\esp.lng
- %User Temp%\is-{random characters}.tmp\EULA.rtf
- %User Temp%\is-{random characters}.tmp\fra.lng
- %User Temp%\is-{random characters}.tmp\GA.json
- %User Temp%\is-{random characters}.tmp\GASender.exe
- %User Temp%\is-{random characters}.tmp\GoogleAnalyticsHelper.dll
- %User Temp%\is-{random characters}.tmp\inst.tmp
- %User Temp%\is-{random characters}.tmp\ita.lng
- %User Temp%\is-{random characters}.tmp\jpn.lng
- %User Temp%\is-{random characters}.tmp\Localizer.dll
- %User Temp%\is-{random characters}.tmp\main.ini
- %User Temp%\is-{random characters}.tmp\reader.exe
- %User Temp%\is-{random characters}.tmp\rtl160.bpl
- %User Temp%\is-{random characters}.tmp\rus.lng
- %User Temp%\is-{random characters}.tmp\SetupCustom.dll
- %User Temp%\is-{random characters}.tmp\sqlite3.dll
- %User Temp%\is-{random characters}.tmp\vcl160.bpl
- %User Temp%\is-{random characters}.tmp\vclimg160.bpl
- %User Temp%\JavaDeployReg.log
- %User Temp%\Tar{random numbers}.tmp
- %Windows%\Tasks\Auslogics BoostSpeed Start BoostSpeed on {username} logon.job
- %Windows%\Tasks\Auslogics Driver Updater Scan.job
- %Windows%\Tasks\Auslogics Driver Updater Start Driver Updater on {username} logon.job
- {install path}\Disk Defrag\AxBrowsers.dll
- {install path}\Disk Defrag\AxComponentsRTL.bpl
- {install path}\Disk Defrag\AxComponentsVCL.bpl
- {install path}\Disk Defrag\cdefrag.exe
- {install path}\Disk Defrag\CommonForms.dll
- {install path}\Disk Defrag\CommonForms.Routine.dll
- {install path}\Disk Defrag\CommonForms.Site.dll
- {install path}\Disk Defrag\Data\is-{random characters}.tmp
- {install path}\Disk Defrag\Data\main.ini
- {install path}\Disk Defrag\DebugHelper.dll
- {install path}\Disk Defrag\DiskCleanerHelper.dll
- {install path}\Disk Defrag\DiskDefrag.exe
- {install path}\Disk Defrag\DiskDefragHelper.dll
- {install path}\Disk Defrag\DiskWipeHelper.dll
- {install path}\Disk Defrag\EULA.rtf
- {install path}\Disk Defrag\GASender.exe
- {install path}\Disk Defrag\GoogleAnalyticsHelper.dll
- {install path}\Disk Defrag\is-{random characters}.tmp
- {install path}\Disk Defrag\Lang\deu.lng
- {install path}\Disk Defrag\Lang\enu.lng
- {install path}\Disk Defrag\Lang\esp.lng
- {install path}\Disk Defrag\Lang\fra.lng
- {install path}\Disk Defrag\Lang\is-{random characters}.tmp
- {install path}\Disk Defrag\Lang\ita.lng
- {install path}\Disk Defrag\Lang\jpn.lng
- {install path}\Disk Defrag\Lang\rus.lng
- {install path}\Disk Defrag\Localizer.dll
- {install path}\Disk Defrag\ndefrg32.exe
- {install path}\Disk Defrag\RegistryCleanerHelper.dll
- {install path}\Disk Defrag\ReportHelper.dll
- {install path}\Disk Defrag\rtl160.bpl
- {install path}\Disk Defrag\SendDebugLog.exe
- {install path}\Disk Defrag\Setup\is-{random characters}.tmp
- {install path}\Disk Defrag\Setup\SetupCustom.dll
- {install path}\Disk Defrag\ShellExtension.ContextMenu.x32.dll
- {install path}\Disk Defrag\ShellExtension.ContextMenu.x64.dll
- {install path}\Disk Defrag\ShellExtension.dll
- {install path}\Disk Defrag\sqlite3.dll
- {install path}\Disk Defrag\TaskSchedulerHelper.dll
- {install path}\Disk Defrag\unins000.dat
- {install path}\Disk Defrag\unins000.exe
- {install path}\Disk Defrag\unins000.msg
- {install path}\Disk Defrag\vcl160.bpl
- {install path}\Disk Defrag\vclimg160.bpl
- {install path}\Disk Defrag\VolumesHelper.dll
*Note: The file name input box title varies depending on the Windows version (e.g. Search for files or folders named or All or part of the file name.).
• For Windows Vista, Windows 7, Windows Server 2008, Windows 8, Windows 8.1, and Windows Server 2012:
- Open a Windows Explorer window.
- For Windows Vista, 7, and Server 2008 users, click Start>Computer.
- For Windows 8, 8.1, and Server 2012 users, right-click on the lower left corner of the screen, then click File Explorer.
- In the Search Computer/This PC input box, type:
- %Application Data%\Auslogics\Disk Defrag\7.x\$all.js{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$prefs.js{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$search.sqlite{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$Web Data{random numbers}
- %Application Data%\Auslogics\Disk Defrag\7.x\$Web Data{random numbers}-journal
- %Program Files%\Auslogics\Driver Updater\ActionCenterForms.dll
- %Program Files%\Auslogics\Driver Updater\ActionCenterHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATDriverUpdater.dll
- %Program Files%\Auslogics\Driver Updater\ATPopupsHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATToolsExtHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATToolsStdHelper.dll
- %Program Files%\Auslogics\Driver Updater\ATUpdatersHelper.dll
- %Program Files%\Auslogics\Driver Updater\AxComponentsRTL.bpl
- %Program Files%\Auslogics\Driver Updater\AxComponentsVCL.bpl
- %Program Files%\Auslogics\Driver Updater\CommonForms.Routine.dll
- %Program Files%\Auslogics\Driver Updater\CommonForms.Site.dll
- %Program Files%\Auslogics\Driver Updater\Data\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Data\main.ini
- %Program Files%\Auslogics\Driver Updater\Data\products.json
- %Program Files%\Auslogics\Driver Updater\DebugHelper.dll
- %Program Files%\Auslogics\Driver Updater\DPInst32.exe
- %Program Files%\Auslogics\Driver Updater\DPInst64.exe
- %Program Files%\Auslogics\Driver Updater\DriverHiveEngine.dll
- %Program Files%\Auslogics\Driver Updater\DriverUpdater.exe
- %Program Files%\Auslogics\Driver Updater\EULA.rtf
- %Program Files%\Auslogics\Driver Updater\GASender.exe
- %Program Files%\Auslogics\Driver Updater\GoogleAnalyticsHelper.dll
- %Program Files%\Auslogics\Driver Updater\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Lang\deu.lng
- %Program Files%\Auslogics\Driver Updater\Lang\enu.lng
- %Program Files%\Auslogics\Driver Updater\Lang\esp.lng
- %Program Files%\Auslogics\Driver Updater\Lang\fra.lng
- %Program Files%\Auslogics\Driver Updater\Lang\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Lang\ita.lng
- %Program Files%\Auslogics\Driver Updater\Lang\jpn.lng
- %Program Files%\Auslogics\Driver Updater\Lang\rus.lng
- %Program Files%\Auslogics\Driver Updater\Localizer.dll
- %Program Files%\Auslogics\Driver Updater\RescueCenterHelper.dll
- %Program Files%\Auslogics\Driver Updater\rtl160.bpl
- %Program Files%\Auslogics\Driver Updater\SendDebugLog.exe
- %Program Files%\Auslogics\Driver Updater\ServiceManagerHelper.dll
- %Program Files%\Auslogics\Driver Updater\Setup\is-{random characters}.tmp
- %Program Files%\Auslogics\Driver Updater\Setup\SetupCustom.dll
- %Program Files%\Auslogics\Driver Updater\sqlite3.dll
- %Program Files%\Auslogics\Driver Updater\SystemInformationHelper.dll
- %Program Files%\Auslogics\Driver Updater\TaskSchedulerHelper.dll
- %Program Files%\Auslogics\Driver Updater\unins000.dat
- %Program Files%\Auslogics\Driver Updater\unins000.exe
- %Program Files%\Auslogics\Driver Updater\unins000.msg
- %Program Files%\Auslogics\Driver Updater\vcl160.bpl
- %Program Files%\Auslogics\Driver Updater\vclimg160.bpl
- %Program Files%\Auslogics\Driver Updater\VolumesHelper.dll
- %Start Menu%\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag on the Web.url
- %Start Menu%\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag.lnk
- %Start Menu%\Programs\Auslogics\Disk Defrag\Check Your PC Performance.url
- %Start Menu%\Programs\Auslogics\Driver Updater\Auslogics Driver Updater on the Web.url
- %Start Menu%\Programs\Auslogics\Driver Updater\Auslogics Driver Updater.lnk
- %User Profile%\Desktop\Auslogics BoostSpeed 9.lnk
- %User Profile%\Desktop\Auslogics Disk Defrag.lnk
- %User Profile%\Desktop\Auslogics Driver Updater.lnk
- %User Temp%\_Del_{GUID}_driver-updater_setup\AxComponentsRTL.bpl
- %User Temp%\_Del_{GUID}_driver-updater_setup\GA.json
- %User Temp%\_Del_{GUID}_driver-updater_setup\GASender.exe
- %User Temp%\_Del_{GUID}_driver-updater_setup\GoogleAnalyticsHelper.dll
- %User Temp%\_Del_{GUID}_driver-updater_setup\rtl160.bpl
- %User Temp%\_Del_inst\AxComponentsRTL.bpl
- %User Temp%\_Del_inst\GA.json
- %User Temp%\_Del_inst\GASender.exe
- %User Temp%\_Del_inst\GoogleAnalyticsHelper.dll
- %User Temp%\_Del_inst\rtl160.bpl
- %User Temp%\{GUID}_boost-speed_setup.exe
- %User Temp%\{GUID}_driver-updater_setup.exe
- %User Temp%\Cab{random numbers}.tmp
- %User Temp%\is-{random characters}.tmp\$Cookies{random numbers}
- %User Temp%\is-{random characters}.tmp\$Databases.db{random numbers}
- %User Temp%\is-{random characters}.tmp\$Origin Bound Certs{random numbers}
- %User Temp%\is-{random characters}.tmp\_isetup\_shfoldr.dll
- %User Temp%\is-{random characters}.tmp\{GUID}_boost-speed_setup.tmp
- %User Temp%\is-{random characters}.tmp\{GUID}_driver-updater_setup.tmp
- %User Temp%\is-{random characters}.tmp\AxBrowsers.dll
- %User Temp%\is-{random characters}.tmp\AxComponentsRTL.bpl
- %User Temp%\is-{random characters}.tmp\AxComponentsVCL.bpl
- %User Temp%\is-{random characters}.tmp\boost_speed_stub_installer.exe
- %User Temp%\is-{random characters}.tmp\BrowserCareHelper.Agent.x32.dll
- %User Temp%\is-{random characters}.tmp\BrowserCareHelper.Agent.x64.dll
- %User Temp%\is-{random characters}.tmp\BrowserCareHelper.dll
- %User Temp%\is-{random characters}.tmp\CommonForms.Site.dll
- %User Temp%\is-{random characters}.tmp\DefaultBrowserFinder.exe
- %User Temp%\is-{random characters}.tmp\deu.lng
- %User Temp%\is-{random characters}.tmp\DiskDefrag.exe
- %User Temp%\is-{random characters}.tmp\driver_updater_stub_installer.exe
- %User Temp%\is-{random characters}.tmp\DriverUpdater.exe
- %User Temp%\is-{random characters}.tmp\enu.lng
- %User Temp%\is-{random characters}.tmp\esp.lng
- %User Temp%\is-{random characters}.tmp\EULA.rtf
- %User Temp%\is-{random characters}.tmp\fra.lng
- %User Temp%\is-{random characters}.tmp\GA.json
- %User Temp%\is-{random characters}.tmp\GASender.exe
- %User Temp%\is-{random characters}.tmp\GoogleAnalyticsHelper.dll
- %User Temp%\is-{random characters}.tmp\inst.tmp
- %User Temp%\is-{random characters}.tmp\ita.lng
- %User Temp%\is-{random characters}.tmp\jpn.lng
- %User Temp%\is-{random characters}.tmp\Localizer.dll
- %User Temp%\is-{random characters}.tmp\main.ini
- %User Temp%\is-{random characters}.tmp\reader.exe
- %User Temp%\is-{random characters}.tmp\rtl160.bpl
- %User Temp%\is-{random characters}.tmp\rus.lng
- %User Temp%\is-{random characters}.tmp\SetupCustom.dll
- %User Temp%\is-{random characters}.tmp\sqlite3.dll
- %User Temp%\is-{random characters}.tmp\vcl160.bpl
- %User Temp%\is-{random characters}.tmp\vclimg160.bpl
- %User Temp%\JavaDeployReg.log
- %User Temp%\Tar{random numbers}.tmp
- %Windows%\Tasks\Auslogics BoostSpeed Start BoostSpeed on {username} logon.job
- %Windows%\Tasks\Auslogics Driver Updater Scan.job
- %Windows%\Tasks\Auslogics Driver Updater Start Driver Updater on {username} logon.job
- {install path}\Disk Defrag\AxBrowsers.dll
- {install path}\Disk Defrag\AxComponentsRTL.bpl
- {install path}\Disk Defrag\AxComponentsVCL.bpl
- {install path}\Disk Defrag\cdefrag.exe
- {install path}\Disk Defrag\CommonForms.dll
- {install path}\Disk Defrag\CommonForms.Routine.dll
- {install path}\Disk Defrag\CommonForms.Site.dll
- {install path}\Disk Defrag\Data\is-{random characters}.tmp
- {install path}\Disk Defrag\Data\main.ini
- {install path}\Disk Defrag\DebugHelper.dll
- {install path}\Disk Defrag\DiskCleanerHelper.dll
- {install path}\Disk Defrag\DiskDefrag.exe
- {install path}\Disk Defrag\DiskDefragHelper.dll
- {install path}\Disk Defrag\DiskWipeHelper.dll
- {install path}\Disk Defrag\EULA.rtf
- {install path}\Disk Defrag\GASender.exe
- {install path}\Disk Defrag\GoogleAnalyticsHelper.dll
- {install path}\Disk Defrag\is-{random characters}.tmp
- {install path}\Disk Defrag\Lang\deu.lng
- {install path}\Disk Defrag\Lang\enu.lng
- {install path}\Disk Defrag\Lang\esp.lng
- {install path}\Disk Defrag\Lang\fra.lng
- {install path}\Disk Defrag\Lang\is-{random characters}.tmp
- {install path}\Disk Defrag\Lang\ita.lng
- {install path}\Disk Defrag\Lang\jpn.lng
- {install path}\Disk Defrag\Lang\rus.lng
- {install path}\Disk Defrag\Localizer.dll
- {install path}\Disk Defrag\ndefrg32.exe
- {install path}\Disk Defrag\RegistryCleanerHelper.dll
- {install path}\Disk Defrag\ReportHelper.dll
- {install path}\Disk Defrag\rtl160.bpl
- {install path}\Disk Defrag\SendDebugLog.exe
- {install path}\Disk Defrag\Setup\is-{random characters}.tmp
- {install path}\Disk Defrag\Setup\SetupCustom.dll
- {install path}\Disk Defrag\ShellExtension.ContextMenu.x32.dll
- {install path}\Disk Defrag\ShellExtension.ContextMenu.x64.dll
- {install path}\Disk Defrag\ShellExtension.dll
- {install path}\Disk Defrag\sqlite3.dll
- {install path}\Disk Defrag\TaskSchedulerHelper.dll
- {install path}\Disk Defrag\unins000.dat
- {install path}\Disk Defrag\unins000.exe
- {install path}\Disk Defrag\unins000.msg
- {install path}\Disk Defrag\vcl160.bpl
- {install path}\Disk Defrag\vclimg160.bpl
- {install path}\Disk Defrag\VolumesHelper.dll
- Once located, select the file then press SHIFT+DELETE to delete it.
*Note: Read the following Microsoft page if these steps do not work on Windows 7.
Step 7
Reset the Internet Explorer Home and Search pages
Step 8
Scan your computer with your Trend Micro product to delete files detected as PUA_SCAREAPP.GA. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.