What is Software Updater?
The Malwarebytes research team has determined that Software Updater is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Software Updater?
You may see this this entry in your list of installed programs:
and these warnings:
How did Software Updater get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Software Updater?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes Software Updater completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Software Updater adware. �It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O4 - Global Startup: SoftwareUpdater.lnk = C:\Program Files\Software Updater\SoftwareUpdater.exe O23 - Service: asuservice - Unknown owner - C:\Program Files\Software Updater\suscan.exeAlterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\Program Files\Software Updater Adds the file cpprest120_xp_1_4.dll"="9/16/2014 3:15 AM, 1140896 bytes, A Adds the file cpuidsdk.dll"="9/16/2014 3:15 AM, 923648 bytes, A Adds the file DriversHQ.SDK.REST.Win32.dll"="9/16/2014 3:15 AM, 461312 bytes, A Adds the file msvcp120.dll"="9/16/2014 3:15 AM, 455328 bytes, A Adds the file msvcr120.dll"="9/16/2014 3:15 AM, 970912 bytes, A Adds the file SoftwareUpdater.exe"="9/29/2014 8:08 PM, 2187264 bytes, A Adds the file suscan.exe"="9/26/2014 12:36 AM, 222208 bytes, A Adds the file unins000.dat"="12/5/2014 3:24 PM, 3299 bytes, A Adds the file unins000.exe"="12/5/2014 3:24 PM, 719521 bytes, A Adds the file Uninstall.exe"="9/16/2014 3:15 AM, 1797120 bytes, A Adds the file updater.log"="12/5/2014 3:26 PM, 4855 bytes, A In the existing folder C:\ProgramData Adds the file suguid.txt"="12/5/2014 3:24 PM, 36 bytes, A Adds the file suscan.txt"="12/5/2014 3:24 PM, 95 bytes, A In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adds the file SoftwareUpdater.lnk"="12/5/2014 3:24 PM, 1078 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH] "CheckPointTime"="REG_DWORD", 217704384 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\Software Updater\UninstallSoftwareUpdater.exe" "DisplayName"="REG_SZ", "Software Updater version 1.9.9" "DisplayVersion"="REG_SZ", "1.9.9" "EstimatedSize"="REG_DWORD", 8658 "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Software Updater" "Inno Setup: Icon Group"="REG_SZ", "Software Updater" "Inno Setup: Language"="REG_SZ", "default" "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)" "Inno Setup: User"="REG_SZ", "Malwarebytes" "InstallDate"="REG_SZ", "20141205" "InstallLocation"="REG_SZ", "C:\Program Files\Software Updater\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 9 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "QuietUninstallString"="REG_SZ", ""C:\Program Files\Software Updater\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\Software Updater\unins000.exe"" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\asuservice] "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files\Software Updater\suscan.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_CURRENT_USER\Software\SoftwareUpdater] "guid"="REG_SZ", "bd7a1d84-e54b-4fe4-bcbe-3c227c71a4a1"Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/5/2014 Scan Time: 3:28:16 PM Logfile: mbamSoftwareUpdfater.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.05.06 Rootkit Database: v2014.12.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 279705 Time Elapsed: 3 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\SoftwareUpdater.exe, 1084, Delete-on-Reboot, [b288baa54a324ee8ef64a21f08fc12ee] Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.SoftwareUpdater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\asuservice, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Software Updater_is1, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 1 PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater, Delete-on-Reboot, [b288baa54a324ee8ef64a21f08fc12ee], Files: 12 PUP.Optional.SoftwareUpdater.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk, Quarantined, [5edca5ba7efed1654471214506fdd32d], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\updater.log, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\cpprest120_xp_1_4.dll, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\cpuidsdk.dll, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\DriversHQ.SDK.REST.Win32.dll, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\msvcp120.dll, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\msvcr120.dll, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\SoftwareUpdater.exe, Delete-on-Reboot, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\suscan.exe, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\unins000.dat, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\unins000.exe, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], PUP.Optional.SoftwareUpdater, C:\Program Files\Software Updater\Uninstall.exe, Quarantined, [b288baa54a324ee8ef64a21f08fc12ee], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention