What is ID SafeXpress?
The Malwarebytes research team has determined that ID SafeXpress is a "privacy optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
Their support telephone number has been accused of performing Tech Support Scams.
How do I know if I am infected with ID SafeXpress?
This is how the main screen of the system optimizer looks:
You will find these icons in your taskbar, your startmenu, and on your desktop:
and see this warning during install:
and these screens during "operations":
You may see this entry in your list of installed programs:
and these tasks in your list of Scheduled Tasks:
How did ID SafeXpress get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:
How do I remove ID SafeXpress?
Our program Malwarebytes can detect and remove this potentially unwanted application.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes removes ID SafeXpress completely.
- This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes would have protected you against the ID SafeXpress installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
and we block access to their domain:
Technical details for experts
You may see these entries in FRST logs:
(ID SafeXpress) C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe HKCU\...\Run: [IDSafeXpress] => C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe [7509936 2017-05-03] (ID SafeXpress) C:\Windows\System32\Tasks\IDSafeXpress_Popup3 C:\Windows\System32\Tasks\IDSafeXpress_Popup C:\Windows\System32\Tasks\IDSafeXpress_Master C:\Users\{username}\Desktop\ID SafeXpress.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ID SafeXpress C:\Users\{username}\AppData\Local\IDSafeXpress C:\Program Files (x86)\ID SafeXpress (ID SafeXpress) C:\Users\{username}\Downloads\IDSafeXpressSetup_silent.exe ID SafeXpress (HKLM-x32\...\ID SafeXpress) (Version: 3.3.5 - ID SafeXpress) Task: {5EC84F55-8A56-4F93-A9C7-467A5E22FC15} - System32\Tasks\IDSafeXpress_Popup => C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe [2017-05-03] (ID SafeXpress) Task: {AD6B0C8C-816F-4A80-84FD-CE73D1295057} - System32\Tasks\IDSafeXpress_Popup3 => C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe [2017-05-03] (ID SafeXpress) Task: {F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7} - System32\Tasks\IDSafeXpress_Master => C:\Program Files (x86)\ID SafeXpress\InstAct.exe [2017-05-03] ()Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\ID SafeXpress Adds the file Esent.Interop.dll"="11/28/2016 7:09 PM, 326656 bytes, A Adds the file IDSafeXpress.exe"="5/3/2017 9:14 PM, 7509936 bytes, A Adds the file IDSafeXpress.exe.config"="11/28/2016 7:09 PM, 231 bytes, A Adds the file InstAct.exe"="5/3/2017 9:14 PM, 35248 bytes, A Adds the file InstAct.exe.config"="11/28/2016 7:09 PM, 232 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="11/28/2016 7:09 PM, 322560 bytes, A Adds the file Newtonsoft.Json.dll"="11/28/2016 7:09 PM, 494080 bytes, A Adds the file PrivacyEngine.dll"="5/3/2017 9:07 PM, 126464 bytes, A Adds the file PrivacyEngine.dll.config"="11/28/2016 7:09 PM, 229 bytes, A Adds the file Push.exe"="5/3/2017 9:14 PM, 25008 bytes, A Adds the file Push.exe.config"="12/19/2016 5:57 PM, 224 bytes, A Adds the file schedc.exe"="5/3/2017 9:14 PM, 29616 bytes, A Adds the file schedc.exe.config"="11/28/2016 7:09 PM, 232 bytes, A Adds the file schedc10.exe"="5/3/2017 9:14 PM, 32176 bytes, A Adds the file schedc10.exe.config"="11/28/2016 7:09 PM, 232 bytes, A Adds the file Setup.dll"="5/3/2017 9:07 PM, 66560 bytes, A Adds the file Setup.dll.config"="11/28/2016 7:09 PM, 229 bytes, A Adds the file System.Data.SQLite.dll"="11/28/2016 7:09 PM, 1175552 bytes, A Adds the file TaskTools.exe"="5/3/2017 9:14 PM, 60848 bytes, A Adds the file TaskTools.exe.config"="11/28/2016 7:09 PM, 231 bytes, A Adds the file uninstall.exe"="5/3/2017 9:15 PM, 198816 bytes, A Adds the file updater.exe"="5/3/2017 9:14 PM, 506800 bytes, A Adds the file updater.ini"="3/1/2018 9:25 AM, 371 bytes, A Adds the file Util.dll"="5/3/2017 9:07 PM, 224768 bytes, A Adds the folder C:\Program Files (x86)\ID SafeXpress\ar Adds the file IDSafeXpress.resources.dll"="5/3/2017 9:08 PM, 37376 bytes, A Adds the folder C:\Users\{username}\AppData\Local\IDSafeXpress Adds the file chcookies.txt"="3/1/2018 9:25 AM, 4040 bytes, A Adds the file debug.log"="3/1/2018 9:25 AM, 894 bytes, A Adds the file ffcookies.txt"="3/1/2018 9:25 AM, 2972 bytes, A Adds the file IDSafeXpress.settings"="3/1/2018 9:25 AM, 1840 bytes, A Adds the file iecookies.txt"="3/1/2018 9:25 AM, 17544 bytes, A Adds the file log.rtf"="3/1/2018 9:25 AM, 1259 bytes, A Adds the file lsttick"="3/1/2018 9:25 AM, 8 bytes, A Adds the file report.txt"="3/1/2018 9:25 AM, 92 bytes, A Adds the file wndstate.tmp"="3/1/2018 9:25 AM, 5 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ID SafeXpress Adds the file ID SafeXpress.lnk"="3/1/2018 9:25 AM, 1098 bytes, A Adds the file Uninstall ID SafeXpress.lnk"="3/1/2018 9:25 AM, 864 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file ID SafeXpress.lnk"="3/1/2018 9:25 AM, 1062 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file IDSafeXpress_Master"="3/1/2018 9:25 AM, 3012 bytes, A Adds the file IDSafeXpress_Popup"="3/1/2018 9:25 AM, 3478 bytes, A Adds the file IDSafeXpress_Popup3"="3/1/2018 9:25 AM, 3744 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ID SafeXpress] " "="REG_SZ", "C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ID SafeXpress\ID SafeXpress] "Path"="REG_SZ", "C:\Program Files (x86)\ID SafeXpress" "Version"="REG_SZ", "3.3.5" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ID SafeXpress] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe" "DisplayName"="REG_SZ", "ID SafeXpress" "DisplayVersion"="REG_SZ", "3.3.5" "EstimatedSize"="REG_DWORD", 11185 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "ID SafeXpress" "QuietUninstallString"="REG_SZ", "C:\Program Files (x86)\ID SafeXpress\uninstall.exe /S" "UninstallString"="REG_SZ", "C:\Program Files (x86)\ID SafeXpress\uninstall.exe" [HKEY_CURRENT_USER\Software\ID SafeXpress\ID SafeXpress] "Custom1"="REG_DWORD", 1 "Custom2"="REG_DWORD", 1 "ResName"="REG_SZ", "Silent" [HKEY_CURRENT_USER\Software\IDSafeXpressValidity] "Base"="REG_SZ", "Oracle CorporationBase Board0" "Bios"="REG_SZ", "innotek GmbHVirtualBox020061201000000.000000+000VBOX - 1" "BuyLink"="REG_SZ", "https://safecart.com/pcprivacykeeper/IDSafExpress/IDSE29I?c_fid=pcprivacykeeper-sbam&1click=sbam2" "Cpu"="REG_SZ", "Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz2808" "Disk"="REG_SZ", "VBOX HARDDISK ATA Device(Standard disk drives)" "lang"="REG_SZ", "en" "NeedsRenewal"="REG_SZ", "False" "PhoneNum"="REG_SZ", "1-855-579-9276" "Reg"="REG_SZ", "EAAAAF1VgdULB+CxGvHMHaZU2RHotNKlCpPzsb7OQqqKLW9t" "SplashTime"="REG_QWORD, .... "Support"="REG_SZ", "https://www.idsafexpress.com/contact/" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IDSafeXpress"="REG_SZ", ""C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe" minimized"Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/1/18 Scan Time: 9:36 AM Log File: 93dd4207-1d2b-11e8-8ae7-080027235d76.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4156 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 242811 Threats Detected: 100 Threats Quarantined: 99 Time Elapsed: 3 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.IDSafeXpress, C:\PROGRAM FILES (X86)\ID SAFEXPRESS\IDSAFEXPRESS.EXE, Quarantined, [833], [493709],1.0.4156 Module: 2 PUP.Optional.IDSafeXpress, C:\PROGRAM FILES (X86)\ID SAFEXPRESS\IDSAFEXPRESS.EXE, Quarantined, [833], [493709],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\System.Data.SQLite.dll, Quarantined, [3981], [493699],1.0.4156 Registry Key: 18 PUP.Optional.IDSafeXpress, HKCU\SOFTWARE\ID SafeXpress, Quarantined, [833], [493707],1.0.4156 PUP.Optional.IDSafeXpress, HKCU\SOFTWARE\IDSafeXpressValidity, Quarantined, [833], [493708],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\WOW6432NODE\ID SafeXpress, Quarantined, [833], [493703],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5EC84F55-8A56-4F93-A9C7-467A5E22FC15}, Quarantined, [833], [493713],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AD6B0C8C-816F-4A80-84FD-CE73D1295057}, Quarantined, [833], [493713],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}, Quarantined, [833], [493713],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IDSafeXpress_Popup, Quarantined, [833], [493709],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5EC84F55-8A56-4F93-A9C7-467A5E22FC15}, Quarantined, [833], [493709],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IDSafeXpress_Popup3, Quarantined, [833], [493709],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{AD6B0C8C-816F-4A80-84FD-CE73D1295057}, Quarantined, [833], [493709],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IDSafeXpress_Master, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ID SafeXpress, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IDSafeXpress_Master, Quarantined, [3981], [-1],0.0.0 PUP.Optional.IDSafeXpress.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}, Quarantined, [3981], [-1],0.0.0 PUP.Optional.IDSafeXpress.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}, Quarantined, [3981], [-1],0.0.0 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\IDSafeXpress_RASAPI32, Quarantined, [833], [493704],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\IDSafeXpress_RASMANCS, Quarantined, [833], [493704],1.0.4156 Registry Value: 4 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5EC84F55-8A56-4F93-A9C7-467A5E22FC15}|PATH, Quarantined, [833], [493713],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AD6B0C8C-816F-4A80-84FD-CE73D1295057}|PATH, Quarantined, [833], [493713],1.0.4156 PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}|PATH, Quarantined, [833], [493713],1.0.4156 PUP.Optional.IDSafeXpress, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IDSAFEXPRESS, Quarantined, [833], [493709],1.0.4156 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 18 PUP.Optional.IDSafeXpress, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ID SAFEXPRESS, Quarantined, [833], [493702],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\fil-PH, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\se-FI, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ar, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\da, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\de, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\es, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\fr, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\he, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\it, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ja, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\nl, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\no, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\pt, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ru, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\sv, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\PROGRAM FILES (X86)\ID SAFEXPRESS, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress, C:\USERS\{username}\APPDATA\LOCAL\IDSAFEXPRESS, Removal Failed, [833], [493700],1.0.4156 File: 57 PUP.Optional.IDSafeXpress, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ID SAFEXPRESS\ID SAFEXPRESS.LNK, Quarantined, [833], [493702],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ID SafeXpress\Uninstall ID SafeXpress.lnk, Quarantined, [833], [493702],1.0.4156 PUP.Optional.IDSafeXpress, C:\PROGRAM FILES (X86)\ID SAFEXPRESS\IDSAFEXPRESS.EXE, Quarantined, [833], [493709],1.0.4156 PUP.Optional.IDSafeXpress, C:\WINDOWS\SYSTEM32\TASKS\IDSafeXpress_Popup, Quarantined, [833], [493709],1.0.4156 PUP.Optional.IDSafeXpress, C:\WINDOWS\SYSTEM32\TASKS\IDSafeXpress_Popup3, Quarantined, [833], [493709],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\PROGRAM FILES (X86)\ID SAFEXPRESS\IDSAFEXPRESS.EXE.CONFIG, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ar\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\da\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\de\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\es\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\fil-PH\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\fr\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\he\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\it\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ja\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\nl\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\no\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\pt\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ru\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\se-FI\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\sv\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Esent.Interop.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\InstAct.exe, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\InstAct.exe.config, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Microsoft.Win32.TaskScheduler.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Newtonsoft.Json.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\PrivacyEngine.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\PrivacyEngine.dll.config, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Push.exe, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Push.exe.config, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\schedc.exe, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\schedc.exe.config, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\schedc10.exe, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\schedc10.exe.config, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Setup.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Setup.dll.config, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\System.Data.SQLite.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\TaskTools.exe, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\TaskTools.exe.config, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\uninstall.exe, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\updater.exe, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\updater.ini, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Util.dll, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\IDSafeXpress_Master, Quarantined, [3981], [493699],1.0.4156 PUP.Optional.IDSafeXpress.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\IDSafeXpress_Master, Quarantined, [3981], [-1],0.0.0 PUP.Optional.IDSafeXpress, C:\USERS\{username}\DESKTOP\ID SAFEXPRESS.LNK, Quarantined, [833], [493701],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\chcookies.txt, Quarantined, [833], [493700],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\debug.log, Quarantined, [833], [493700],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\ffcookies.txt, Quarantined, [833], [493700],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\IDSafeXpress.settings, Quarantined, [833], [493700],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\iecookies.txt, Quarantined, [833], [493700],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\log.rtf, Quarantined, [833], [493700],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\lsttick, Quarantined, [833], [493700],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\report.txt, Quarantined, [833], [493700],1.0.4156 PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\wndstate.tmp, Quarantined, [833], [493700],1.0.4156 PUP.Optional.IDSafeXpress, C:\USERS\{username}\DESKTOP\IDSAFEXPRESSSETUP_SILENT.EXE, Quarantined, [833], [493714],1.0.4156 PUP.Optional.IDSafeXpress, C:\USERS\{username}\DOWNLOADS\IDSAFEXPRESSSETUP_SILENT.EXE, Quarantined, [833], [493714],1.0.4156 Physical Sector: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention