What is PC Gold Optimizer?
The Malwarebytes research team has determined that PC Gold Optimizer is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.
How do I know if I am infected with PC Gold Optimizer?
This is how the main screen of the system optimizer looks:
You will find these icons in your taskbar, your startmenu, and on your desktop:
and see this type of warnings during install:
and this type of screens during "operations":
You may see this entry in your list of installed programs:
How did PC Gold Optimizer get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:
How do I remove PC Gold Optimizer?
Our program Malwarebytes can detect and remove this potentially unwanted application.
- Please download Malwarebytes for Windows to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- When the scan is finished click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
- No, Malwarebytes removes PC Gold Optimizer completely.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes would have protected you against the PC Gold Optimizer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You may see these entries in FRST logs:
(Alliance Antivirus Private Limited -> ) C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe HKCU\...\Run: [Winzard System Repair] => C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe [1061544 2020-09-29] (Alliance Antivirus Private Limited -> ) C:\Users\{username}\Desktop\PC Gold Optimizer and system repair.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair C:\Program Files (x86)\PC Gold Optimizer and system repair C:\Windows\systemrell.mkv PC Gold Optimizer and system repair 1.1.0 (HKLM-x32\...\PC Gold Optimizer and system repair) (Version: 1.1.0 - The Alliance Tech)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\PC Gold Optimizer and system repair Adds the file MaterialDesignColors.dll"="5/25/2020 4:53 AM, 299520 bytes, A Adds the file MaterialDesignThemes.Wpf.dll"="5/25/2020 4:53 AM, 7420928 bytes, A Adds the file PC Gold Optimizer and system repair.exe"="9/29/2020 8:11 PM, 1061544 bytes, A Adds the file PC Gold Optimizer and system repair.url"="10/13/2020 9:04 AM, 52 bytes, A Adds the file ServiceStack.Client.dll"="12/10/2017 10:54 PM, 198144 bytes, A Adds the file ServiceStack.Interfaces.dll"="12/10/2017 10:54 PM, 138240 bytes, A Adds the file ServiceStack.Text.dll"="12/10/2017 9:53 AM, 408576 bytes, A Adds the file shield.ico"="9/6/2020 6:45 PM, 120446 bytes, A Adds the file Stripe.dll"="12/9/2017 10:12 PM, 74240 bytes, A Adds the file sysfunction.bin"="9/29/2020 7:00 PM, 1 bytes, A Adds the file sysset.bin"="10/13/2020 9:04 AM, 1 bytes, A Adds the file System.Buffers.dll"="2/19/2020 5:05 AM, 20856 bytes, A Adds the file System.Numerics.Vectors.dll"="5/15/2018 9:29 AM, 115856 bytes, A Adds the file uninst.exe"="10/13/2020 9:04 AM, 156495 bytes, A Adds the file WpfAnimatedGif.dll"="3/28/2020 1:57 PM, 42496 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair Adds the file PC Gold Optimizer and system repair.lnk"="10/13/2020 9:04 AM, 1367 bytes, A Adds the file Uninstall.lnk"="10/13/2020 9:04 AM, 1004 bytes, A Adds the file Website.lnk"="10/13/2020 9:04 AM, 1367 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file PC Gold Optimizer and system repair.lnk"="10/13/2020 9:04 AM, 1331 bytes, A In the existing folder C:\Windows Adds the file systemrell.mkv"="9/28/2020 5:20 PM, 6441793 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PC Gold Optimizer and system repair.exe] "(Default)"="REG_SZ", "C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Gold Optimizer and system repair] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe" "DisplayName"="REG_SZ", "PC Gold Optimizer and system repair 1.1.0" "DisplayVersion"="REG_SZ", "1.1.0" "Publisher"="REG_SZ", "The Alliance Tech" "UninstallString"="REG_SZ", "C:\Program Files (x86)\PC Gold Optimizer and system repair\uninst.exe" "URLInfoAbout"="REG_SZ", "https://www.thepcgold.com/" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Winzard System Repair"="REG_SZ", "C:\Program Files (x86)\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.exe"Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/13/20 Scan Time: 9:14 AM Log File: b4aaeb2e-0d23-11eb-aded-080027235d76.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1061 Update Package Version: 1.0.31268 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 231774 Threats Detected: 15 Threats Quarantined: 14 Time Elapsed: 5 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.PCGold, C:\PROGRAM FILES (X86)\PC GOLD OPTIMIZER AND SYSTEM REPAIR\PC GOLD OPTIMIZER AND SYSTEM REPAIR.EXE, Quarantined, 3564, 863406, , , , , 40D98372009CA5B24BBD05EC06A65594, D061CFA1A3F86A8CBABACABBA0F419E99A868BE96B2427A851F6D26558ADC451 Module: 1 PUP.Optional.PCGold, C:\PROGRAM FILES (X86)\PC GOLD OPTIMIZER AND SYSTEM REPAIR\PC GOLD OPTIMIZER AND SYSTEM REPAIR.EXE, Quarantined, 3564, 863406, , , , , 40D98372009CA5B24BBD05EC06A65594, D061CFA1A3F86A8CBABACABBA0F419E99A868BE96B2427A851F6D26558ADC451 Registry Key: 1 PUP.Optional.PCGold, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Gold Optimizer and system repair, Quarantined, 3564, 865033, 1.0.31268, , ame, , , Registry Value: 1 PUP.Optional.PCGold, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Winzard System Repair, Quarantined, 3564, 863406, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.PCGold, C:\PROGRAM FILES (X86)\PC Gold Optimizer and system repair, Removal Failed, 3564, 865031, 1.0.31268, , ame, , , PUP.Optional.PCGold, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PC Gold Optimizer and system repair, Quarantined, 3564, 865032, 1.0.31268, , ame, , , File: 6 PUP.Optional.PCGold, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair\PC Gold Optimizer and system repair.lnk, Quarantined, 3564, 865032, , , , , 38B0C72B451B63F9BA7E37FF585C6E71, 4D1DCD8DA7462021C611C1266EBDC120DA899B7D6D5458AD75EE9D93B16A1DD3 PUP.Optional.PCGold, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair\Uninstall.lnk, Quarantined, 3564, 865032, , , , , 94E0FEC92F96562EFAF3017F0C91EFAD, B2E47F5E8DD11F054284FBF027BF8D917927D83674CF283B7BE1BD481F546287 PUP.Optional.PCGold, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Gold Optimizer and system repair\Website.lnk, Quarantined, 3564, 865032, , , , , 66208D826A5A1D7C8490C262DFA51D27, 5CA10652FD1E20867BFC5F26DE995392D0E66156824BC7426B9C68E10E0C20CB PUP.Optional.PCGold, C:\USERS\{username}\Desktop\PC Gold Optimizer and system repair.lnk, Quarantined, 3564, 863406, , , , , BF089D8F4B47E4B831B910F2E7B5FC19, FA50455D7884C15B20FE743D1A790C51FD06F7DEB0EEC8A00F15CC1EBE7111A8 PUP.Optional.PCGold, C:\PROGRAM FILES (X86)\PC GOLD OPTIMIZER AND SYSTEM REPAIR\PC GOLD OPTIMIZER AND SYSTEM REPAIR.EXE, Quarantined, 3564, 863406, 1.0.31268, , ame, , 40D98372009CA5B24BBD05EC06A65594, D061CFA1A3F86A8CBABACABBA0F419E99A868BE96B2427A851F6D26558ADC451 PUP.Optional.PCGold, C:\USERS\{username}\DOWNLOADS\SETUP.EXE, Quarantined, 3564, 863406, 1.0.31268, , ame, , 524AC21DFEE8FE081C15872F1973E475, 3615FC855A22AE05E4BB2F77635B664D81AEC12E612B2AB850E413EC43169CB8 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention