PUP.Optional.MorePowerfulCleaner

Short bio

PUP.Optional.MorePowerfulCleaner is a potentially unwanted program (PUP), specifically a system optimizer for Windows.

GUI MorePowerfulCleaner

GUI MorePowerfulCleaner

Type and source of infection

PUP.Optional.MorePowerfulCleaner is promoted as software to speed up users’ Windows systems by cleaning out junk files and doing some “smart balancing”. It also promises to improve your internet connection by speeding it up, blocking ads and smart monitoring. The overall goal of this PUP is to increase the amount of advertisement impressions shown to the user. This is done by hijacking the browser’s Start page and advertising based on the affected system’s geolocation.

PUP.Optional.MorePowerfulCleaner installers can either be downloaded from their website or be found in several software bundles. The installer from the official site and the one found in bundles behave differently. For example, the former performs no Start page hijacking and drops less icons on user desktops.

icon MorePowerfulCleaner

icon MorePowerfulCleaner

 

warning MorePowerfulCleaner

warning MorePowerfulCleaner


 
installed MorePowerfulCleaner

Installed features and programs entry for MorePowerfulCleaner

Protection

Malwarebytes protects users from PUP.Optional.MorePowerfulCleaner by using real-time protection.

block PUP.Optional.MorePowerfulCleaner

Malwarebytes blocks PUP.Optional.MorePowerfulCleaner

Remediation

Malwarebytes can detect and remove PUP.Optional.MorePowerfulCleaner without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  3. Then click Finish.
  4. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  5. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  6. When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  7. Restart your computer when prompted to do so.

Malwarebytes removal log

A Malwarebytes log of removal will look similar to this:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/22/2016
Scan Time: 11:12 AM
Logfile: mbamMyPCBackup.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.22.07
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321533
Time Elapsed: 8 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MyPCBackup, C:\Program Files (x86)\OLBPre\OLBPre.exe, 2632, Delete-on-Reboot, [0f202b4aecaef2443ad9fc94e21fce32]

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OLBPre, Quarantined, [50dfacc9e0ba85b13fc96fddce364bb5], 
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33A0B791-213F-48AD-AC7D-989EE32023B7}, Delete-on-Reboot, [41ee066fb4e6181ef873529dd23157a9], 
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchPreSignup, Delete-on-Reboot, [45ead79eebaf92a40ed0aefe9370d62a], 

Registry Values: 2
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{33A0B791-213F-48AD-AC7D-989EE32023B7}|Path, \LaunchPreSignup, Delete-on-Reboot, [41ee066fb4e6181ef873529dd23157a9]
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OLBPRE|DisplayName, MyPC Backup , Quarantined, [3bf480f59ffb73c3a79ace142fd435cb]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre, Delete-on-Reboot, [8ea10c69d0ca3cfa073a8a26cb3820e0], 

Files: 15
PUP.Optional.MyPCBackup, C:\Program Files (x86)\OLBPre\OLBPre.exe, Delete-on-Reboot, [0f202b4aecaef2443ad9fc94e21fce32], 
PUP.Optional.MyPCBackup, C:\Users\{username}\Desktop\setup.exe, Quarantined, [d55a6312653501356ca7cfc1976aa55b], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\OLBPre\uninst.exe, Quarantined, [50dfacc9e0ba85b13fc96fddce364bb5], 
PUP.Optional.MyPCBackup, C:\Users\{username}\Desktop\MyPC Backup.lnk, Quarantined, [44eb0a6b9bff1d19e5f4ddcf2cd77d83], 
PUP.Optional.MyPCBackup, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk, Quarantined, [2609d3a27b1f76c0f4e76349db28a957], 
PUP.Optional.MyPCBackup, C:\Windows\System32\Tasks\LaunchPreSignup, Quarantined, [9e910f663f5b4fe7c01c7d2f2fd450b0], 
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre\OLBPre.exe.config, Quarantined, [8ea10c69d0ca3cfa073a8a26cb3820e0], 
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre\brand.jdat, Quarantined, [8ea10c69d0ca3cfa073a8a26cb3820e0], 
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre\de_DE.mo, Quarantined, [8ea10c69d0ca3cfa073a8a26cb3820e0], 
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre\es_ES.mo, Quarantined, [8ea10c69d0ca3cfa073a8a26cb3820e0], 
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre\fr_FR.mo, Quarantined, [8ea10c69d0ca3cfa073a8a26cb3820e0], 
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre\it_IT.mo, Quarantined, [8ea10c69d0ca3cfa073a8a26cb3820e0], 
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre\LinqBridge.dll, Delete-on-Reboot, [8ea10c69d0ca3cfa073a8a26cb3820e0], 
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre\pt_PT.mo, Quarantined, [8ea10c69d0ca3cfa073a8a26cb3820e0], 
PUP.Optional.PreBackup, C:\Program Files (x86)\OLBPre\state.jdat, Quarantined, [8ea10c69d0ca3cfa073a8a26cb3820e0], 

Physical Sectors: 0
(No malicious items detected)


(end)

Add an exclusion

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.

The Exclusions tab includes a list of items to be excluded from scans. The items may include files, folders, websites, or applications that connect to the Internet, as well as previously detected exploits.

To access the exclusions in Malwarebytes:

  • Click on the Settings tab in the left pane.
  • Click on the Exclusions tab.
  • Click the Add Exclusion button.
  • Select the exclusion type Exclude a File or Folder and use the Browse button to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary folder(s) that belong to the software.
  • If you want to allow the program to connect to the Internet, for example to fetch updates, add an exclusion of the type Exclude an application that Connects to the Internet and use the Browse button to select the file you wish to grant access.

Traces/IOCs

You may see these entries in FRST logs:

(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
 (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
 (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\AdCleaner.exe
 (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCDesktop.exe
 (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPC.exe
 (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
 (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\AdxEngine.exe
 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo={countrycode}
 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo={countrycode}
 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo={countrycode}
 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo={countrycode}
 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo={countrycode}
 FF Homepage: search.mpc.am
 CHR HomePage: Default -> search.mpc.am
 CHR StartupUrls: Default -> "search.mpc.am" 
 R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [355808 2016-09-01] (DotC United Inc)
 R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-09-01] (DotC United Inc)
 C:\Users\Metallica\AppData\Roaming\MCorp
 (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
 C:\Program Files (x86)\MPC Cleaner
 C:\Users\Public\Desktop\MPC Desktop.lnk
 C:\Users\Public\Desktop\MPC AdCleaner.lnk
 C:\Users\Public\Desktop\MPC Cleaner.lnk
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC

MPC Cleaner (HKLM-x32\...\MPC) (Version:  - DotC United Inc)
() C:\Program Files (x86)\MPC Cleaner\zlib1.dll

Related blog content

how to avoid potentially unwanted programs

Registry Cleaners: Digital Snake Oil

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language