Most Valued Members Nightowl 202 Posted November 21, 2021 Most Valued Members Share Posted November 21, 2021 (edited) Hello, https://www.virustotal.com/gui/file/faa55ba4b50f6eebbbaddf029f97e0324fd9dc1d606fed18935d999460dfd361?nocache=1https://www.virustotal.com/gui/file/57b485a86929cca59150579b362ac8812a67a3e464a7663a5d3d39d4cdf1e0e9?nocache=1https://www.virustotal.com/gui/file/c960dd553a71f676a30c93a5f6f3aa6a6363cff6547aa1bd07e2d53c1fd240cb?nocache=1 Those are PUP for some application that is called ChronoSpeedUp or PCAcceleratePro , even if you uninstall it , it will come back from AutoRun after restart, need to be disabled from AutoRun also Not detected by ESET , had to clean it manually. And unfortunately I don't have the files anymore as I've deleted them , PC was scanned with Online Scanner as ESET isn't running on it. I know I have to send to samples email , but I don't have the sample anymore. Fortinet helped catch it because it blocked all it's traffic from Web Filter as Malicious Websites Those are them Edited November 25, 2021 by Nightowl mallard65 1 Link to comment Share on other sites More sharing options...
itman 1,659 Posted November 21, 2021 Share Posted November 21, 2021 (edited) Some interesting observations about ChronoSpeedupAS.exe per VT: Quote Copyright ChronoSpeedup Works (c) 2021 Product ChronoSpeedup Description ChronoSpeedup Original Name ChronoSpeedup Internal Name ChronoSpeedup File Version 1.0.6.52 Persistence is maintained via Win scheduled task entry: https://itsafety.net/report/20211118-45ad099f96f4edd0873ee4d247a02571-chronospeedupas-exe_general-threat . Also this analyzed version: Quote Product version: 1.0.0.1+21:51:16_9/20/2021 Appears to be not the one that ended up on your device and is not listed on VT. Edited November 21, 2021 by itman Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted November 22, 2021 Author Most Valued Members Share Posted November 22, 2021 (edited) Those in the links I have uploaded them from the Infected PC before I cleaned them manually since most AVs didn't detect any of it , I don't know if it's harmful , but it prevents you from uninstalling and keep re-installing , and also keep communicating with weird places about most details of the PC. Seems like that Kaspersky and McAfee and rest started to detect it , Kaspersky AI now see it as HOAX Win32 , still no detection by ESET. That's another remenant found in TMP folder by HitmanPro https://www.virustotal.com/gui/file/4a4c15adf5a87c6459edfe9e7e39b29c1b632b763cf94e8419d968532c3c3078?nocache=1 Edited November 22, 2021 by Nightowl Link to comment Share on other sites More sharing options...
Lockbits 10 Posted November 22, 2021 Share Posted November 22, 2021 On 11/21/2021 at 4:47 AM, Nightowl said: Hello, https://www.virustotal.com/gui/file/faa55ba4b50f6eebbbaddf029f97e0324fd9dc1d606fed18935d999460dfd361?nocache=1https://www.virustotal.com/gui/file/57b485a86929cca59150579b362ac8812a67a3e464a7663a5d3d39d4cdf1e0e9?nocache=1https://www.virustotal.com/gui/file/c960dd553a71f676a30c93a5f6f3aa6a6363cff6547aa1bd07e2d53c1fd240cb?nocache=1 Those are PUP for some application that is called ChronoSpeedUp or PCAcceleratePro , even if you uninstall it , it will come back from AutoRun after restart, need to be disabled from AutoRun also Not detected by ESET , had to clean it manually. And unfortunately I don't have the files anymore as I've deleted them , PC was scanned with Online Scanner as ESET isn't running on it. I know I have to send to samples email , but I don't have the sample anymore. Fortinet helped catch it because it blocked all it's traffic from Web Filter as Malicious Websites Those are them Two of these samples are detected by ESET as "a variant of Win32/Adware.PCAcceleratePro.T.gen application". Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted November 23, 2021 Author Most Valued Members Share Posted November 23, 2021 The program seems to be useless, but for sure in background it's doing some weird things , like send user data and stuff like that, what makes it more annoying that it will keep reinstalling itself even if you uninstall normally from the uninstall file. Link to comment Share on other sites More sharing options...
Recommended Posts