PDA

View Full Version : WDOoptimiseur -- Ever Hear of it?



Brownie T. Cow
2016-11-14, 20:48
Hi folks,

Poking around my Windows 7 'puter the other day (actually trying to figure out why windows update isn't installing some of the security updates, but that's another story), I came across a file called WDOoptimiseur.exe. I didn't recognize it.

It was located in c:\program files\common files\ and there were several (20+) other files in the folder with it -- dll's and such. File properties reported the creator as "PC SOFT". It was installed on my system on October 20, 2016.

Like a good doobie,I clicked the exe file. What came up was something that looked like a program, written in French. "What is this?" I asked myself as I exited quickly. Soon thereafter, I used Revo Uninstaller to uninstall it. It had written about four lines in the registry which I deleted.

So far there don't seem to be any ill effects. System is actually running faster now, but that could be due to the other housecleaning I did recently.

Google/yahoo/duck duck searches provide no information on WDOoptimiseur or PC SOFT whatsoever (PC Soft seems to be a defunct company). Spybot, MS Security Essentials and Ccleaner don't report it as malware. So, does anyone know what WDOoptimiseur might be? Good, bad, or otherwise?

Thanks :)

Juliet
2016-11-15, 01:01
Welcome

“WDO” stands for Wood Destroying Organism?

PC SOFT is specialized in the design of professional development tools for Internet?

If you had intentionally downloaded this, then you wouldn't be surprised. If you downloaded something recently it could had been bundled.

What we can do is search for remnants or see if anything dubious is on your computer.

Please back up your registry!

Backup the Registry:
Credit: Dakeyras

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg


Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg


Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed HERE (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325)


``````````````````````````````````````````````````````

Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs

Farbar Log


Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.

Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

(A simple way to check your system: Start --> Computer (right click) --> Properties
How to determine whether a computer is running a 32-bit version or 64-bit version (http://support.microsoft.com/kb/827218)of the Windows operating system


Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked



Do not check
*List BCD
*Drivers MD5
*Shortcut txt

Or your logs will be too long to post.



Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
Please copy and paste log into your topic.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.



aswMBR Log

Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.

Please download aswMBR (http://public.avast.com/%7Egmerek/aswMBR.exe) to your desktop.



Double click the aswMBR icon to run it.
If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.