Jump to content

Removal instructions for OneSoftPerDay


Recommended Posts

  • Staff

What is OneSoftPerDay?

The Malwarebytes research team has determined that OneSoftPerDay is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by OneSoftPerDay?

This is how the startpage of the installer looks:

main.png

And you may see this type of popups:

warning1.png

You will find this icon in your taskbar:

icons.png

and this entry in your list of installed programs:

warning4.png

How did OneSoftPerDay get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove OneSoftPerDay?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of OneSoftPerDay?
  • No, Malwarebytes' Anti-Malware removes OneSoftPerDay completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

 

We hope our application and this guide have helped you eradicate this hijacker.  

 

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the OneSoftPerDay hijacker.  It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

 

 

protection1.png

Technical details for experts

 

Signs in a HijackThis log:

O4 - HKLM\..\Run: [ospd_us_66] "C:\Program Files\ospd_us_66\ospd_us_66.exe"O4 - HKLM\..\RunOnce: [upospd_us_66.exe] C:\Users\{username}\AppData\Local\ospd_us_66\upospd_us_66.exe -runonce
 

Alterations made by the installer:

 

File system details  ---------------------------------------------    Adds the folder C:\Program Files\ospd_us_66       Adds the file onesoftperday_widget.exe"="9/3/2014 9:47 AM, 3531232 bytes, A       Adds the file predm.exe"="8/22/2014 11:35 AM, 392944 bytes, A       Adds the file unins000.dat"="9/12/2014 8:18 AM, 17964 bytes, A       Adds the file unins000.exe"="9/12/2014 8:18 AM, 710152 bytes, A       Adds the file unins000.msg"="9/12/2014 8:18 AM, 11410 bytes, A    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY       Adds the file Onesoftperday.lnk"="9/12/2014 8:18 AM, 1061 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\ospd_us_66       Adds the file upospd_us_66.cyl"="9/12/2014 8:21 AM, 524 bytes, A       Adds the file upospd_us_66.exe"="8/29/2014 4:45 PM, 3306976 bytes, A       Adds the file user_profil.cyp"="9/12/2014 8:21 AM, 1676 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]       "ospd_us_66"="REG_SZ", ""C:\Program Files\ospd_us_66\ospd_us_66.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]       "upospd_us_66.exe"="REG_SZ", "C:\Users\{username}\AppData\Local\ospd_us_66\upospd_us_66.exe -runonce"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_66_is1]       "DisplayName"="REG_SZ", "OneSoftPerDay 025.66"       "EstimatedSize"="REG_DWORD", 7755       "HelpLink"="REG_SZ", "http://us.onesoftperday.com"       "Inno Setup: App Path"="REG_SZ", "C:\Program Files\ospd_us_66"       "Inno Setup: Icon Group"="REG_SZ", "ONESOFTPERDAY"       "Inno Setup: Language"="REG_SZ", "us"       "Inno Setup: Setup Version"="REG_SZ", "5.5.4 (a)"       "Inno Setup: User"="REG_SZ", "Malwarebytes"       "InstallDate"="REG_SZ", "20140912"       "InstallLocation"="REG_SZ", "C:\Program Files\ospd_us_66\"       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "ONESOFTPERDAY"       "QuietUninstallString"="REG_SZ", ""C:\Program Files\ospd_us_66\unins000.exe" /SILENT"       "UninstallString"="REG_SZ", ""C:\Program Files\ospd_us_66\unins000.exe""       "URLInfoAbout"="REG_SZ", "http://us.onesoftperday.com"       "URLUpdateInfo"="REG_SZ", "http://us.onesoftperday.com"    [HKEY_LOCAL_MACHINE\SOFTWARE\ONESOFTPERDAY\ospd_us_66]       "PathInstall"="REG_SZ", "C:\Program Files\ospd_us_66"    [HKEY_LOCAL_MACHINE\SOFTWARE\Tutorials]       "HostGUID"="REG_SZ", "97A5A7C9-2965-472C-9BF8-22E4DEB380B8"    [HKEY_CURRENT_USER\Software\Tutorials\updatetutorialeshp]       "(Default)"="REG_SZ", "1.0.0.0"       "MainDir"="REG_SZ", "C:\Users\{username}\AppData\Local\ospd_us_66"       "version"="REG_SZ", "1.0.0.0"    [HKEY_CURRENT_USER\Software\Tutorials\updatetutorialshp]       "MainDir"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\Tutorials\updv]       "version"="REG_SZ", "14.08.28"    [HKEY_CURRENT_USER\Software\TutoTag]       "AgenceInstalledYet"="REG_SZ", "true"       "OnceInstalled"="REG_SZ", "us"
 

Malwarebytes Anti-Malware log:

 

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 9/12/2014Scan Time: 8:31:41 AMLogfile: mbamOSPD.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.09.12.02Rootkit Database: v2014.09.10.02License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 265350Time Elapsed: 3 min, 12 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 2PUP.Optional.OneSoft, C:\Program Files\ospd_us_66\onesoftperday_widget.exe, 3200, Delete-on-Reboot, [8d351dcf760570c6da9c8d61db2955ab]PUP.Optional.OneSoftPerDay.A, C:\Users\{username}\AppData\Local\ospd_us_66\upospd_us_66.exe, 2900, Delete-on-Reboot, [685a58943447e551a66622d8748efb05]Modules: 0(No malicious items detected)Registry Keys: 3PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\ONESOFTPERDAY, Quarantined, [13af84681c5fdc5ab67c45b67b8710f0], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_66_is1, Quarantined, [2e94ce1ee4973501c170d328cf33b54b], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [d1f18b61aad1181e0bea71f7a3615aa6], Registry Values: 2PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_66, "C:\Program Files\ospd_us_66\ospd_us_66.exe", Quarantined, [a022af3d6714092d2311d4272dd55da3]PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upospd_us_66.exe, C:\Users\{username}\AppData\Local\ospd_us_66\upospd_us_66.exe -runonce, Quarantined, [685a58943447e551a66622d8748efb05]Registry Data: 0(No malicious items detected)Folders: 3PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, Quarantined, [5b6714d8740778be26e57f7bd72bef11], PUP.Optional.OneSoftPerDay.A, C:\Users\{username}\AppData\Local\ospd_us_66, Delete-on-Reboot, [685a58943447e551a66622d8748efb05], PUP.Optional.OneSoftPerDay.A, C:\Program Files\ospd_us_66, Delete-on-Reboot, [368c77758dee989e30ddfa00936fec14], Files: 10PUP.Optional.OneSoft, C:\Program Files\ospd_us_66\onesoftperday_widget.exe, Delete-on-Reboot, [8d351dcf760570c6da9c8d61db2955ab], PUP.Optional.Tuto4PC, C:\Users\{username}\Desktop\ONESOFTPERDAY.exe, Quarantined, [388a77752f4ca88e2aaf28c67e86f40c], PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, Quarantined, [5b6714d8740778be26e57f7bd72bef11], PUP.Optional.OneSoftPerDay.A, C:\Users\{username}\AppData\Local\ospd_us_66\upospd_us_66.cyl, Quarantined, [685a58943447e551a66622d8748efb05], PUP.Optional.OneSoftPerDay.A, C:\Users\{username}\AppData\Local\ospd_us_66\upospd_us_66.exe, Delete-on-Reboot, [685a58943447e551a66622d8748efb05], PUP.Optional.OneSoftPerDay.A, C:\Users\{username}\AppData\Local\ospd_us_66\user_profil.cyp, Quarantined, [685a58943447e551a66622d8748efb05], PUP.Optional.OneSoftPerDay.A, C:\Program Files\ospd_us_66\predm.exe, Quarantined, [368c77758dee989e30ddfa00936fec14], PUP.Optional.OneSoftPerDay.A, C:\Program Files\ospd_us_66\unins000.dat, Quarantined, [368c77758dee989e30ddfa00936fec14], PUP.Optional.OneSoftPerDay.A, C:\Program Files\ospd_us_66\unins000.exe, Quarantined, [368c77758dee989e30ddfa00936fec14], PUP.Optional.OneSoftPerDay.A, C:\Program Files\ospd_us_66\unins000.msg, Quarantined, [368c77758dee989e30ddfa00936fec14], Physical Sectors: 0(No malicious items detected)(end)
 

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.