Jump to content

Recommended Posts

  • Staff

What is ID SafeXpress?

The Malwarebytes research team has determined that ID SafeXpress is a "privacy optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
Their support telephone number has been accused of performing Tech Support Scams.

How do I know if I am infected with ID SafeXpress?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this warning during install:

warning1.png

and these screens during "operations":

warning5.png

warning6.png

You may see this entry in your list of installed programs:

warning4.png

and these tasks in your list of Scheduled Tasks:

warning3.png

How did ID SafeXpress get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:

website.png

How do I remove ID SafeXpress?

Our program Malwarebytes can detect and remove this potentially unwanted application.

  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

Is there anything else I need to do to get rid of ID SafeXpress?

  • No, Malwarebytes removes ID SafeXpress completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the ID SafeXpress installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

 

protection1.png


and we block access to their domain:
 

protection2.png


Technical details for experts

You may see these entries in FRST logs:

 

 (ID SafeXpress) C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe
 HKCU\...\Run: [IDSafeXpress] => C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe [7509936 2017-05-03] (ID SafeXpress)
 C:\Windows\System32\Tasks\IDSafeXpress_Popup3
 C:\Windows\System32\Tasks\IDSafeXpress_Popup
 C:\Windows\System32\Tasks\IDSafeXpress_Master
 C:\Users\{username}\Desktop\ID SafeXpress.lnk
 C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ID SafeXpress
 C:\Users\{username}\AppData\Local\IDSafeXpress
 C:\Program Files (x86)\ID SafeXpress
 (ID SafeXpress) C:\Users\{username}\Downloads\IDSafeXpressSetup_silent.exe

ID SafeXpress (HKLM-x32\...\ID SafeXpress) (Version: 3.3.5 - ID SafeXpress)
Task: {5EC84F55-8A56-4F93-A9C7-467A5E22FC15} - System32\Tasks\IDSafeXpress_Popup => C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe [2017-05-03] (ID SafeXpress)
Task: {AD6B0C8C-816F-4A80-84FD-CE73D1295057} - System32\Tasks\IDSafeXpress_Popup3 => C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe [2017-05-03] (ID SafeXpress)
Task: {F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7} - System32\Tasks\IDSafeXpress_Master => C:\Program Files (x86)\ID SafeXpress\InstAct.exe [2017-05-03] ()

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\ID SafeXpress
       Adds the file Esent.Interop.dll"="11/28/2016 7:09 PM, 326656 bytes, A
       Adds the file IDSafeXpress.exe"="5/3/2017 9:14 PM, 7509936 bytes, A
       Adds the file IDSafeXpress.exe.config"="11/28/2016 7:09 PM, 231 bytes, A
       Adds the file InstAct.exe"="5/3/2017 9:14 PM, 35248 bytes, A
       Adds the file InstAct.exe.config"="11/28/2016 7:09 PM, 232 bytes, A
       Adds the file Microsoft.Win32.TaskScheduler.dll"="11/28/2016 7:09 PM, 322560 bytes, A
       Adds the file Newtonsoft.Json.dll"="11/28/2016 7:09 PM, 494080 bytes, A
       Adds the file PrivacyEngine.dll"="5/3/2017 9:07 PM, 126464 bytes, A
       Adds the file PrivacyEngine.dll.config"="11/28/2016 7:09 PM, 229 bytes, A
       Adds the file Push.exe"="5/3/2017 9:14 PM, 25008 bytes, A
       Adds the file Push.exe.config"="12/19/2016 5:57 PM, 224 bytes, A
       Adds the file schedc.exe"="5/3/2017 9:14 PM, 29616 bytes, A
       Adds the file schedc.exe.config"="11/28/2016 7:09 PM, 232 bytes, A
       Adds the file schedc10.exe"="5/3/2017 9:14 PM, 32176 bytes, A
       Adds the file schedc10.exe.config"="11/28/2016 7:09 PM, 232 bytes, A
       Adds the file Setup.dll"="5/3/2017 9:07 PM, 66560 bytes, A
       Adds the file Setup.dll.config"="11/28/2016 7:09 PM, 229 bytes, A
       Adds the file System.Data.SQLite.dll"="11/28/2016 7:09 PM, 1175552 bytes, A
       Adds the file TaskTools.exe"="5/3/2017 9:14 PM, 60848 bytes, A
       Adds the file TaskTools.exe.config"="11/28/2016 7:09 PM, 231 bytes, A
       Adds the file uninstall.exe"="5/3/2017 9:15 PM, 198816 bytes, A
       Adds the file updater.exe"="5/3/2017 9:14 PM, 506800 bytes, A
       Adds the file updater.ini"="3/1/2018 9:25 AM, 371 bytes, A
       Adds the file Util.dll"="5/3/2017 9:07 PM, 224768 bytes, A
    Adds the folder C:\Program Files (x86)\ID SafeXpress\ar
       Adds the file IDSafeXpress.resources.dll"="5/3/2017 9:08 PM, 37376 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\IDSafeXpress
       Adds the file chcookies.txt"="3/1/2018 9:25 AM, 4040 bytes, A
       Adds the file debug.log"="3/1/2018 9:25 AM, 894 bytes, A
       Adds the file ffcookies.txt"="3/1/2018 9:25 AM, 2972 bytes, A
       Adds the file IDSafeXpress.settings"="3/1/2018 9:25 AM, 1840 bytes, A
       Adds the file iecookies.txt"="3/1/2018 9:25 AM, 17544 bytes, A
       Adds the file log.rtf"="3/1/2018 9:25 AM, 1259 bytes, A
       Adds the file lsttick"="3/1/2018 9:25 AM, 8 bytes, A
       Adds the file report.txt"="3/1/2018 9:25 AM, 92 bytes, A
       Adds the file wndstate.tmp"="3/1/2018 9:25 AM, 5 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ID SafeXpress
       Adds the file ID SafeXpress.lnk"="3/1/2018 9:25 AM, 1098 bytes, A
       Adds the file Uninstall ID SafeXpress.lnk"="3/1/2018 9:25 AM, 864 bytes, A
    In the existing folder C:\Users\{username}\Desktop
       Adds the file ID SafeXpress.lnk"="3/1/2018 9:25 AM, 1062 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file IDSafeXpress_Master"="3/1/2018 9:25 AM, 3012 bytes, A
       Adds the file IDSafeXpress_Popup"="3/1/2018 9:25 AM, 3478 bytes, A
       Adds the file IDSafeXpress_Popup3"="3/1/2018 9:25 AM, 3744 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ID SafeXpress]
       " "="REG_SZ", "C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ID SafeXpress\ID SafeXpress]
       "Path"="REG_SZ", "C:\Program Files (x86)\ID SafeXpress"
       "Version"="REG_SZ", "3.3.5"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ID SafeXpress]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe"
       "DisplayName"="REG_SZ", "ID SafeXpress"
       "DisplayVersion"="REG_SZ", "3.3.5"
       "EstimatedSize"="REG_DWORD", 11185
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "ID SafeXpress"
       "QuietUninstallString"="REG_SZ", "C:\Program Files (x86)\ID SafeXpress\uninstall.exe /S"
       "UninstallString"="REG_SZ", "C:\Program Files (x86)\ID SafeXpress\uninstall.exe"
    [HKEY_CURRENT_USER\Software\ID SafeXpress\ID SafeXpress]
       "Custom1"="REG_DWORD", 1
       "Custom2"="REG_DWORD", 1
       "ResName"="REG_SZ", "Silent"
    [HKEY_CURRENT_USER\Software\IDSafeXpressValidity]
       "Base"="REG_SZ", "Oracle CorporationBase Board0"
       "Bios"="REG_SZ", "innotek GmbHVirtualBox020061201000000.000000+000VBOX   - 1"
       "BuyLink"="REG_SZ", "https://safecart.com/pcprivacykeeper/IDSafExpress/IDSE29I?c_fid=pcprivacykeeper-sbam&1click=sbam2"
       "Cpu"="REG_SZ", "Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz2808"
       "Disk"="REG_SZ", "VBOX HARDDISK ATA Device(Standard disk drives)"
       "lang"="REG_SZ", "en"
       "NeedsRenewal"="REG_SZ", "False"
       "PhoneNum"="REG_SZ", "1-855-579-9276"
       "Reg"="REG_SZ", "EAAAAF1VgdULB+CxGvHMHaZU2RHotNKlCpPzsb7OQqqKLW9t"
       "SplashTime"="REG_QWORD, ....
       "Support"="REG_SZ", "https://www.idsafexpress.com/contact/"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "IDSafeXpress"="REG_SZ", ""C:\Program Files (x86)\ID SafeXpress\IDSafeXpress.exe" minimized"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/1/18
Scan Time: 9:36 AM
Log File: 93dd4207-1d2b-11e8-8ae7-080027235d76.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4156
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 242811
Threats Detected: 100
Threats Quarantined: 99
Time Elapsed: 3 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.IDSafeXpress, C:\PROGRAM FILES (X86)\ID SAFEXPRESS\IDSAFEXPRESS.EXE, Quarantined, [833], [493709],1.0.4156

Module: 2
PUP.Optional.IDSafeXpress, C:\PROGRAM FILES (X86)\ID SAFEXPRESS\IDSAFEXPRESS.EXE, Quarantined, [833], [493709],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\System.Data.SQLite.dll, Quarantined, [3981], [493699],1.0.4156

Registry Key: 18
PUP.Optional.IDSafeXpress, HKCU\SOFTWARE\ID SafeXpress, Quarantined, [833], [493707],1.0.4156
PUP.Optional.IDSafeXpress, HKCU\SOFTWARE\IDSafeXpressValidity, Quarantined, [833], [493708],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\WOW6432NODE\ID SafeXpress, Quarantined, [833], [493703],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5EC84F55-8A56-4F93-A9C7-467A5E22FC15}, Quarantined, [833], [493713],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AD6B0C8C-816F-4A80-84FD-CE73D1295057}, Quarantined, [833], [493713],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}, Quarantined, [833], [493713],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IDSafeXpress_Popup, Quarantined, [833], [493709],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5EC84F55-8A56-4F93-A9C7-467A5E22FC15}, Quarantined, [833], [493709],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IDSafeXpress_Popup3, Quarantined, [833], [493709],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{AD6B0C8C-816F-4A80-84FD-CE73D1295057}, Quarantined, [833], [493709],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IDSafeXpress_Master, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ID SafeXpress, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IDSafeXpress_Master, Quarantined, [3981], [-1],0.0.0
PUP.Optional.IDSafeXpress.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}, Quarantined, [3981], [-1],0.0.0
PUP.Optional.IDSafeXpress.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}, Quarantined, [3981], [-1],0.0.0
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\IDSafeXpress_RASAPI32, Quarantined, [833], [493704],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\IDSafeXpress_RASMANCS, Quarantined, [833], [493704],1.0.4156

Registry Value: 4
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5EC84F55-8A56-4F93-A9C7-467A5E22FC15}|PATH, Quarantined, [833], [493713],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AD6B0C8C-816F-4A80-84FD-CE73D1295057}|PATH, Quarantined, [833], [493713],1.0.4156
PUP.Optional.IDSafeXpress, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F9A61BFE-010F-4295-BEF9-36ABCBCBEFC7}|PATH, Quarantined, [833], [493713],1.0.4156
PUP.Optional.IDSafeXpress, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IDSAFEXPRESS, Quarantined, [833], [493709],1.0.4156

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 18
PUP.Optional.IDSafeXpress, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ID SAFEXPRESS, Quarantined, [833], [493702],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\fil-PH, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\se-FI, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ar, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\da, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\de, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\es, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\fr, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\he, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\it, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ja, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\nl, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\no, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\pt, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ru, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\sv, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\PROGRAM FILES (X86)\ID SAFEXPRESS, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress, C:\USERS\{username}\APPDATA\LOCAL\IDSAFEXPRESS, Removal Failed, [833], [493700],1.0.4156

File: 57
PUP.Optional.IDSafeXpress, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ID SAFEXPRESS\ID SAFEXPRESS.LNK, Quarantined, [833], [493702],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ID SafeXpress\Uninstall ID SafeXpress.lnk, Quarantined, [833], [493702],1.0.4156
PUP.Optional.IDSafeXpress, C:\PROGRAM FILES (X86)\ID SAFEXPRESS\IDSAFEXPRESS.EXE, Quarantined, [833], [493709],1.0.4156
PUP.Optional.IDSafeXpress, C:\WINDOWS\SYSTEM32\TASKS\IDSafeXpress_Popup, Quarantined, [833], [493709],1.0.4156
PUP.Optional.IDSafeXpress, C:\WINDOWS\SYSTEM32\TASKS\IDSafeXpress_Popup3, Quarantined, [833], [493709],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\PROGRAM FILES (X86)\ID SAFEXPRESS\IDSAFEXPRESS.EXE.CONFIG, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ar\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\da\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\de\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\es\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\fil-PH\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\fr\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\he\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\it\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ja\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\nl\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\no\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\pt\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\ru\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\se-FI\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\sv\IDSafeXpress.resources.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Esent.Interop.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\InstAct.exe, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\InstAct.exe.config, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Microsoft.Win32.TaskScheduler.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Newtonsoft.Json.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\PrivacyEngine.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\PrivacyEngine.dll.config, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Push.exe, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Push.exe.config, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\schedc.exe, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\schedc.exe.config, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\schedc10.exe, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\schedc10.exe.config, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Setup.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Setup.dll.config, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\System.Data.SQLite.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\TaskTools.exe, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\TaskTools.exe.config, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\uninstall.exe, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\updater.exe, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\updater.ini, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\Program Files (x86)\ID SafeXpress\Util.dll, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\IDSafeXpress_Master, Quarantined, [3981], [493699],1.0.4156
PUP.Optional.IDSafeXpress.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\IDSafeXpress_Master, Quarantined, [3981], [-1],0.0.0
PUP.Optional.IDSafeXpress, C:\USERS\{username}\DESKTOP\ID SAFEXPRESS.LNK, Quarantined, [833], [493701],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\chcookies.txt, Quarantined, [833], [493700],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\debug.log, Quarantined, [833], [493700],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\ffcookies.txt, Quarantined, [833], [493700],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\IDSafeXpress.settings, Quarantined, [833], [493700],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\iecookies.txt, Quarantined, [833], [493700],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\log.rtf, Quarantined, [833], [493700],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\lsttick, Quarantined, [833], [493700],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\report.txt, Quarantined, [833], [493700],1.0.4156
PUP.Optional.IDSafeXpress, C:\Users\{username}\AppData\Local\IDSafeXpress\wndstate.tmp, Quarantined, [833], [493700],1.0.4156
PUP.Optional.IDSafeXpress, C:\USERS\{username}\DESKTOP\IDSAFEXPRESSSETUP_SILENT.EXE, Quarantined, [833], [493714],1.0.4156
PUP.Optional.IDSafeXpress, C:\USERS\{username}\DOWNLOADS\IDSAFEXPRESSSETUP_SILENT.EXE, Quarantined, [833], [493714],1.0.4156

Physical Sector: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected. 

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.