OneSystemCare is a software usually installs without your knowledge vith the download of freeware. In fact some sites use the method of repackaging. This is an operation that is to redo the module software installation by adding download options. These options allow to add other software as for example toolbars browser, or potentially unwanted software. The addition of these new programs can decrease the performance of the system but also slow or redirect internet surfing. As a general rule, should focus on the author’s official site to download your software.
Identified : 07/08/2015.


– It belongs to a family of PUP (Potentially Unwanted Program).
– A polluteware is a software that pollutes storage and/or the Base of registers.
– Vendor : PUP.Optional


– It installs a plugin of the browser Google Chrome (G2)
– It installs a program of extension for browser Mozilla Firefox (M2)
– It installs a plugin of the browser Mozilla Firefox (P2)
– It changes the start page of the browser Mozilla Firefox (M0),
– It changes the start page of the browser Internet Explorer (R0),
– It changes the browser Internet Explorer search page (R1),
– It changes settings URLSearchHook browser Microsoft Internet Explorer (R3),
– It changes the IP addresses of the file Hosts (O1),
– It is installed as a BHO (Browser Helper Object) of internet browser (O2),
– It installs as a process launched at startup of the system (RP),
– It settled in the Base of registers to be launched each time with the system (O4).
– It hijack key Winsock with its own resource (O10)
– It changes the address or domain DNS (O17)
– It installs as a registry value AppInit_DLLs (O20),
– It installs as a service to be launched each time the system (O23),(SS/SR).
– It starts a task planned in automatic (O39),
– It installs drivers that start automatically with the system (O41)
– It installs as a program (O42),
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It installs a process of variable size to the level of the system folders (O44)
– It moved to the Windows prefetcher folder (O45).
– It installs as a driver system (O58),
– It creates multiple files users (O61),
– It creates a Legacy pointing to a malware service, key in the registry. (O64)
– It modifies the startup of browsers Mozilla Firefox and Internet Explorer (O68),
– It changes the Internet research provider (O69),
– It creates an active incoming connection in the application of the firewall Windows exceptions (O87),


[MD5.832BC388E2A5210A3B4812852F57CBD8] – (…) — C:\Program Files\OneSystemCare\CleanupConsole.exe [483648] [PID.1832]
[MD5.832BC388E2A5210A3B4812852F57CBD8] [APT] [One System Care Monitor] (…) — C:\Program Files\OneSystemCare\CleanupConsole.exe [483648]
[MD5.717F331CDE69E5A32A8B9A0659374F62] [APT] [One System Care Run Delay] (…) — C:\Program Files\OneSystemCare\OneSystemCare.exe [2239808]
[MD5.717F331CDE69E5A32A8B9A0659374F62] [APT] [One System CarePeriod] (…) — C:\Program Files\OneSystemCare\OneSystemCare.exe [2239808]
[MD5.717F331CDE69E5A32A8B9A0659374F62] [APT] [One System CareStartUp] (…) — C:\Program Files\OneSystemCare\OneSystemCare.exe [2239808]
O39 – APT: One System CarePeriod – (…) — C:\Windows\Tasks\One System CarePeriod.job [272]
O39 – APT: One System CarePeriod – (…) — C:\Windows\System32\Tasks\One System CarePeriod [272]
O39 – APT: One System CareStartUp – (…) — C:\Windows\Tasks\One System CareStartUp.job [272]
O39 – APT: One System CareStartUp – (…) — C:\Windows\System32\Tasks\One System CareStartUp [272]
O42 – Logiciel: One System Care – (.OneSystemCare.) [HKLM] — OneSystemCare
[HKCU\Software\One System Care]
O43 – CFD: 06/06/2015 – 13:40:47 – [] —-D C:\Program Files\OneSystemCare
O43 – CFD: 06/06/2015 – 13:40:43 – [] —-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare
O43 – CFD: 06/06/2015 – 13:44:38 – [] —-D C:\Users\Coolman\AppData\Roaming\One System Care


PUP.Optional.Task [Reason Heuristics]


– Remove software in Windows Configuration Panel,
Remove with ZHPcleaner
Diagnose with ZHPDiag