Logo_Malware
PrimaryColor is an advertising program whose objective is to earn money by generating Web traffic. He usually moved without your knowledge via the download of freeware. For consultation of some sites, like Amazon, it offers coupons on multiple products. It collects information about your navigation habits. It promotes its products (advertisements) and boosted the ranking of sponsored sites. It displays messages of safety on the instability of the system. It slowed down the performance of the system and internet navigation.
Identified 20/05/2015

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions:

– It installs as a process launched at startup of the system (RP),
– It changes the start page of the browser Internet Explorer (R0),
– It changes the browser Internet Explorer (R1) search page,
– It installs a program of extension for browser Mozilla Firefox (M2)
– It installs a plugin for the browser Mozilla Firefox (M3)
– It installs a program of extension for the browser Google Chrome (G2)
– It is installed as a BHO (Browser Helper Object) of internet browser (O2),
– It installs as a service to be launched each time the system (O23),(SS/SR).
– It installs as a (O42) program,
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– He moved to the Windows prefetcher (O45) folder.
– It creates multiple files users (O61),
– It creates a Legacy pointing to a malware (O64) service, key in the registry
– It creates registry keys Tracing (O100)
– It creates keys from registry CLSID (O101)

ZHPDiag report:

[MD5.56C50689D22EEC7EB963665848BA6E1B] – (…) — C:\Program Files (x86)\PrimaryColor\updatePrimaryColor.exe [66336] [PID.3192] [MD5.56C50689D22EEC7EB963665848BA6E1B] – (…) — C:\Program Files (x86)\PrimaryColor\bin\utilPrimaryColor.exe [66336] [PID.5532] M2 – MFEP: Extension [Coolman – pq5vmmta.default] {be5bf058-a067-4076-8c2e-22b9345a0260}
O2 – BHO: PrimaryColor [64Bits] – {fdc52258-a905-4607-ad88-2f692356525f} . (.PrimaryColor – PrimaryColor.) — C:\Program Files (x86)\PrimaryColor\PrimaryColorBHO.dll
O23 – Service: Update Primary Color (Update Primary Color) . (…) – C:\Program Files\Primary Color\updatePrimaryColor.exe
O23 – Service: Util Primary Color (Util Primary Color) . (…) – C:\Program Files\Primary Color\bin\utilPrimaryColor.exe
O42 – Logiciel: Primary Color – (.Primary Color.) [HKLM] — Primary Color[HKCU\Software\Primary Color] [HKLM\Software\Wow6432Node\Primary Color] O43 – CFD: 18/05/2015 – 14:41:38 – [] —-D C:\Program Files\Primary Color
O64 – Services: CurCS – 18/05/2014 – C:\Program Files\Primary Color\updatePrimaryColor.exe (Update PrimaryColor) .(…) – LEGACY_UPDATE_PrimaryColor
O64 – Services: CurCS – 18/05/2014 – C:\Program Files\Primary Color\bin\utilPrimaryColor.exe (Util PrimaryColor) .(…) – LEGACY_UTIL_PrimaryColor
SR – | Auto 18/05/2015 647928 | (Update Primary Color) . (…) – C:\Program Files\Primary Color\updatePrimaryColor.exe
SR – | Auto 18/05/2015 647928 | (Util Primary Color) . (…) – C:\Program Files\Primary Color\bin\utilPrimaryColor.exe
HKLM\SOFTWARE\Microsoft\Tracing\PrimaryColor_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\PrimaryColor_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\updatePrimaryColor_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\updatePrimaryColor_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\utilPrimaryColor_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\utilPrimaryColor_RASMANCS[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Primary Color] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222}] [HKLM\Software\Classes\CLSID\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222}] [HKLM\SYSTEM\CurrentControlSet\Services\Update PrimaryColor] [HKLM\SYSTEM\CurrentControlSet\Services\Util PrimaryColor] [HKCU\Software\PrimaryColor] [HKLM\Software\Wow6432Node\PrimaryColor] C:\Program Files\Primary Color
C:\Program Files (x86)\Primary Color
C:\Program Files (x86)\Primary Color\updatePrimaryColor.exe
C:\Program Files (x86)\Primary Color\bin\utilPrimaryColor.exe
C:\Program Files (x86)\Primary Color\PrimaryColorBHO.dll

Link:

This entry is classified as malware, spyware, adware, or other potentially unwanted software.

Alias:

PUP.Optional.PrimaryColor.A [Malwarebytes] PUP.Optional.Sambreel (Malwarebytes)
Adware.PrimaryColor [Malwarebytes] Adware.SuperWeb [Malwarebytes] Adware.Sambreel

Remove:

– Remove extension “Primary Color” of all installed browsers
– Remove the plugin “Primary Color” of all installed browsers,
– Remove software via Windows Configuration Panel,
Remove with ZHPcleaner
ZHPCleaner_EN2
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:24+00:00 Categories: Polluteware, PUP|Tags: , |Comments Off on PUP.Optional.PrimaryColor