System Assistant

System Assistant is a rogue system optimizer that displays pre-determined search results to make people purchase its license

System Assistant - fake optimiser

System Assistant - fake optimiser

System Assistant is a legitimate, though highly questionable, PC optimization utility by SoftCity and Smart PC Solutions, Inc. Cybersecurity experts have recently included it in the category of the potentially unwanted programs (PUP) since it started exhibiting suspicious activities on a host computer. Close analysis of the program revealed that this so-called system optimizer displays false positive[1] scan results to scare people into thinking that their machines are heavily polluted by viruses like Trojans, spyware, and keyloggers. However, this optimizer itself is related to a heuristic detection names Riskware/SafeCleaner, PUP.Optional.Avanquest, and PUA: Win32/SpeedingUpMy PC.

This potentially unwanted program can be considered a System Assistant virus because it infiltrates PCs via software bundlers like download managers, free games or software updates. It spreads as a pre-checked component, which can only be opted-out by selecting Advanced or Custom installation options. The installer itself adds an icon in the taskbar, start menu, and desktop. The main installer ends up in the C:\Program Files (x86)\System Assistant. Upon successful infiltration, the System Assistant virus creates a Scheduled Task C:\Program Files (x86)\System Assitant\SANotifications.exe, which launches the scanner on a regular basis.

NAME System Assistant
Developers SoftCity and Smart PC Solutions, Inc.
Classification Potentially unwanted program (PUP), rogue system tools
Distribution It has the official website and can be downloaded directly. However, it is also distributed via software bundles and the vast majority of downloads are indirect. The program is installed by default after leaving it as a pre-checked component of a freeware[2]
Symptoms  The tool stars launching its fake scanners once inside the system. The tool displays exaggerated scan results, which may include both system errors and malicious entries. The installed free version cannot fix the alleged issues, therefore, the user is continuously urged to pay for the license. 
AV detection RiskWare:Win32/SafeCleaner.158c515a,, 
PUA:Win32/SpeedingUpMyPC, PUP.Optional.Avanquest, PUA.Avanquest!8.1070F (CLOUD)
 Removal options Reputable AV engines recognize System Assistant as a PUP or virus and can successfully eliminate it alongside its bundle. The misleading optimizer can also be removed manually from the Applications folder. 
Damage repair System Assistant removal does not ensure a full system’s repair. Fake optimization tools like this can have a huge impact on Windows registries, startup programs, Windows startup, files, and others. Reimage Reimage Cleaner Intego is a tool that can help you to fix any damage left after a malware infection. 

Despite being misleading, System Assistant malware may attract people’s attention due to a vividly described features. On the official website, it is represented as a remover of potential privacy risks and PC cleaner capable of regaining hard disk space, as well as eliminating PC’s activity logs, unusual files, settings, and chat histories. However, the application can hardly be considered powerful since. It seems to be shareware that has a predefined virus database and a very limited “knowledge” of the Windows system. Therefore, its scanner can actually do nothing except to slow down PC’s performance and regularly remind you that you have to pay for a license key.

System Assistant is actively promoted via freeware and shareware with an intention to spread free trial versions of the utility as widely as possible. Once the free version reaches a host machine, it creates a scheduled task and keeps scanning the system with an alleged intent – to boost its performance. Even though it may load a scanner and imitate research, the scanner does an ostensible procedure during which the system is neither checked for malware, not the system’s nonconformities. The scan typically ends up with a full list of possible improvements and contains a list of PUPs and malware.

Despite the fact of how bad the System Assistant virus scan results may be, the program will fix the situation as long as the full version won’t be installed. A free trial, as notified on the official website of the tool, is only as powerful as nothing, as it supposed to “Clean up disk space|” and “Remove potential privacy risks.” All the other packages of features, including system maintenance, boosting startup speed, removal of duplicate files, shred, and similar has to be purchased. One month subscription costs 9.99 Eur, while 1 month costs 36 Eur. It’s up to you whether its expensive or not, but we do not recommend paying the money for a tool that promises much and does very little.

Aside from misleading features and unfulfilled promises, the System Assistant virus may be involved in privacy-related issues. The application seems to be filled with tracking cookies used to collect non-personal information like IP address, approximate geo-location, web browsing history, search queries, and similar. If you are currently using this program, open Task Manager and check if the CookieExclusions.exe is on the list. This executable may be responsible for continuous registration of web browsing-related activities and regular transmission of collected information to remote servers. Although it can hardly reach credit card details or other personal information, however some details that you probably don’t want to disclose to the third party may be leaked. As stated in the System Assistant Privacy Policy:

“Personal Information” which means information that normally identifies you as a natural person, or that may be used, either alone or in combination with other information, to personally identify you as an individual. Such information may include a first and last name, an email address, phone number, a home or other physical address, and other contact information. In addition, in some jurisdictions (like the EU for example) and given the specific use we make with the information, IP address that your Internet service provider allocates for your device, may also be considered as Personal Information.

“Non-Personal Information” which means information that cannot personally identify or lead to identifying a natural person. For example, statistics or aggregated information.

 If you have started noticing ongoing system scans, System Assistant removal is the only way to stop them. As pointed out before, this optimization tool can hardly improve your PC’s performance as its sole intention is to infiltrate  PCs unnoticed and then insist on buying its paid version. 

System Assistant malware
System Assistant displays exaggerated scan results to make people think their PCs are seriously infected

System Assistant malware
System Assistant displays exaggerated scan results to make people think their PCs are seriously infected

Luckily, it’s not difficult to remove System Assistant virus from the system. Its main installer can be eliminated like any other application. A bigger problem is the changes that it may initiate on the system. This rogue optimizer may corrupt some registry entries, delete some of the core system’s files, compromise startup programs, and similar. Therefore, upon System Assistant removal you should use a powerful repair utility to fix the damage. We recommend relying on Reimage Reimage Cleaner Intego

Strategies used to spread PUPa around

Potentially unwanted programs (PUPs), including adware, browser hijacker, and rogue system optimizers, often have their official websites and can be installed intentionally by clicking on a direct download link. However, practice shows that these websites are seldom visited and downloads are initiated even less frequently. 

Consequently,  developers tend to misuse software bundlers, which are also known as freeware and shareware. The owners of freeware download websites make an agreement with PUP developers to spread unwanted programs alongside well-requested applications in exchange for commission fees. Consequently, a free application, such as a download manager, a popular game, video streaming software or any other program may disguise more than one PUP under Quick or Basic installation. 

System Assistant mimics real optimization tool
System Assistant spreads a free trial version via freeware bundles and then urges people to purchase the license

System Assistant mimics real optimization tool
System Assistant spreads a free trial version via freeware bundles and then urges people to purchase the license

Since people tend to install programs in a hurry, they often forget the risk of bundles and opt for Quick installation, which does not disclose PUPs. Quick/Basic installation is an implicit user’s consent to install the bundle. To prevent that, it’s a must to opt for Advanced installation, which discloses more installation setup windows and enabled users to remove checkmarks saying that he or she agrees with the installation of additional installers.

System Assistant removal methods

People who have been tricked to install this application will be able to easily remove the System Assistant virus from Windows. You have to access Control Panel, locate the application under the Applications folder, click on it, and select Remove. Then follow the on-screen and finish the process. 

If the program emerged on the system out of nowhere, which means that you were tricked into downloading a software bundle, you will have to take some extra steps to ensure full PUP removal. Carefully check the list of programs and eliminate each one that raises suspicions. Besides, open your web browser – the one that is set by default at the moment, and disable unfamiliar add-ons and plug-ins.  

To speed up System Assistant removal you can use a professional anti-malware program. According to VirusTotal[3], most of the reputable AV engines are capable of detecting this malware. 

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

This entry was posted on 2020-04-20 at 00:35 and is filed under System tools, Viruses.