|Type||Downloader of Suspicious Software|
|Short Description||The program promises to download DirectX.|
|Symptoms||File changes and mutexes are observed.|
|Distribution Method||Unclear. The program may have been installed willingly or may have been brought by a bundled download.|
|Detection tool||Download SpyHunter, to See If Your System Has Been Affected By SoftwareBundler:Win32/FakeDiX|
SoftwareBundler:Win32/FakeDiX is a suspicious application that compromises the PC’s safety and performance. SoftwareBundler:Win32/FakeDiX is presented as a tool that downloads DirectX. However, it doesn’t. Instead, it creates suspicious .dll files on the system and injects malicious code to prevent detection. DirectX is a collection of application programming interfaces (APIs) for handling multimedia tasks on Microsoft platforms. Such tasks may be game and video-related.
SoftwareBundler:Win32/FakeDiX Technical Description
As we already mentioned, the SoftwareBundler claims to download DirectX but it only jeopardizes the system. As reported by Microsoft, once installed, the suspicious application may create the following files:
Furthermore, code injection may be employed by the malware piece to prevent detection and removal via anti-malware software. SoftwareBundler may also inject code into running processes.
What Is Code Injection?
Code injection is described as the exploitation of a PC bud, caused by processing invalid data. Hence, code injection is employed by cyber criminals to insert malicious code into a compromised program and alter the course of execution. Techniques of code injection are favored among hacking teams. Such tactics are used to hack or crack systems and obtain information, privilege escalation or unauthorized access. Code injection can be deployed for any of the following purposes:
- To modify values in a database through SQL injection.
- To install malware or execute malicious code on a server.
- To perform privilege escalation to root permissions.
- To attack users via HTML/Script injection also known as cross-site scripting.
SoftwareBundler:Win32/FakeDiX Payload Description
According to Microsoft researchers, the threat can connect to a remote host and:
- Search for an Internet connection.
- Download and run suspicious files and updates.
- Receive data.
- Receive malicious instructions.
- Upload data from the infected PC.
- Validate a digital certificate.
- Download malware.
In the case of SoftwareBundler:Win32/FakeDiX, BrowserModifier:Win32/SupTab can be downloaded onto the PC.
The SoftwareBundler is also observed to create mutexes on the system such as:
If you locate any of those on your computer, you should proceed towards cleaning it. Malware may have been downloaded.
SoftwareBundler:Win32/FakeDiX Removal Instructions
Since it is not clear what exactly may have been installed onto your system, it is highly advisory to use professional assistance, especially if you are a non-expert user. Also, remember that SoftwareBundler:Win32/FakeDiX can employ code injection. Since the program is observed to install multiple PUPs at the same time, all PUP pieces will have to be removed so that safety is restored. That is why it is recommended to start the removal process with an anti-malware scan. Then, experienced users may try and follow the instructions below the article.
1. Start Your PC in Safe Mode to Remove SoftwareBundler:Win32/FakeDiX.
For Windows XP, Vista, 7 systems:
1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.
– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.
3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
4. Log on to your computer using your administrator account
While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.
For Windows 8, 8.1 and 10 systems:
Step 1: Open the Start Menu
Step 2: Whilst holding down Shift button, click on Power and then click on Restart.
Step 3: After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.
Step 4: You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
Step 5: After the Advanced Options menu appears, click on Startup Settings.
Step 6: Click on Restart.
Step 7: A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart.
2. Remove SoftwareBundler:Win32/FakeDiX automatically by downloading an advanced anti-malware program.
To clean your computer you must download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all SoftwareBundler:Win32/FakeDiX associated objects.