The Advanced Threat Defense engine in Securolytics Web Security recently detected and blocked downloads of an executable file that we found very interesting. The blocked file was the installer for a program called ReimagePlus. We thought it would be useful to provide some analysis of this program to illustrate how Securolytics Web Filtering is able to protect our customers from having potentially problematic programs introduced into their systems.
What is RemiagePlus?
ReimagePlus looks like a legitimate PC optimization tool that includes the AVG Safeguard Toolbar. In reality ReimagePlus falls into a category of applications known as “Potentially Unwanted Programs”. Let’s take a closer look at what ReimagePlus does and why organizations will want to prevent it from being installed on their systems.
Where can it be downloaded?
ReimagePlus can be downloaded from the distributor site at reimage.com or from other third party websites. Teknas Web Filtering can prevent the download regardless of the source.
Take a Look at the EULA
THIRD PARTY LINKS AND ADVERTISERS.
Content, goods or services may be offered by third parties through hotlinks or advertisements contained on our Service. We have no control over and do not endorse third party content, goods or services. We act as a distributor and not as a re-publisher of third party content and as an advertising channel for third party goods and services. Third party providers may change, add or discontinue their content or offerings at any time without notice. They may impose additional or different conditions on your use of their content or services (please read any additional terms that may be posted by such providers). WE DISCLAIM ALL REPRESENTATIONS AND WARRANTIES REGARDING CONTENT, GOODS, SOFTWARE OR SERVICES YOU OBTAIN FROM THIRD PARTY PROVIDERS. YOU WILL LOOK SOLELY TO THE THIRD PARTY PROVIDER FOR ALL CLAIMS REGARDING SUCH MATTERS.
Unwanted System Changes
If ReimagePlus was downloaded from the official website then you will be offered to install the “Recommended” setup which includes installing the AVG Safeguard Toolbar as well as changing your home page and search engine for search.avg.com. The user can choose not to install the toolbar by selecting Custom Installation, but the problem is that a lot of users do not pay attention to such details and they end up installing the full setup. More concerning is if the program is downloaded from third party websites it is very likely that ReimagePlus comes with additional software applications that might even cause security issues. Here are some sample adware popup messages that have been seen after installing ReimagePlus.
When ReimagePlus is installed it compiles data and runs a full system scan checking your PC stability and provides a PC Security Summary. If it detects any errors or viruses it suggests you click the green “START REPAIR” button. If you do so, you will be redirected back to the official website, where you will be urged to purchase life-time support for Reimage plus. This is again likely to include unwanted adware programs that can also introduce additional security threats to the computer. It also places control of making “system optimization” changes such as virus removal, replacing system files and other configurations into the hands of the end-user which may cause system errors.
Securolytics Web Filtering Protects Customers from Unwanted Programs
Your organization most likely has a preferred ant-virus or PC optimization software which has been tested and approved for use. You do not want users downloading programs that may introduce new problems to the system. The ability of Securolytics Web Filtering to prevent downloads of ReimagePlus and other “Potentially Unwanted Programs” provides an additional later of defense so your systems remain protected.
Allan Bartlett | CISSP | Senior Security Engineer | Securolytics