The company behind InstallCore is ironSource,a company that builds monetization, engagement, analytics, and discovery tools for app developers, device manufacturers, mobile carriers, and advertisers. InstallCore is available for Windows and Mac systems. The main goal is to get paid by the adware distributors for each successful install and for any shown advertisements. Payload Once PUP.Optional.InstallCore is run on the computer, it targets mostly known browsers like Internet Explorer, Google Chrome, Mozilla Firefox, and Safari. This threat performs changes on browser settings that may result to home page hijacking and browser redirect problems. PUP.Optional.InstallCore also drops extension, add-on, and plug-in to achieve other malicious tasks. To start instantly when browser is opened, PUP.Optional.InstallCore installs itself as browser helper object. This also gives the malware to have control on the browser and install its own search engine and toolbar object. Symptoms Presence of PUP.Optional.InstallCore affects your installed browser program. Here are some obvious signs that the malware has invaded the computer. Modified start page, home page or search engine Constant redirect to unwanted web sites Excessive display of pop-up advertisements Browser and new tabs opens on its own Presence of the following files indicates that computer is infected with PUP.Optional.InstallCore: C:\Users\Owner\Downloads\UltimateCodec.exe Common infection methods InstallCore comes bundled together with third-party applications. The bundle installer is usually downloaded and executed by the users themselves, often unaware. They are offered up on software download sites, where people look for software they need. Avoidance advice: Be vigilant when installing third-party applications. Scan the download with Malwarebytes Anti-Malware prior to installation. If you have found the software that you need or want, check if the software can be downloaded directly from the publisher’s site or another site that you trust or know not to use any bundlers. Follow PUP avoidance practices.