p up.optional.spywarec Lear.

短简历

PUP.Optional.SpywareClear是Mal必威平台APPwarebytes对一个名为SpywareClear的系统优化器的检测名称，该系统优化器由Crawler Group，LLC发布，针对Windows系统。

症状

这是系统优化器主屏幕的外观：

您可以在任务栏、开始菜单和桌面上找到以下图标：

在安装期间查看此警告：

和这些屏幕在“操作”期间：

您可以在已安装程序列表中看到此条目：

以及Internet Explorer中的此浏览器辅助对象：

感染的类型和来源

SpywareClear是一个所谓的“系统优化器”。通常，“系统优化器”使用故意误报来说服用户他们的系统存在问题。然后，他们试图向你出售他们的软件，声称它将消除这些问题。

PUP.OPTIONAL.SPYWARECLEAR通常由用户自己安装，因为通往他们网站的广告：

保护

必威平台APPMalwarebytes通过使用实时保护保护用户免受PUP.Optional.SpywareClear攻击；

通过阻止他们的域名：

修复

必威平台APPMalwarebytes可以检测并删除PUP.Optional.SpywareClear，而无需进一步的用户交互。

1. 请下载malware必威平台APPbytes.到您的桌面。
2. 双击MBSetup.exe并按照提示安装程序。
3. 当你的必威平台APPWindows的Malwarebytes.安装完成后，程序将打开欢迎使用Malwarebytes屏幕。必威平台APP
4. 点击一下开始按钮。
5. 点击扫描开始A.威胁扫描.
6. 点击隔离以删除发现的威胁。
7. 如果提示您完成删除过程，请重新启动系统。

必威平台APPMalwarebytes删除日志

Ma必威平台APPlwarebytes删除日志将类似于以下内容：

必威平台APPMalwarebytes www.malwarebytes.com -log详细信息 - 扫描日期：6/21/18扫描时间：11：05 AM日志文件：4E97A376-7532-11E8-A189-080027235D76.JSON管理员：是-Software信息 - 版本：3.5。1.2522 Components版本：1.0.374更新包版本：1.0.5564许可证：Premium -System信息 -  OS：Windows 7 Service Pack 1 CPU：X64文件系统：NTFS用户：{ComputerName} \ {UserName} \ {username} -scan摘要 - 扫描类型：威胁扫描扫描发起：手动结果：已完成的对象扫描：251056检测到威胁：158威胁隔离：158次经过时间：3分钟，59秒-Scan选项 - 内存：启用的FileSystem：启用ropives：启用rootkits：启用启发式：启用PUP：检测PUM：检测-scan详细信息 - 进程：4 pup.optional.spywareClear，c：\ program文件（x86）\ spyware clear \ sc_svc64.exe，隔离，[1456]，[187214]，1.0。5564 PUP.Optional.SpyWareClear，C：\ Program Files（x86）\ spyware clear \ spywareclear.exe，隔离，[1456]，[187214]，1.0.5564 pup.optional.spywarECLEAR，C：\ Program Files（x86）\ spyware clear \ spywareclearshield.exe隔离[1456]，[187214]，1.0.5564 pup.optional.spywareclear，c：\ program files（x86）\ spyware clear \ spywareclearupdate.exe，隔离[1456]，[187214]，1.0.5564模块：6 pup.optional.spywareclear，c：\ program文件（x86）\ spyware clear \ torrentdll.dll，隔离[1456] [187214]，1.0.5564 pup.optional.spywareclear，c：\ program文件（x86）\ spyware clear \ scshell64.dll，隔离[1456]，[187214]，1.0.5564 pup.optional.spywareclear，c：\ program文件（x86）\ spyware clear \ sc_svc64.exe，隔离[1456]，[187214]，1.0.5564 pup.optional.spywareclear，c：\ program文件（x86）\ spyware clear \ spywareclear.exe，隔离[1456]，[187214]，1.0.5564 pup.optional.spywareClear，c：\ program文件（x86）\ spyware clear \ spywareclearshield.exe，隔离[1456]，[187214]，1.0.5564 pup.optional.spywareclear，C：\ Program Files（x86）\ spyware clear \ spywareclearupdate.exe隔离，[1456]，[187214]，1.0.5564注册表项：45 Pup.OptioNAL.SPYWARECLEAR，HKLM \软件\类\ WOW6432NODE \ CLSID \ {B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}隔离[1456]，[187214]，1.0.5564 PUP.OPTIONIONAGE.SPYWARECLEAR，HKLM \ Software \类\ scinternetguard.protnego，隔离[1456]，[187214]，1.0.5564 pup.optional.spywareclear，hklm \ software \ classes \ clsid \ {b36d9ea9-abca-4f9f-b181-49929a7b73d1}隔离[1456]， [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCInternetGuard.JSObj, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\TYPELIB\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\INTERFACE\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2C50BCEC-DD76-42CF-8CD5-6DE077270CD5}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{CB83C956-D8A2-40E1-B139-5B8A2F5750DF}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C03C262D-9260-4124-B50E-04FB49ED0504}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{B36D9EA9-ABCA-4F9F-B181-49929A7B73D1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{C03C262D-9260-4124-B50E-04FB49ED0504}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCShell.SCShellMenu, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\SCShell64.SCShellMenu, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{E778C05E-AFF7-4924-B04A-D4084859D53A}\InprocServer32, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SC_Svc, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\SPYWARE CLEAR, Quarantined, [1456], [243468],1.0.5564 PUP.Optional.SpywareClear, HKCU\SOFTWARE\Spyware Clear, Quarantined, [1456], [243467],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\CLASSES\CLSID\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}, Quarantined, [1456], [168860],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CONTROLPANEL\NAMESPACE\{8B01D4B7-0860-452C-AC2B-5CE0140C82D4}, Quarantined, [1456], [168860],1.0.5564 Registry Value: 6 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{E778C05E-AFF7-4924-B04A-D4084859D53A}, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpywareClearShield, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpywareClearUpdater, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, HKLM\SOFTWARE\SPYWARE CLEAR|ANTIVIRUSFPSCANHIGH, Quarantined, [1456], [243468],1.0.5564 PUP.Optional.SpywareClear, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SC_SVC|IMAGEPATH, Quarantined, [1456], [243469],1.0.5564 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 15 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Quarantine, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Antivir, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Addons, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Update, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Down, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAMDATA\SPYWARE CLEAR, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYWARE CLEAR, Quarantined, [1456], [187215],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\{username}\APPDATA\ROAMING\SPYWARE CLEAR, Quarantined, [1456], [179820],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\{username}\APPDATA\LOCALLOW\SPYWARE CLEAR, Quarantined, [1456], [510257],1.0.5564 File: 82 PUP.Optional.SpywareClear, C:\PROGRAM FILES (X86)\SPYWARE CLEAR\TORRENTDLL.DLL, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\driver.cab, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\stflt.cat, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\stflt.inf, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Driver\stflt.sys, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\24x7.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\analyze.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\analyzefile.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\bloatware.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\defsyssettings.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\hardfileremover.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\optimizer.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\ov.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\remover.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\restore.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\so.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\startup.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\systemrestore.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\systemsettings.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\unstableaddons.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\Tools\virtualkeyboard.xml, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\com.spywareclear.internetguard.json, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCInternetGuard.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCInternetGuard.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCInternetGuard64.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCShell.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SCShell64.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClear.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\sqlite3.dll, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.dat, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.exe, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\Program Files (x86)\Spyware Clear\unins000.msg, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Spyware Clear.lnk, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\PUBLIC\DESKTOP\Spyware Clear.lnk, Quarantined, [1456], [187214],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAMDATA\SPYWARE CLEAR\LNG.INI, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Addons\addons.xml, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\185_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\186_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\187_en_11.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\188_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\191_en_10.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\192_en_4.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\193_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\251_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\275_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\276_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\277_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\278_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\302_en_4.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\308_en_5.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\368_en_2.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\378_en_1.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\383_en_3.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\399_en_1.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\400_en_1.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\News\420_en_1.pngx, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports\scan_0001.rpt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Reports\scan_0002.rpt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_CSD_3.000.000.0008.cab, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_CSD_3.000.000.0008.ini, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_CSD_3.000.000.0008.torrent, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DB_12.002.019.0000.cab, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DB_12.002.019.0000.ini, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DB_12.002.019.0000.torrent, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DSD_1.000.000.0006.cab, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DSD_1.000.000.0006.ini, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\Shared\ST_1_DSD_1.000.000.0006.torrent, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\SC_CPL.xml, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_CSD.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_DB.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_DSD.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_RL.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Spyware Clear\ST_RTL.spt, Quarantined, [1456], [187213],1.0.5564 PUP.Optional.SpywareClear, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SPYWARE CLEAR\SPYWARECLEAR.COM.URL, Quarantined, [1456], [187215],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear\Spyware Clear.lnk, Quarantined, [1456], [187215],1.0.5564 PUP.Optional.SpywareClear, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear\Uninstall Spyware Clear.lnk, Quarantined, [1456], [187215],1.0.5564 PUP.Optional.SpywareClear, C:\Users\{username}\AppData\LocalLow\Spyware Clear\log.txt, Quarantined, [1456], [510257],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\{username}\DESKTOP\SPYWARECLEARSETUP.EXE, Quarantined, [1456], [61985],1.0.5564 PUP.Optional.SpywareClear, C:\USERS\{username}\DOWNLOADS\SPYWARECLEARSETUP.EXE, Quarantined, [1456], [61985],1.0.5564 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

添加排除

如果用户希望保留此程序并将其排除在将来的扫描中被检测到，它们可以将程序添加到排除列表中。这是怎么做的。

• 打开Win必威平台APPdows的Malwarebytes。
• 点击检测历史
• 点击允许列表
• 将项目添加到允许列表点击添加.
• 选择排除类型允许使用文件或文件夹并使用选择一个文件夹按钮选择要保留的软件的主文件夹。
• 对属于软件的任何辅助文件或文件夹重复此操作。

如果要允许程序连接到Internet，例如获取更新，还需要添加类型排除允许应用程序连接到internet并使用浏览按钮选择要授予访问权限的文件。

跟踪/IOC

您可以在FRST日志中看到这些条目：

（Crawler Group，LLC）C:\Program Files（x86）\Spyware Clear\SC_Svc64.exe（Crawler Group，LLC）C:\Program Files（x86）\Spyware Clear\Spyware ClearUpdate.exe（Crawler Group，LLC）C:\Program Files（x86）\Spyware Clear\Spyware Clear.exe HKLM\\运行：[Spyware ClearShield]=>C:\Program Files（x86）\Spyware Clear\Spyware ClearShield.exe[5179608 2016-04-07]（Crawler Group，LLC）HKLM\…\Run:[Spyware ClearUpdater]=>C:\Program Files（x86）\Spyware Clear\Spyware ClearUpdate.exe[5509848 2016-04-07]（Crawler Group，LLC）BHO:Spyware Clear Internet Guard->{E563E407-B348-41FB-BC3D-EACE3B44B1A1}:\C程序文件（x86）\Spyware Clear\sInternetGuard64.dll[2016-04-07]（Crawler Group，LLC）BHO-x32:Spyware Clear Internet Guard->{E563E407-B348-41FB-BC3D-EACE3BD4B1A1}->C:\Program Files（x86）\Spyware Clear\sInternetGuard.dll[2016-04-07]（Crawler Group，LLC）R2 SC_Svc；C:\Program Files（x86）\Spyware Clear\SC_svc64.exe[3208408 2016-04-07]（Crawler Group，LLC）R2 sp_rsdrv2；C:\Windows\System32\DRIVERS\stflt.sys[51496 2011-08-24]（Windows（R）Win 7 DDK provider）C:\ProgramData\Spyware Clear C:\Users\{username}\AppData\LocalLow\Spyware Clear C:\Users\Public\Desktop\Spyware Clear.lnk C:\Users\{username}\AppData\Roaming\Spyware Clear C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Clear C:\Program（x86）\Spyware Clear Spyware Clear（HKLM-x32 \…{5FB600FF-BC65-471F-A3F8-C2666863BA75}is1）（版本：1.3.1.45-Crawler Group）<====注意防火墙规则：[{D32BAD43-68D2-4E4A-980A-7CDF16E85C1E}=>（允许）C:\Program Files（x86）\Spyware Clear\Spyware.exe防火墙规则：[941888E3-50AF-4F-4F-253EF2A]（允许）程序文件（x86）\Spyware Clear\Spyware ClearUpdate.exe