PUP.Optional.PerfectRegistry

短简历

PUP.Optional.PerfectRegistry是Mal必威平台APPwarebytes对特定对象的检测名称注册表清理称为完美注册表2.0。使用注册表清理器是不可取的，其中一些使用故意误报来说服用户他们的系统有问题。然后，他们试图向你出售他们的软件，声称它将消除这些问题。PerfectRegistry是一系列Windows系统优化器的成员，GUI和文件roboot64.exe可以识别这些优化器。

PerfectRegistry的GUI

症状

PerfectRegistry使用多个计划任务来获得持久性，用户可能会注意到任务栏、开始菜单和桌面上的图标。并在其已安装程序和功能列表中查找列出的软件。

PerferTregistry的计划任务

图标注册表

已安装程序列表中的PerfectRegistry条目

感染的类型和来源

PUP.Optional.PerfectRegistry通常由用户自己安装，这是由于广告的缘故。

Raxco网站广告注册处

保护

必威平台APPMalwarebytes通过停止安装程序保护用户免受PUP.Optional.PerfectRegistry的攻击。

必威平台APPMalwarebytes阻止PerfectRegsitry安装程序

补救措施

必威平台APPMalwarebytes可以检测并删除此潜在的不需要的应用程序，而无需进一步的用户交互。

1. 请下载Malware必威平台APPbytes到您的桌面。
2. 双击MBSetup.exe并按照提示安装程序。
3. 当你的必威平台APP用于Windows的Malwarebytes安装完成后，程序将打开欢迎使用Malwarebytes屏幕。必威平台APP
4. 点击开始按钮
5. 点击扫描开张威胁扫描.
6. 点击隔离以删除发现的威胁。
7. 如果提示您完成删除过程，请重新启动系统。

必威平台APPMalwarebytes删除日志

Malw必威平台APParebytes删除日志将类似于以下内容：
必威平台APPMalwarebytes日志：

必威平台APPMalwarebytes www.malwarebytes.com -log详细信息 - 扫描日期：2/14/18扫描时间：9:19日志文件：C47A3D42-115F-11E8-9439-080027750297.json管理员：是-software信息 - 版本：3.3。1.2183组件版本：1.0.262更新包版本：1.0.3948许可证：Premium -System信息 -  OS：Windows 7 Service Pack 1 CPU：X64文件系统：NTFS用户：{ComputerName} \ {UserName} \ {username} -scan摘要 - 扫描类型：威胁扫描结果：已完成的对象扫描：242410检测到威胁：62威胁已被隔离：61次经过时间：2分钟，24秒-Scan选项 - 内存：启用启动启动：启用的文件系统：启用rootkits：禁用的rootkits：禁用的rootics：检测pum：检测-can详细信息 - 进程：1 pup.optional.perfectrectrice，c：\ program文件（x86）\ raxco \ perfectrectisty \ perfectrection.exe，被隔离，[1013]，[395661]，1.0.3948模块：4pup.optional.perfectredistry，c：\ program文件（x86）\ raxco \ perfectrectrice \ isxdl.dll，隔离，[1013]，[395661]，1.0.3948 pup.optional.perfectrectrice，c：\ program文件（x86）\ raxco \ perfectrecticry \ perfectrectice.exe，被隔离的，[1013]，[395661]，1.0.3948 pup.optional.perfectrectry，c：\计划文件（x86）\ raxco \ perfectrection\ regcleanpro.dll，隔离，[1013]，[395661]，1.0.3948 pup.optional.perfectrectrice，c：\ program文件（x86）\ raxco \ perfectrectrice \ xmllite.dll，隔离[1013] [395661]，1.0.3948注册表项：12 pup.optional.perfectrectrice，hklm \ software \ microsoft \ windows nt \ currentversion \ schedule \ taskcache \ tree \ perfectrection，隔离，[1013]，[395664]，1.0.3948 pup.optional。完善的，香港电池\软件\ Microsoft \ Windows NT \ CurrentVersion \ Schedule \ TaskCache \ Tasks \ {20e5e4b6-666C-4527-A04A-824F3CC589A2}，被隔离，[1013]，[395664]，1.0.3948 Pup.optional.perfectrectry，HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Schedule \ TaskCache \ Logon \ {20E5E4B6-824F3CC589A2}，隔离[1013]，[395664]，1.0.3948 Pup.optional.perfectrectry，hklm \软件\ Microsoft \ Windows NT \ CurrentVersi在\ schedule \ taskcache \ tree \ perfectrectry_default，隔离，[1013]，[395664]，1.0.3948 pup.optional.perfectrectry，hklm \ software \ microsoft \ windows nt \ currentversion \ schedule \ taskcache \ tasks \ {099b320f-06c7-477e-b862-1c01011e2a85}隔离[1013]，[39566]，1.0.3948 pup.optional.perfectrectry，hklm \ software \ microsoft \ windows nt \ currentversion \ schedule \ taskcache \ plain \ {099b320f-06c7-477e-b862-1c05011e2a85}隔离[1013]，[395664]，1.0.3948 pup.optional.perfectrectry，hklm \ software \ microsoft \ windows nt \ currentversion \ schedule \ taskcache \ tree \ pervectrectice_updates，隔离，[1013]， [395664],1.0.3948 PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D1A5B052-CF3A-4C42-B8E4-EE4211AE6A5A}, Quarantined, [1013], [395664],1.0.3948 PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D1A5B052-CF3A-4C42-B8E4-EE4211AE6A5A}, Quarantined, [1013], [395664],1.0.3948 PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PerfectRegistry_is1, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, HKCU\SOFTWARE\RAXCO\PerfectRegistry, Quarantined, [1013], [395667],1.0.3948 PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\WOW6432NODE\RAXCO\PerfectRegistry, Quarantined, [1013], [396319],1.0.3948 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.PerfectRegistry, C:\PROGRAM FILES (X86)\RAXCO\PERFECTREGISTRY, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\RAXCO\PERFECTREGISTRY, Quarantined, [1013], [395662],1.0.3948 PUP.Optional.PerfectRegistry, C:\USERS\{username}\APPDATA\ROAMING\RAXCO\PERFECTREGISTRY, Removal Failed, [1013], [396318],1.0.3948 File: 42 PUP.Optional.PerfectRegistry, C:\USERS\PUBLIC\DESKTOP\PERFECTREGISTRY.LNK, Quarantined, [1013], [395663],1.0.3948 PUP.Optional.PerfectRegistry, C:\WINDOWS\TASKS\PerfectRegistry_DEFAULT.job, Quarantined, [1013], [395665],1.0.3948 PUP.Optional.PerfectRegistry, C:\WINDOWS\TASKS\PerfectRegistry_UPDATES.job, Quarantined, [1013], [395665],1.0.3948 PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\ROBOOT64.EXE, Quarantined, [217], [395666],1.0.3948 PUP.Optional.PerfectRegistry, C:\WINDOWS\SYSTEM32\TASKS\PerfectRegistry, Quarantined, [1013], [395664],1.0.3948 PUP.Optional.PerfectRegistry, C:\WINDOWS\SYSTEM32\TASKS\PerfectRegistry_DEFAULT, Quarantined, [1013], [395664],1.0.3948 PUP.Optional.PerfectRegistry, C:\WINDOWS\SYSTEM32\TASKS\PerfectRegistry_UPDATES, Quarantined, [1013], [395664],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Chinese_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\CleanSchedule.exe, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Danish_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Dutch_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\eng_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Finnish_rcp_fi.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\French_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\German_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\greek_rcp_el.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\install_left_image.bmp, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\isxdl.dll, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Italian_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Japanese_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\korean_rcp_ko.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Norwegian_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\polish_rcp_pl.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\portugese_rcp_pt.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Portuguese_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\PRUninstall.exe, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\RegCleanPro.dll, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\russian_rcp_ru.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Spanish_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Swedish_rcp.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\TraditionalCn_rcp_zh-tw.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\turkish_rcp_tr.ini, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\unins000.dat, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\unins000.exe, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\unins000.msg, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\xmllite.dll, Quarantined, [1013], [395661],1.0.3948 PUP.Optional.PerfectRegistry, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raxco\PerfectRegistry\PerfectRegistry.lnk, Quarantined, [1013], [395662],1.0.3948 PUP.Optional.PerfectRegistry, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raxco\PerfectRegistry\Uninstall PerfectRegistry.lnk, Quarantined, [1013], [395662],1.0.3948 PUP.Optional.PerfectRegistry, C:\Users\{username}\AppData\Roaming\Raxco\PerfectRegistry\log_02-14-2018.log, Quarantined, [1013], [396318],1.0.3948 PUP.Optional.PerfectRegistry, C:\Users\{username}\AppData\Roaming\Raxco\PerfectRegistry\results.rcp, Quarantined, [1013], [396318],1.0.3948 PUP.Optional.PerfectRegistry, C:\USERS\{username}\DESKTOP\PRSETUP.EXE, Quarantined, [1013], [395680],1.0.3948 Physical Sector: 0 (No malicious items detected) (end)

添加排除项

如果用户希望保留此程序并在将来的扫描中排除它，他们可以将该程序添加到排除列表中。下面是如何做到这一点。

• 打开Win必威平台APPdows的Malwarebytes。
• 点击检测历史
• 点击允许列表
• 将项目添加到允许列表点击添加.
• 选择排除类型允许使用文件或文件夹并使用选择一个文件夹按钮选择要保留的软件的主文件夹。
• 对属于该软件的任何辅助文件或文件夹重复此操作。

如果要允许程序连接到Internet，例如获取更新，还需要添加类型排除允许应用程序连接到internet并使用浏览按钮选择要授予访问权限的文件。

跟踪/IOC

FRST日志中可能的条目（Raxco软件，C:\ProgramFiles（x86）\Raxco\PerfectRegistry\PerfectRegistry.exe C:\Windows\System32\Tasks\PerfectRegistry C:\Windows\System32\Tasks\PerfectRegistry\u UPDATES C:\Windows\System32\Tasks\PerfectRegistry\u DEFAULT C:\Users\Public\Desktop\PerfectRegistry.lnk C:\Windows\Tasks\PerfectRegistry\u UPDATES.jobC:\Users\{username}\AppData\Roaming\Raxco C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raxco C:\Program Files（x86）\Raxco（Raxco软件，C:\Windows\system32\roboot64.exe PerfectRegistry（HKLM-x32\…\PerfectRegistry_is1）（版本：2.0-Raxco Software Inc）任务：{099B320F-06C7-477E-B862-1C05011E2A85}-system32\Tasks\PerfectRegistry_默认值=>C:\Program Files（x86）\Raxco\PerfectRegistry\PerfectRegistry.exe[2015-07-16]（Raxco软件，任务：{20E5E4B6-666E-4527-A04A-824F3CC589A2}-System32\Tasks\PerfectRegistry=>C:\ProgramFiles（x86）\Raxco\PerfectRegistry\PerfectRegistry.exe[2015-07-16]（Raxco软件，任务：{D1A5B052-CF3A-4C42-B8E4-EE4211AE6A5A}-System32\Tasks\PerfectRegistry_UPDATES=>C:\Program Files（x86）\Raxco\PerfectRegistry\PerfectRegistry.exe[2015-07-16]（Raxco软件，任务：C:\Windows\Tasks\PerfectRegistry\U DEFAULT.job=>C:\Program Files（x86）\Raxco\PerfectRegistry\PerfectRegistry.exe任务：C:\Windows\Tasks\PerfectRegistry\U UPDATES.job=>C:\Program Files（x86）\Raxco\PerfectRegistry\PerfectRegistry.exe文件：PerfectRegistry.exe，roboot64.exe注册表项：HKEY\U LOCAL\U MACHINE\SOFTWARE\Wow6432Node\Raxco\PerfectRegistry域：Raxco.com