pup.optional.restoro.

简短的个人介绍

PUP.OPTIONAL.RESTORO是Mal必威平台APPwarytes的系统优化程序检测名称,称为RESTORO。

GUI RESTORO

PUP.OPTIONAL.RESTORO GUI

症状

在安装期间可能会看到受影响系统的用户:

PUP.Optional.Restoro安装说明

PUP.Optional.Restoro安装说明

PUP.Optional.Restoro安装程序

PUP.Optional.Restoro安装程序

以及已安装的程序和功能列表中的以下条目:

PUP.Optional.Restoro安装

PUP.Optional.Restoro安装

感染类型及来源

PUP.OPTIONAL.RESTORO是一个系统优化器。这些所谓的“系统优化器”通常使用有意的误报来说服用户其系统存在问题。然后他们试图销售他们的软件,声称它将删除这些问题。通过安装名为RestoroActiveProtection的服务来实现这一增益持久性。
PUP.OPTIONAL.RESTORO通常由用户自己安装错误的借口。

Restoro.com网站

PUP.Optional.Restoro网站

保护

必威平台APPMalwarebytes保护用户免受pudo . optional . restore使用实时保护。

必威平台APP伪块PUP.Optional.Restoro

必威平台APP伪块PUP.Optional.Restoro

修复

必威平台APPMalwarebytes可以检测和删除PACP.Optional.Restoro,无需进一步用户交互。

  1. 下载伪必威平台APP你的桌面。
  2. 双击MBSetup.exe并按照提示安装程序。
  3. 当你的必威平台APP伪的窗户安装完成后,程序打开到欢迎Malwarebytes屏幕。必威平台APP
  4. 点击开始按钮。
  5. 点击扫描开始威胁扫描
  6. 点击检疫删除找到的威胁。
  7. 如果提示完成删除过程,请重新启动系统。

必威平台APP伪删除日志

删除必威平台APP的Malwarebytes日志将类似于此图片:

必威平台APPMalwarebytes www.malwarebytes.com -log详细信息 - 扫描日期:8/17/18扫描时间:9:12 AM日志文件:F8554257-A1EC-11E8-9987-00FFDCC6FDFC.JSON管理员:是-Software信息 - 版本:3.5。1.2522组件版本:1.0.391更新包版本:1.0.6383许可证:Premium -System信息 -  OS:Windows 7 Service Pack 1 CPU:X64文件系统:NTFS用户:{ComputerName} \ {UserName} \ {username} -scan摘要 - 扫描类型:威胁扫描扫描发起:手动结果:检测到251266威胁:109威胁隔离:109次经过:3分钟,20秒-Scan选项 - 内存:启用了启用文件:启用rootkits:启用rootkits启发式:启用PUP:检测PUM:检测-Scan详细信息 - 进程:3 PUP.Optional.Restoro,C:\ Program Files \ Restoro \ Bin \ RestoRopotection.exe,隔离,[577],[551613],1.0.6383小狗.optional.Restoro,C:\ Program Files \ Restoro \ Bin \ RestorService.exe,隔离,[577],[551606],1.0.6383 pup.optional.restoro,C:\ Program Files \ restoro \ restoromain.exe,隔离[577],[551606],1.0.6383模块:5 pup.optional.restoro,c:\ program files \ restoro \ ax.dll,隔离,[577],[551619],1.0.6383 pup.optional.restoro,c:\ program files \ restoro \ bin \ restoroproction.exe,隔离,[577],[551613],1.0.6383 pup.optional.restoro,C:\ Program Files \restoro \ bin \ restoroservice.exe,隔离,[577],[551606],1.0.6383 pup.optional.restoro,c:\ program files \ restoro \ Engine.dll,隔离,[577],[551606],1.0。6383 PUP.Optional.Restoro, C:\Program Files\Restoro\RestoroMain.exe, Quarantined, [577], [551606],1.0.6383 Registry Key: 22 PUP.Optional.Restoro, HKCU\SOFTWARE\Local AppWizard-Generated Applications\Restoro, Quarantined, [577], [551612],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\TYPELIB\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}\InprocServer32, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}\InprocServer32, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Restoro, Quarantined, [577], [551615],1.0.6383 PUP.Optional.Restoro, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RestoroActiveProtection, Quarantined, [577], [551613],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Restoro.exe, Quarantined, [577], [551617],1.0.6383 PUP.Optional.Restoro, HKCU\SOFTWARE\Restoro, Quarantined, [577], [551610],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, Quarantined, [577], [551614],1.0.6383 PUP.Optional.Restoro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Restoro.exe, Quarantined, [577], [551617],1.0.6383 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 13 PUP.Optional.Restoro, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\RESTORO, Quarantined, [577], [551604],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4\RUN20180817_0857, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Temp\20180817_0857\DownloaderTemp, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Temp\20180817_0857, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\bin\Results, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Temp, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\bin, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\PROGRAMDATA\RESTORO, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\bin, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\PROGRAM FILES\RESTORO, Quarantined, [577], [551606],1.0.6383 File: 66 PUP.Optional.Restoro, C:\PROGRAM FILES\RESTORO\AX.DLL, Quarantined, [577], [551619],1.0.6383 PUP.Optional.Restoro, C:\PROGRAM FILES\RESTORO\BIN\RESTOROPROTECTION.EXE, Quarantined, [577], [551613],1.0.6383 PUP.Optional.Restoro, C:\USERS\PUBLIC\DESKTOP\RESTORO.LNK, Quarantined, [577], [551608],1.0.6383 PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, Quarantined, [577], [551609],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro\Help & Support.lnk, Quarantined, [577], [551604],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro\Privacy Policy.lnk, Quarantined, [577], [551604],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro\Restoro.lnk, Quarantined, [577], [551604],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro\Run in safe mode.lnk, Quarantined, [577], [551604],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro\Terms of Use.lnk, Quarantined, [577], [551604],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro\Uninstall Instructions.lnk, Quarantined, [577], [551604],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro\Uninstall.lnk, Quarantined, [577], [551604],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\avupdate.exe, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\avupdate_msg.avr, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\cacert.crt, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\HBEDV.KEY, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\msvcr120.dll, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\productname.dat, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\savapi.exe, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\savapi_restart.exe, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\savapi_stub.exe, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\AV\xbvRei.vdf, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\bin\Results\restoro-service-setup.log, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\bin\Results\restoro-service-updater.log, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\bin\active_protection.txt, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\bin\conf.res, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\bin\urls.set, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4\RUN20180817_0857\installed.rec, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4\RUN20180817_0857\junk_results.xml, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4\RUN20180817_0857\out.log, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4\RUN20180817_0857\RegistryScanRes.xml, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4\RUN20180817_0857\restoro.2.log, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4\RUN20180817_0857\restoro.log, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4\RUN20180817_0857\StabilityScanRes.xml, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Results\EXE2.0.0.4\RUN20180817_0857\vars.res, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\Temp\20180817_0857\ImageArray.ini, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\conf.res, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\res-v01.ini, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\restoro.ext, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\ProgramData\Restoro\TechSupportApp.ini, Quarantined, [577], [551605],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\bin\RestoroScanner.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\bin\RestoroService.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\bin\RestoroUI.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\bin\RestoroUpdater.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\ax.lza, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\engine.dll, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\engine.lza, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\LZMA.EXE, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\msvcr120.dll, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\Restoro Help & Support.url, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\Restoro Privacy Policy.url, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\Restoro Terms of Use.url, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\Restoro Uninstall Instructions.url, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\Restoro.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\RestoroAM.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\Restoroicon.ico, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\RestoroMain.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\RestoroSafeMode.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\Restoro_SafeMode.ico, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\Restoro_uninstall.ico, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\Restoro_website.ico, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\savapi.dll, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\TechSupportApp.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\Program Files\Restoro\uninst.exe, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Restoro.lnk, Quarantined, [577], [551606],1.0.6383 PUP.Optional.Restoro, C:\USERS\{username}\DESKTOP\RESTORO.EXE, Quarantined, [577], [551611],1.0.6383 PUP.Optional.Restoro, C:\USERS\{username}\APPDATA\LOCAL\TEMP\RESTOROSETUP.EXE, Quarantined, [577], [551611],1.0.6383 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

添加一个排斥

如果用户希望保留该程序并在以后的扫描中排除它,他们可以将该程序添加到排除列表中。以下是如何做到这一点。

  • 打开Win必威平台APPdows恶意软件。
  • 单击检测的历史
  • 单击允许列表
  • 将项目添加到允许列表,点击添加
  • 选择排除类型允许文件或文件夹并使用选择一个文件夹按钮以选择要保留的软件的主文件夹。
  • 对属于该软件的任何辅助文件或文件夹重复此操作。

如果您希望允许程序连接到Internet,例如获取更新,还需要添加类型的排除允许应用程序连接到互联网并使用浏览按钮选择要授予访问权限的文件。

追踪/ IOC

您可能会在FRST日志中看到这些条目:

(restoro)c:\ program files \ restoro \ bin \ restoroproction.exe(restoro)c:\ program files \ restoro \ bin \ restoroservice.exe(restoro)c:\ program files \ restoro \ restorom.exe r2 restoroactiveprotection;C:\ Program Files \ Restoro \ Bin \ Restoroproction.exe [9070432 2018-08-07](Restoro)C:\ Programdata \ Restoro C:\ Program Files \ Restoro C:\ Users \ Public \ Desktop \ Restoro.lnk C.:\ programdata \ microsoft \ windows \ start menu \ programs \ restoro c:\ windows \ restoro.ini restoro(hklm \ ... \ restoro)(版本:2.0.0.4  -  restoro)

选择你的语言