Rogue.registrySmart.is Malwarebytes’ detection name for a rogue registry scanner called RegistrySmart.
Rogue.registrySmart.gaines persistence by using预定的任务。
可能在安装期间看到受影响机器的用户:
可能会在安装的程序和功能列表中看到此条目:
用流氓扫描仪扫描后的警告:
Rogue.registrySmart.is a typical rogue that produces false positives in an attempt to convince users they need to buy the software. It is often installed by特洛伊木马或捆绑。
必威平台APPMalwareBytes通过使用实时保护保护来自Rogue.registySmart的用户。
必威平台APP恶意软件可以检测和删除流氓。RegistrySmartwithout further user interaction.
删除必威平台APP的Malwarebytes日志将类似于此图片:
必威平台APPMalwarebytes www.malwarebytes.com -日志详细信息-扫描日期:7/30/18扫描时间:11:59 AM日志文件:34ec19fe-93df-11e8-add -00ffdcc6fdfc。管理员:Yes - software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.6123 License: Premium -System Information-操作系统:Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result:已扫描的完成对象:251110检测到的威胁:29威胁隔离:29时间流逝:3分钟29秒-扫描选项-内存:已启用启动:已启用文件系统:已启用档案:已启用Rootkits:已启用启事:已启用PUP:检测PUM:检测-扫描详细信息-进程:1非法。RegistrySmart, C:\Program Files (x86)\ RegistrySmart\RegistrySmart.exe,已隔离,[1364],[171220],1.0.6123模块:1非法。注册智能,C:\Program Files (x86)\注册智能\注册智能。exe, Quarantined, [1364], [171220],1.0.6123 Registry Key: 6 Rogue.RegistrySmart, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\RegistrySmart Scheduled Scan, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{17BA9627-AFC4-4A8A-A2AE-E0331FA6372D}, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{17BA9627-AFC4-4A8A-A2AE-E0331FA6372D}, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegistrySmart_is1, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, HKLM\SOFTWARE\WOW6432NODE\RegistrySmart, Quarantined, [1364], [212840],1.0.6123 Rogue.RegistrySmart, HKCU\SOFTWARE\RegistrySmart, Quarantined, [1364], [210497],1.0.6123 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 Rogue.RegistrySmart, C:\Users\{username}\AppData\Roaming\RegistrySmart\Log, Quarantined, [1364], [170329],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\APPDATA\ROAMING\REGISTRYSMART, Quarantined, [1364], [170329],1.0.6123 Rogue.RegistrySmart, C:\PROGRAM FILES (X86)\REGISTRYSMART, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REGISTRYSMART, Quarantined, [1364], [171858],1.0.6123 File: 17 Rogue.RegistrySmart, C:\USERS\{username}\APPDATA\ROAMING\Microsoft\Windows\Recent\RegistrySmart - Changes.txt.lnk, Quarantined, [1364], [199824],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\DESKTOP\RegistrySmart - Changes.txt, Quarantined, [1364], [199824],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\DESKTOP\RegistrySmart.exe, Quarantined, [1364], [199824],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\DESKTOP\RegistrySmart.lnk, Quarantined, [1364], [199824],1.0.6123 Rogue.RegistrySmart, C:\Users\{username}\AppData\Roaming\RegistrySmart\Log\2018 Jul 30 - 11_52_27 AM_094.log, Quarantined, [1364], [170329],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\DataBase.ref, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\license.rtf, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\RegistrySmart.url, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\unins000.dat, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\unins000.exe, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\WINDOWS\SYSTEM32\TASKS\RegistrySmart Scheduled Scan, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\RegistrySmart.lnk, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\WINDOWS\TASKS\RegistrySmart Scheduled Scan.job, Quarantined, [1364], [207855],1.0.6123 Rogue.RegistrySmart, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistrySmart\RegistrySmart on the Web.lnk, Quarantined, [1364], [171858],1.0.6123 Rogue.RegistrySmart, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistrySmart\RegistrySmart.lnk, Quarantined, [1364], [171858],1.0.6123 Rogue.RegistrySmart, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistrySmart\Uninstall RegistrySmart.lnk, Quarantined, [1364], [171858],1.0.6123 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
如果用户希望保留该程序并在以后的扫描中排除它,他们可以将该程序添加到排除列表中。以下是如何做到这一点。
如果您希望允许程序连接到Internet,例如获取更新,还需要添加类型的排除允许应用程序连接到互联网并使用浏览按钮选择要授予访问权限的文件。
您可能会在FRST日志中看到这些条目:
(E-NextMedia)C:\ Program Files(x86)\ Registrysmart \ RegistrySmart.exe C:\ Windows \ System32 \ Tasks \ RegistrySmart计划扫描C:\ Users \ {username} \ Desktop \ RegistrySmart.lnk C:\ Windows \任务\ registrysmart计划扫描.job c:\ users \ {username} \ appdata \ roaming \ registrysmart c:\ programdata \ microsoft \ windows \ start menu \ programs \ logentrysmart c:\ program files(x86)\ registrysmart注册表amart 2.10.4342(HKLM-X32 \ ... \ RegistrySmart_Is1)(版本:2.10 - E-NextMedia)任务:{17BA9627-AFC4-4A8A-A2AE-E0331FA6372D} - System32 \ Tasks \ RegistrySmart计划扫描=> C:\ Program Files(X86)\ RegistrySmart \ RegistrySmart.exe [2011-11-11](E-NextMedia)任务:C:\ Windows \ Tasks \ RegistrySmart计划扫描.Job => C:\ Program Files(x86)\ RegistrySmart \ RegistrySmart.exe计划C:\ Program Files(x86)\ Registrysmart {username} .run
选择你的语言