Rogue.registrySmart.

简短的个人介绍

Rogue.registrySmart.is Malwarebytes’ detection name for a rogue registry scanner called RegistrySmart.

GUI RegistrySmart.

症状

Rogue.registrySmart.gaines persistence by using预定的任务。

Rogue.registrySmart.Scheduled Task

可能在安装期间看到受影响机器的用户：

Rogue.registrySmart安装程序

可能会在安装的程序和功能列表中看到此条目：

用流氓扫描仪扫描后的警告:

Rogue.registrySmart.scanresults

感染类型及来源

Rogue.registrySmart.is a typical rogue that produces false positives in an attempt to convince users they need to buy the software. It is often installed by特洛伊木马或捆绑。

保护

必威平台APPMalwareBytes通过使用实时保护保护来自Rogue.registySmart的用户。

必威平台APP伪流氓。RegistrySmart

修复

必威平台APP恶意软件可以检测和删除流氓。RegistrySmartwithout further user interaction.

请下载伪必威平台APP你的桌面。
双击MBSetup.exe并按照提示安装程序。
当你的时候必威平台APP伪的窗户安装完成后，程序打开到欢迎Malwarebytes屏幕。必威平台APP
点击开始按钮。
点击扫描开始威胁扫描。
点击检疫删除找到的威胁。
如果提示完成删除过程，请重新启动系统。

必威平台APP伪删除日志

删除必威平台APP的Malwarebytes日志将类似于此图片：

必威平台APPMalwarebytes www.malwarebytes.com -日志详细信息-扫描日期:7/30/18扫描时间:11:59 AM日志文件:34ec19fe-93df-11e8-add -00ffdcc6fdfc。管理员:Yes - software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.6123 License: Premium -System Information-操作系统:Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result:已扫描的完成对象:251110检测到的威胁:29威胁隔离:29时间流逝:3分钟29秒-扫描选项-内存:已启用启动:已启用文件系统:已启用档案:已启用Rootkits:已启用启事:已启用PUP:检测PUM:检测-扫描详细信息-进程:1非法。RegistrySmart, C:\Program Files (x86)\ RegistrySmart\RegistrySmart.exe，已隔离，[1364]，[171220]，1.0.6123模块:1非法。注册智能，C:\Program Files (x86)\注册智能\注册智能。exe, Quarantined, [1364], [171220],1.0.6123 Registry Key: 6 Rogue.RegistrySmart, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\RegistrySmart Scheduled Scan, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{17BA9627-AFC4-4A8A-A2AE-E0331FA6372D}, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{17BA9627-AFC4-4A8A-A2AE-E0331FA6372D}, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegistrySmart_is1, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, HKLM\SOFTWARE\WOW6432NODE\RegistrySmart, Quarantined, [1364], [212840],1.0.6123 Rogue.RegistrySmart, HKCU\SOFTWARE\RegistrySmart, Quarantined, [1364], [210497],1.0.6123 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 Rogue.RegistrySmart, C:\Users\{username}\AppData\Roaming\RegistrySmart\Log, Quarantined, [1364], [170329],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\APPDATA\ROAMING\REGISTRYSMART, Quarantined, [1364], [170329],1.0.6123 Rogue.RegistrySmart, C:\PROGRAM FILES (X86)\REGISTRYSMART, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REGISTRYSMART, Quarantined, [1364], [171858],1.0.6123 File: 17 Rogue.RegistrySmart, C:\USERS\{username}\APPDATA\ROAMING\Microsoft\Windows\Recent\RegistrySmart - Changes.txt.lnk, Quarantined, [1364], [199824],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\DESKTOP\RegistrySmart - Changes.txt, Quarantined, [1364], [199824],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\DESKTOP\RegistrySmart.exe, Quarantined, [1364], [199824],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\DESKTOP\RegistrySmart.lnk, Quarantined, [1364], [199824],1.0.6123 Rogue.RegistrySmart, C:\Users\{username}\AppData\Roaming\RegistrySmart\Log\2018 Jul 30 - 11_52_27 AM_094.log, Quarantined, [1364], [170329],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\DataBase.ref, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\license.rtf, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\RegistrySmart.url, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\unins000.dat, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\Program Files (x86)\RegistrySmart\unins000.exe, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\WINDOWS\SYSTEM32\TASKS\RegistrySmart Scheduled Scan, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\USERS\{username}\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\RegistrySmart.lnk, Quarantined, [1364], [171220],1.0.6123 Rogue.RegistrySmart, C:\WINDOWS\TASKS\RegistrySmart Scheduled Scan.job, Quarantined, [1364], [207855],1.0.6123 Rogue.RegistrySmart, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistrySmart\RegistrySmart on the Web.lnk, Quarantined, [1364], [171858],1.0.6123 Rogue.RegistrySmart, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistrySmart\RegistrySmart.lnk, Quarantined, [1364], [171858],1.0.6123 Rogue.RegistrySmart, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistrySmart\Uninstall RegistrySmart.lnk, Quarantined, [1364], [171858],1.0.6123 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

添加一个排斥

如果用户希望保留该程序并在以后的扫描中排除它，他们可以将该程序添加到排除列表中。以下是如何做到这一点。

打开Win必威平台APPdows恶意软件。
单击检测的历史
单击允许列表
将项目添加到允许列表,点击加。
选择排除类型允许文件或文件夹并使用选择一个文件夹按钮以选择要保留的软件的主文件夹。
对属于该软件的任何辅助文件或文件夹重复此操作。

如果您希望允许程序连接到Internet，例如获取更新，还需要添加类型的排除允许应用程序连接到互联网并使用浏览按钮选择要授予访问权限的文件。

追踪/ IOC

您可能会在FRST日志中看到这些条目:

（E-NextMedia）C：\ Program Files（x86）\ Registrysmart \ RegistrySmart.exe C：\ Windows \ System32 \ Tasks \ RegistrySmart计划扫描C：\ Users \ {username} \ Desktop \ RegistrySmart.lnk C：\ Windows \任务\ registrysmart计划扫描.job c：\ users \ {username} \ appdata \ roaming \ registrysmart c：\ programdata \ microsoft \ windows \ start menu \ programs \ logentrysmart c：\ program files（x86）\ registrysmart注册表amart 2.10.4342（HKLM-X32 \ ... \ RegistrySmart_Is1）（版本：2.10  -  E-NextMedia）任务：{17BA9627-AFC4-4A8A-A2AE-E0331FA6372D}  -  System32 \ Tasks \ RegistrySmart计划扫描=> C：\ Program Files（X86）\ RegistrySmart \ RegistrySmart.exe [2011-11-11]（E-NextMedia）任务：C：\ Windows \ Tasks \ RegistrySmart计划扫描.Job => C：\ Program Files（x86）\ RegistrySmart \ RegistrySmart.exe计划C：\ Program Files（x86）\ Registrysmart {username} .run

免费试用Malwarebyt必威平台APPes Premium