Jump to content

Recommended Posts

What is Security Reviver?

The Malwarebytes research team has determined that Security Reviver is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.

How do I know if I am infected with Security Reviver?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see these warnings during install:

warning1.png

warning2.png

and this type of screens during "operations":

warning5.png

warning6.png

You may see this entry in your list of installed programs:

warning4.png

and these tasks in your list of Scheduled Tasks:

warning3.png

How did Security Reviver get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:

website.png

How do I remove Security Reviver?

Our program Malwarebytes can detect and remove this potentially unwanted application.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of Security Reviver?

  • No, Malwarebytes removes Security Reviver completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the Security Reviver installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


 

protection1.png

 

Technical details for experts

You may see these entries in FRST logs:


 

(Corel Corporation -> Corel Corporation) C:\Program Files (x86)\Security Reviver\SecRev.exe
Task: {2E1D2ED2-7C7B-4B2F-9BAA-04BB6EA2FEE2} - System32\Tasks\sr_notifier_executor => C:\Program Files (x86)\Security Reviver\notifier.exe [1873432 2020-01-09] (Corel Corporation -> Corel Corporation)
Task: {C69819AC-6DEE-4FCE-AF8C-E525EDB6CAFB} - System32\Tasks\Security Reviver_startup => C:\Program Files (x86)\Security Reviver\SecRev.exe [7627288 2020-01-09] (Corel Corporation -> Corel Corporation)
C:\Users\{username}\AppData\Local\ReviverSoft
C:\Windows\system32\Tasks\sr_notifier_executor
C:\Windows\system32\Tasks\Security Reviver_startup
C:\Users\Public\Desktop\Security Reviver.lnk
C:\ProgramData\Desktop\Security Reviver.lnk
C:\Users\{username}\AppData\Roaming\ReviverSoft
C:\ProgramData\ReviverSoft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Reviver
C:\Program Files (x86)\Security Reviver
(Corel Corporation) C:\Windows\system32\secrevnative64.exe
(Security Reviver ) C:\Users\{username}\Desktop\SecurityReviverSetup.exe

Security Reviver (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_ReviverSoft~2C1D94A4_is1) (Version: 2.1.1000.26600 - Security Reviver) <==== ATTENTION

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\Security Reviver
       Adds the file AppManager.exe"="1/9/2020 3:36 PM, 484376 bytes, A
       Adds the file AppResource.dll"="1/9/2020 3:36 PM, 13068824 bytes, A
       Adds the file categories.ini"="6/12/2017 1:15 PM, 42820 bytes, A
       Adds the file Chinese_asp_ZH-CN.ini"="12/19/2018 2:13 PM, 54406 bytes, A
       Adds the file danish_asp_DA.ini"="12/19/2018 2:13 PM, 96598 bytes, A
       Adds the file dutch_asp_NL.ini"="12/19/2018 2:13 PM, 96826 bytes, A
       Adds the file eng_asp_en.ini"="1/3/2020 10:32 AM, 52795 bytes, A
       Adds the file Finnish_asp_FI.ini"="12/19/2018 2:14 PM, 96608 bytes, A
       Adds the file french_asp_FR.ini"="12/19/2018 2:14 PM, 107768 bytes, A
       Adds the file german_asp_DE.ini"="12/19/2018 2:14 PM, 106344 bytes, A
       Adds the file helper.dll"="1/9/2020 3:36 PM, 2322968 bytes, A
       Adds the file Interop.IWshRuntimeLibrary.dll"="1/9/2020 3:36 PM, 55320 bytes, A
       Adds the file italian_asp_IT.ini"="12/19/2018 2:14 PM, 101580 bytes, A
       Adds the file japanese_asp_JA.ini"="12/19/2018 1:16 PM, 66162 bytes, A
       Adds the file lci.lci"="1/22/2020 8:38 AM, 675 bytes, H
       Adds the file loading_withWhiteBG.avi"="6/12/2017 1:15 PM, 103936 bytes, A
       Adds the file Microsoft.Win32.TaskScheduler.DLL"="1/9/2020 3:36 PM, 121368 bytes, A
       Adds the file norwegian_asp_NO.ini"="12/19/2018 1:16 PM, 92240 bytes, A
       Adds the file notifier.exe"="1/9/2020 3:36 PM, 1873432 bytes, A
       Adds the file portuguese_asp_PT-BR.ini"="12/19/2018 2:15 PM, 98598 bytes, A
       Adds the file russian_asp_ru.ini"="12/19/2018 1:17 PM, 98740 bytes, A
       Adds the file scandll.dll"="1/9/2020 3:36 PM, 66584 bytes, A
       Adds the file SecRev.exe"="1/9/2020 3:36 PM, 7627288 bytes, A
       Adds the file SecRev.exe.config"="1/3/2020 2:46 PM, 6466 bytes, A
       Adds the file spanish_asp_ES.ini"="12/19/2018 1:17 PM, 103814 bytes, A
       Adds the file sr.ico"="6/12/2017 1:15 PM, 17542 bytes, A
       Adds the file swedish_asp_SV.ini"="12/19/2018 1:17 PM, 93652 bytes, A
       Adds the file System.Core.dll"="1/9/2020 3:36 PM, 673816 bytes, A
       Adds the file System.Data.SQLite.dll"="1/9/2020 3:36 PM, 892440 bytes, A
       Adds the file tray.exe"="1/9/2020 3:36 PM, 2041368 bytes, A
       Adds the file unins000.dat"="1/22/2020 8:38 AM, 95695 bytes, A
       Adds the file unins000.exe"="1/22/2020 8:38 AM, 1198616 bytes, A
       Adds the file unins000.msg"="1/22/2020 8:38 AM, 22701 bytes, A
       Adds the file unrar.dll"="1/9/2020 3:36 PM, 174616 bytes, A
       Adds the file Xceed.Compression.dll"="1/9/2020 3:36 PM, 108568 bytes, A
       Adds the file Xceed.Compression.Formats.dll"="1/9/2020 3:36 PM, 71704 bytes, A
       Adds the file Xceed.FileSystem.dll"="1/9/2020 3:36 PM, 129048 bytes, A
       Adds the file Xceed.Zip.dll"="1/9/2020 3:36 PM, 202776 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Reviver
       Adds the file Register Security Reviver.lnk"="1/22/2020 8:38 AM, 1095 bytes, A
       Adds the file Security Reviver.lnk"="1/22/2020 8:38 AM, 1069 bytes, A
       Adds the file Uninstall Security Reviver.lnk"="1/22/2020 8:38 AM, 1081 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\Security Reviver
       Adds the file AddonSafelist"="6/12/2017 1:15 PM, 13312 bytes, A
       Adds the file log.xslt"="6/12/2017 1:15 PM, 24753 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\Security Reviver\signatures
       Adds the file completedatabase.db"="1/22/2020 8:45 AM, 209821696 bytes, A
       Adds the file Cookies.bin"="1/22/2020 8:45 AM, 233928 bytes, A
       Adds the file DigSign.bin"="1/22/2020 8:45 AM, 132216 bytes, A
       Adds the file FilePaths.bin"="1/22/2020 8:45 AM, 5838576 bytes, A
       Adds the file FileSignature.bin"="1/22/2020 8:45 AM, 26693928 bytes, A
       Adds the file Folders.bin"="1/22/2020 8:45 AM, 1689184 bytes, A
       Adds the file Md5.bin"="1/22/2020 8:45 AM, 63720808 bytes, A
       Adds the file Registry.bin"="1/22/2020 8:45 AM, 39185360 bytes, A
       Adds the file SetupSign.bin"="1/22/2020 8:45 AM, 13472 bytes, A
       Adds the file StrSetupSign.bin"="1/22/2020 8:45 AM, 1792 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\Security Reviver\updates
       Adds the file 3262completedatabase.zip"="1/22/2020 8:40 AM, 36169813 bytes, A
       Adds the file 4025mupdate.zip"="1/22/2020 8:44 AM, 57688093 bytes, A
       Adds the file 4026update.zip"="1/22/2020 8:44 AM, 128602 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\ReviverSoft\Security Reviver
       Adds the file ScanEngineErrorLog.txt"="1/22/2020 8:48 AM, 6083 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver
       Adds the file ASPLog.txt"="1/22/2020 8:50 AM, 5553 bytes, A
       Adds the file QDetail.db"="1/22/2020 8:38 AM, 4096 bytes, A
       Adds the file Settings.db"="1/22/2020 8:48 AM, 12288 bytes, A
       Adds the file Update.ini"="1/22/2020 8:39 AM, 2356 bytes, A
       Adds the file uuid.txt"="1/22/2020 8:38 AM, 35 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver\Logs
       Adds the file log_22-01-20_08-48-21.xml"="1/22/2020 8:48 AM, 42979 bytes, A
       Adds the file SMLog.xml"="1/22/2020 8:48 AM, 1550 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file Security Reviver.lnk"="1/22/2020 8:38 AM, 1051 bytes, A
    In the existing folder C:\Windows\System32
       Adds the file secrevnative64.exe"="1/9/2020 3:36 PM, 27672 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file Security Reviver_startup"="1/22/2020 8:38 AM, 3068 bytes, A
       Adds the file sr_notifier_executor"="1/22/2020 8:38 AM, 3602 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_ReviverSoft~2C1D94A4_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Security Reviver\SecRev.exe"
       "DisplayName"="REG_SZ", "Security Reviver"
       "DisplayVersion"="REG_SZ", "2.1.1000.26600"
       "EstimatedSize"="REG_DWORD", 31851
       "HelpLink"="REG_SZ", "https://www.reviversoft.com/security-reviver/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Security Reviver"
       "Inno Setup: Icon Group"="REG_SZ", "Security Reviver"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (u)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20200122"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Security Reviver\"
       "MajorVersion"="REG_DWORD", 2
       "MinorVersion"="REG_DWORD", 1
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Security Reviver"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Security Reviver\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Security Reviver\unins000.exe""
       "URLInfoAbout"="REG_SZ", "https://www.reviversoft.com/security-reviver/"
       "VersionMajor"="REG_DWORD", 2
       "VersionMinor"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ReviverSoft\Params]
       "affiliateid"="REG_SZ", ""
       "ASPInstalledPath"="REG_SZ", "C:\Program Files (x86)\Security Reviver"
       "TELNO"="REG_SZ", ""
       "utm_campaign"="REG_SZ", "default"
       "utm_medium"="REG_SZ", "newbuild"
       "utm_source"="REG_SZ", "reviversoft"
       "x-at"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ReviverSoft\Security Reviver]
       "affiliateid"="REG_SZ", ""
       "afterInstallUrl"="REG_SZ", "https://goto.reviversoft.com/action/?product=SR&LinkType=Install&BuildID=0&t="
       "buildid"="REG_SZ", "0"
       "BuyNowURL"="REG_SZ", "https://goto.reviversoft.com/action/?product=SR&LinkType=Purchase&BuildID=0&t="
       "BuyNowURLADU"="REG_SZ", ""
       "BuyNowURLASP"="REG_SZ", ""
       "BuyNowURLPB"="REG_SZ", ""
       "BuyNowURLRCP"="REG_SZ", ""
       "cmd_t"="REG_SZ", ""
       "Expired"="REG_DWORD", 0
       "InstalledPath"="REG_SZ", "C:\Program Files (x86)\Security Reviver"
       "isphone"="REG_SZ", "0"
       "IsScanOptional"="REG_DWORD", 1
       "issilent"="REG_DWORD", 1
       "MaxFixLimit"="REG_DWORD", 0
       "REGVER"="REG_DWORD", 0
       "REGVER-UNINSTALL"="REG_DWORD", 0
       "RenewNowURL"="REG_SZ", "https://goto.reviversoft.com/action/?product=SR&LinkType=Renew&BuildID=0&t="
       "RenewNowURLADU"="REG_SZ", ""
       "RenewNowURLASP"="REG_SZ", ""
       "RenewNowURLPB"="REG_SZ", ""
       "RenewNowURLRCP"="REG_SZ", ""
       "showbc"="REG_DWORD", 1
       "showfth"="REG_DWORD", 0
       "showfthsetting"="REG_DWORD", 0
       "showpb"="REG_DWORD", 0
       "showsm"="REG_DWORD", 1
       "SUPPORT_URL"="REG_SZ", "https://goto.reviversoft.com/action/?product=SR&LinkType=Support&BuildID=0&t="
       "TELNO"="REG_SZ", ""
       "TELNOFR"="REG_SZ", ""
       "uid"="REG_SZ", "72205a28-a34819b8-a4bb0795-f972a54c"
       "utm_campaign"="REG_SZ", "default"
       "utm_medium"="REG_SZ", "newbuild"
       "utm_source"="REG_SZ", "reviversoft"
       "x-at"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ReviverSoft\Security Reviver\LANG]
       "LangCode"="REG_SZ", "en"
       "LangID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\ReviverSoft\params]
       "ASPInstalledPath"="REG_SZ", "C:\Program Files (x86)\Security Reviver"
    [HKEY_CURRENT_USER\Software\ReviverSoft\Security Reviver]
       "affiliateid"="REG_SZ", ""
       "buildid"="REG_SZ", "0"
       "cmd_t"="REG_SZ", ""
       "CurrentScanTime"="REG_BINARY, ........
       "FirstInstallDate"="REG_SZ", "22-01-2020"
       "InstalledPath"="REG_SZ", "C:\Program Files (x86)\Security Reviver"
       "StrLastErrorsFixed"="REG_SZ", "0"
       "StrLastScanResults"="REG_SZ", "56"
       "TELNO"="REG_SZ", ""
       "TELNOFR"="REG_SZ", ""
       "utm_campaign"="REG_SZ", "default"
       "utm_days"="REG_SZ", "0"
       "utm_medium"="REG_SZ", "newbuild"
       "utm_source"="REG_SZ", "reviversoft"
       "x-at"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\ReviverSoft\Security Reviver\2.1.1000.26600]
    [HKEY_CURRENT_USER\Software\ReviverSoft\Security Reviver\LANG]
       "LangCode"="REG_SZ", "en"
       "LangID"="REG_DWORD", 0

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/22/20
Scan Time: 9:00 AM
Log File: 46fe135a-3ced-11ea-b033-00ffdcc6fdfc.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.785
Update Package Version: 1.0.18084
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 236070
Threats Detected: 96
Threats Quarantined: 96
Time Elapsed: 31 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\SecRev.exe, Quarantined, 1521, 183639, , , , 

Module: 10
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\SecRev.exe, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\helper.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Interop.IWshRuntimeLibrary.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Microsoft.Win32.TaskScheduler.DLL, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\scandll.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\System.Data.SQLite.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\unrar.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Xceed.Compression.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Xceed.FileSystem.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Xceed.Zip.dll, Quarantined, 1521, 183639, , , , 

Registry Key: 9
PUP.Optional.SecurityReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SECURITY REVIVER_STARTUP, Quarantined, 1521, 183641, , , , 
PUP.Optional.SecurityReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C69819AC-6DEE-4FCE-AF8C-E525EDB6CAFB}, Quarantined, 1521, 183641, , , , 
PUP.Optional.SecurityReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{C69819AC-6DEE-4FCE-AF8C-E525EDB6CAFB}, Quarantined, 1521, 183641, , , , 
PUP.Optional.SecurityReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\sr_notifier_executor, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2E1D2ED2-7C7B-4B2F-9BAA-04BB6EA2FEE2}, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{2E1D2ED2-7C7B-4B2F-9BAA-04BB6EA2FEE2}, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_ReviverSoft~2C1D94A4_is1, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, HKCU\SOFTWARE\REVIVERSOFT\Security Reviver, Quarantined, 1521, 259287, 1.0.18084, , ame, 
PUP.Optional.SecurityReviver, HKLM\SOFTWARE\WOW6432NODE\REVIVERSOFT\Security Reviver, Quarantined, 1521, 259289, 1.0.18084, , ame, 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\updates, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\PROGRAMDATA\REVIVERSOFT\SECURITY REVIVER, Quarantined, 1521, 182114, 1.0.18084, , ame, 
PUP.Optional.SecurityReviver, C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver\Logs, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\USERS\{username}\APPDATA\ROAMING\REVIVERSOFT\SECURITY REVIVER, Quarantined, 1521, 182114, 1.0.18084, , ame, 
PUP.Optional.SecurityReviver, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SECURITY REVIVER, Quarantined, 1521, 182115, 1.0.18084, , ame, 
PUP.Optional.SecurityReviver, C:\USERS\{username}\APPDATA\LOCAL\REVIVERSOFT\SECURITY REVIVER, Quarantined, 1521, 502489, 1.0.18084, , ame, 

File: 69
PUP.Optional.SecurityReviver, C:\USERS\PUBLIC\DESKTOP\SECURITY REVIVER.LNK, Quarantined, 1521, 183638, 1.0.18084, , ame, 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\completedatabase.db, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\Cookies.bin, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\DigSign.bin, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\FilePaths.bin, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\FileSignature.bin, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\Folders.bin, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\Md5.bin, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\Registry.bin, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\SetupSign.bin, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\signatures\StrSetupSign.bin, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\updates\3262completedatabase.zip, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\updates\4025mupdate.zip, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\updates\4026update.zip, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\AddonSafelist, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\ReviverSoft\Security Reviver\log.xslt, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\WINDOWS\SYSTEM32\TASKS\SECURITY REVIVER_STARTUP, Quarantined, 1521, 183641, 1.0.18084, , ame, 
PUP.Optional.SecurityReviver, C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver\Logs\log_22-01-20_08-48-21.xml, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver\Logs\SMLog.xml, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver\ASPLog.txt, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver\QDetail.db, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver\Settings.db, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver\Update.ini, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\Users\{username}\AppData\Roaming\ReviverSoft\Security Reviver\uuid.txt, Quarantined, 1521, 182114, , , , 
PUP.Optional.SecurityReviver, C:\PROGRAM FILES (X86)\SECURITY REVIVER\unins000.dat, Quarantined, 1521, 183639, 1.0.18084, , ame, 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\SecRev.exe, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\AppManager.exe, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\AppResource.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\categories.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Chinese_asp_ZH-CN.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\danish_asp_DA.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\dutch_asp_NL.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\eng_asp_en.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Finnish_asp_FI.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\french_asp_FR.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\german_asp_DE.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\helper.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Interop.IWshRuntimeLibrary.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\italian_asp_IT.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\japanese_asp_JA.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\lci.lci, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\loading_withWhiteBG.avi, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Microsoft.Win32.TaskScheduler.DLL, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\norwegian_asp_NO.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\notifier.exe, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\portuguese_asp_PT-BR.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\russian_asp_ru.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\scandll.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\SecRev.exe.config, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\spanish_asp_ES.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\sr.ico, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\swedish_asp_SV.ini, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\System.Data.SQLite.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\tray.exe, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\unins000.exe, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\unins000.msg, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\unrar.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Xceed.Compression.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Xceed.Compression.Formats.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Xceed.FileSystem.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\Program Files (x86)\Security Reviver\Xceed.Zip.dll, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Security Reviver.lnk, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\WINDOWS\SYSTEM32\TASKS\sr_notifier_executor, Quarantined, 1521, 183639, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Reviver\Register Security Reviver.lnk, Quarantined, 1521, 182115, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Reviver\Security Reviver.lnk, Quarantined, 1521, 182115, , , , 
PUP.Optional.SecurityReviver, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Reviver\Uninstall Security Reviver.lnk, Quarantined, 1521, 182115, , , , 
PUP.Optional.SecurityReviver, C:\Users\{username}\AppData\Local\ReviverSoft\Security Reviver\ScanEngineErrorLog.txt, Quarantined, 1521, 502489, , , , 
PUP.Optional.SecurityReviver, C:\WINDOWS\SYSTEM32\SECREVNATIVE64.EXE, Quarantined, 1521, 783064, 1.0.18084, , ame, 
PUP.Optional.SecurityReviver, C:\USERS\{username}\DESKTOP\SECURITYREVIVERSETUP.EXE, Quarantined, 1521, 338021, 1.0.18084, , ame, 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.