Jump to content

Recommended Posts

  • Staff

What is PC Reviver?

PC Reviver is a system optimizer that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.

How do I know if I am affected by PC Reviver?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see these windows during install:

warning1.png

warning2.png

and this type of screens during operations:

warning5.png

You may see this entry in your list of installed programs:

warning4.png

and this task in your list of Scheduled Tasks:

warning3.png

How did PC Reviver get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:

website.png

How do I remove PC Reviver?

Our program Malwarebytes can detect and remove this PUP, but it is advisable to use the built-in uninstaller first.
You can use a Malwarebytes scan to check if everthing was removed.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of PC Reviver?

  • No, Malwarebytes removes PC Reviver completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

What if I want to keep PC Reviver?

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary files or folder(s) that belong to the software.

If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you in dealing with this system optimizer.

As you can see below the full version of Malwarebytes would have warned you against the PC Reviver installer.
 

protection1.png


Technical details for experts

You may see these entries in FRST logs:
 

(Corel Corporation -> Corel Corporation) C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe
(Corel Corporation -> Corel Corporation) C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoft Smart Monitor Service.exe
(Corel Corporation -> Corel Corporation) C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoftSmartMonitor.exe
Task: {04EF5175-9FA0-4994-BD25-DCA724CD1538} - System32\Tasks\Start PC Reviver Schedule => C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe [12460360 2020-02-04] (Corel Corporation -> Corel Corporation)
Task: {6F9517D6-101D-431D-BB2F-CD4BD838D4A8} - System32\Tasks\Start PC Reviver for {computername}@{username}(logon) => C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe [12460360 2020-02-04] (Corel Corporation -> Corel Corporation)
Task: {D8971EF3-4824-4B7E-99D6-5B1320DDE99A} - System32\Tasks\Start PC Reviver Update => C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe [12460360 2020-02-04] (Corel Corporation -> Corel Corporation)
R2 ReviverSoft Smart Monitor Service; C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoft Smart Monitor Service.exe [1463112 2020-04-15] (Corel Corporation -> Corel Corporation)
C:\Windows\system32\Tasks\Start PC Reviver Schedule
C:\Windows\system32\Tasks\Start PC Reviver Update
C:\Windows\system32\Tasks\Start PC Reviver for {computername}@{username}(logon)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
C:\Users\Public\Desktop\PC Reviver.lnk
C:\ProgramData\Desktop\PC Reviver.lnk
C:\ProgramData\ReviverSoft
C:\Program Files\ReviverSoft

PC Reviver (HKLM\...\PC Reviver) (Version: 3.9.0.24 - Corel Corporation)
ContextMenuHandlers1: [PC Reviver] -> {D59EA345-8611-4433-A2B6-302339608B90} => C:\Program Files\ReviverSoft\PC Reviver\windowscontextmenuhandler-vc141-mt.dll [2020-02-04] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers2: [PC Reviver] -> {D59EA345-8611-4433-A2B6-302339608B90} => C:\Program Files\ReviverSoft\PC Reviver\windowscontextmenuhandler-vc141-mt.dll [2020-02-04] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers4: [PC Reviver] -> {D59EA345-8611-4433-A2B6-302339608B90} => C:\Program Files\ReviverSoft\PC Reviver\windowscontextmenuhandler-vc141-mt.dll [2020-02-04] (Corel Corporation -> Corel Corporation)

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver
       Adds the file 7za.exe"="7/2/2020 9:05 AM, 591176 bytes, A
       Adds the file api-ms-win-core-console-l1-1-0.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file api-ms-win-core-datetime-l1-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-debug-l1-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-errorhandling-l1-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-file-l1-1-0.dll"="11/18/2019 11:42 AM, 22208 bytes, A
       Adds the file api-ms-win-core-file-l1-2-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-file-l2-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-handle-l1-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-heap-l1-1-0.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file api-ms-win-core-interlocked-l1-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-libraryloader-l1-1-0.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file api-ms-win-core-localization-l1-2-0.dll"="11/18/2019 11:42 AM, 21184 bytes, A
       Adds the file api-ms-win-core-memory-l1-1-0.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file api-ms-win-core-namedpipe-l1-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-processenvironment-l1-1-0.dll"="11/18/2019 11:42 AM, 19648 bytes, A
       Adds the file api-ms-win-core-processthreads-l1-1-0.dll"="11/18/2019 11:42 AM, 20672 bytes, A
       Adds the file api-ms-win-core-processthreads-l1-1-1.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file api-ms-win-core-profile-l1-1-0.dll"="11/18/2019 11:42 AM, 18112 bytes, A
       Adds the file api-ms-win-core-rtlsupport-l1-1-0.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file api-ms-win-core-string-l1-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-synch-l1-1-0.dll"="11/18/2019 11:42 AM, 20672 bytes, A
       Adds the file api-ms-win-core-synch-l1-2-0.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file api-ms-win-core-sysinfo-l1-1-0.dll"="11/18/2019 11:42 AM, 19648 bytes, A
       Adds the file api-ms-win-core-timezone-l1-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-core-util-l1-1-0.dll"="11/18/2019 11:42 AM, 18624 bytes, A
       Adds the file api-ms-win-crt-conio-l1-1-0.dll"="11/18/2019 11:42 AM, 19648 bytes, A
       Adds the file api-ms-win-crt-convert-l1-1-0.dll"="11/18/2019 11:42 AM, 22720 bytes, A
       Adds the file api-ms-win-crt-environment-l1-1-0.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file api-ms-win-crt-filesystem-l1-1-0.dll"="11/18/2019 11:42 AM, 20672 bytes, A
       Adds the file api-ms-win-crt-heap-l1-1-0.dll"="11/18/2019 11:42 AM, 19648 bytes, A
       Adds the file api-ms-win-crt-locale-l1-1-0.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file api-ms-win-crt-math-l1-1-0.dll"="11/18/2019 11:42 AM, 27840 bytes, A
       Adds the file api-ms-win-crt-multibyte-l1-1-0.dll"="11/18/2019 11:42 AM, 26816 bytes, A
       Adds the file api-ms-win-crt-private-l1-1-0.dll"="11/18/2019 11:42 AM, 70848 bytes, A
       Adds the file api-ms-win-crt-process-l1-1-0.dll"="11/18/2019 11:42 AM, 19648 bytes, A
       Adds the file api-ms-win-crt-runtime-l1-1-0.dll"="11/18/2019 11:42 AM, 23232 bytes, A
       Adds the file api-ms-win-crt-stdio-l1-1-0.dll"="11/18/2019 11:42 AM, 24768 bytes, A
       Adds the file api-ms-win-crt-string-l1-1-0.dll"="11/18/2019 11:42 AM, 24768 bytes, A
       Adds the file api-ms-win-crt-time-l1-1-0.dll"="11/18/2019 11:42 AM, 21184 bytes, A
       Adds the file api-ms-win-crt-utility-l1-1-0.dll"="11/18/2019 11:42 AM, 19136 bytes, A
       Adds the file concrt140.dll"="11/18/2019 11:42 AM, 333632 bytes, A
       Adds the file CrashHelper.mab"="2/4/2020 12:52 PM, 143535 bytes, A
       Adds the file disk_explorer-vc141-mt.dll"="2/4/2020 12:52 PM, 3827016 bytes, A
       Adds the file DiskCleaner.mab"="2/4/2020 12:52 PM, 291716 bytes, A
       Adds the file DiskTools.mab"="2/4/2020 12:52 PM, 285747 bytes, A
       Adds the file DriverUpdater.mab"="2/4/2020 12:52 PM, 944456 bytes, A
       Adds the file duplicates_finder_component-vc141-mt.dll"="2/4/2020 12:52 PM, 3767112 bytes, A
       Adds the file FileExtensionManager.mab"="2/4/2020 12:52 PM, 173935 bytes, A
       Adds the file FileExtensionManager-vc141-mt.dll"="2/4/2020 12:52 PM, 336712 bytes, A
       Adds the file helper.exe"="2/4/2020 12:52 PM, 279368 bytes, A
       Adds the file helper.st"="7/2/2020 9:05 AM, 362 bytes, A
       Adds the file lci.lci"="7/2/2020 9:06 AM, 667 bytes, HA
       Adds the file LGPL.txt"="11/18/2019 11:42 AM, 7853 bytes, A
       Adds the file mass_file_renamer_component-vc141-mt.dll"="2/4/2020 12:52 PM, 2821960 bytes, A
       Adds the file msvcp140.dll"="11/18/2019 11:42 AM, 633152 bytes, A
       Adds the file OpenSSL_License.txt"="5/8/2018 2:41 PM, 6281 bytes, A
       Adds the file PC Reviver.exe"="2/4/2020 12:52 PM, 12460360 bytes, A
       Adds the file PC Reviver.mab"="2/4/2020 12:52 PM, 1896277 bytes, A
       Adds the file PCRNotifier.exe"="2/4/2020 12:52 PM, 2366280 bytes, A
       Adds the file PCRNotifier.mab"="2/4/2020 12:52 PM, 803269 bytes, A
       Adds the file PCRNotifierTray.exe"="2/4/2020 12:52 PM, 689992 bytes, A
       Adds the file PCRNotifierTray.mab"="2/4/2020 12:52 PM, 150627 bytes, A
       Adds the file ProcessLibrary.mab"="2/4/2020 12:52 PM, 143778 bytes, A
       Adds the file Qt5Core.dll"="2/4/2020 12:52 PM, 5637960 bytes, A
       Adds the file Qt5Gui.dll"="2/4/2020 12:52 PM, 5827912 bytes, A
       Adds the file Qt5PrintSupport.dll"="2/4/2020 12:52 PM, 320840 bytes, A
       Adds the file Qt5Widgets.dll"="2/4/2020 12:52 PM, 5511496 bytes, A
       Adds the file Qt5WinExtras.dll"="2/4/2020 12:52 PM, 287048 bytes, A
       Adds the file RegistryDefrag.mab"="2/4/2020 12:52 PM, 286519 bytes, A
       Adds the file RegistryOptimizer.mab"="2/4/2020 12:52 PM, 632330 bytes, A
       Adds the file StartupManager.mab"="2/4/2020 12:52 PM, 237166 bytes, A
       Adds the file system_exclusions"="11/18/2019 1:12 PM, 11957 bytes, A
       Adds the file SystemDetails.mab"="2/4/2020 12:52 PM, 229481 bytes, A
       Adds the file SystemInfo-vc141-mt.dll"="2/4/2020 12:52 PM, 2157384 bytes, A
       Adds the file SystemInfo-vc141-mt.mab"="2/4/2020 12:52 PM, 889761 bytes, A
       Adds the file ucrtbase.dll"="11/18/2019 11:42 AM, 982720 bytes, A
       Adds the file uninst.exe"="2/4/2020 12:52 PM, 199856 bytes, A
       Adds the file Uninstaller.mab"="2/4/2020 12:52 PM, 696931 bytes, A
       Adds the file vccorlib140.dll"="11/18/2019 11:42 AM, 395592 bytes, A
       Adds the file vcruntime140.dll"="11/18/2019 11:42 AM, 87888 bytes, A
       Adds the file windowscontextmenuhandler-vc141-mt.dll"="2/4/2020 12:52 PM, 392008 bytes, A
       Adds the file windowscontextmenuhandler-vc141-mt.mab"="2/4/2020 12:52 PM, 102173 bytes, A
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\apps
       Adds the file C_apps"="2/4/2020 12:27 PM, 640 bytes, A
       Adds the file MJ_apps"="2/4/2020 12:27 PM, 4912 bytes, A
       Adds the file P_apps"="2/4/2020 12:27 PM, 1360 bytes, A
       Adds the file RS_apps"="2/4/2020 12:27 PM, 4544 bytes, A
       Adds the file SS_apps"="2/4/2020 12:27 PM, 3024 bytes, A
       Adds the file WZ_apps"="2/4/2020 12:27 PM, 3328 bytes, A
       Adds the file WZC_apps"="2/4/2020 12:27 PM, 384 bytes, A
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\imageformats
       Adds the file qdds.dll"="2/4/2020 12:52 PM, 55624 bytes, A
       Adds the file qgif.dll"="2/4/2020 12:52 PM, 35656 bytes, A
       Adds the file qicns.dll"="2/4/2020 12:52 PM, 43336 bytes, A
       Adds the file qico.dll"="2/4/2020 12:52 PM, 37704 bytes, A
       Adds the file qjpeg.dll"="2/4/2020 12:52 PM, 243528 bytes, A
       Adds the file qsvg.dll"="2/4/2020 12:52 PM, 29512 bytes, A
       Adds the file qtga.dll"="2/4/2020 12:52 PM, 29000 bytes, A
       Adds the file qtiff.dll"="2/4/2020 12:52 PM, 360776 bytes, A
       Adds the file qwbmp.dll"="2/4/2020 12:52 PM, 27464 bytes, A
       Adds the file qwebp.dll"="2/4/2020 12:52 PM, 439112 bytes, A
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\languages\wcmh
       Adds the file Brazilian.xml"="11/18/2019 3:42 PM, 431 bytes, A
       Adds the file Danish.xml"="11/18/2019 3:42 PM, 389 bytes, A
       Adds the file Dutch.xml"="11/18/2019 3:42 PM, 404 bytes, A
       Adds the file English.xml"="11/18/2019 3:42 PM, 357 bytes, A
       Adds the file Finnish.xml"="11/18/2019 3:42 PM, 386 bytes, A
       Adds the file French.xml"="11/18/2019 3:42 PM, 425 bytes, A
       Adds the file German.xml"="11/18/2019 3:42 PM, 438 bytes, A
       Adds the file Italian.xml"="11/18/2019 3:42 PM, 414 bytes, A
       Adds the file Japanese.xml"="11/18/2019 3:42 PM, 416 bytes, A
       Adds the file Norwegian.xml"="11/18/2019 3:42 PM, 398 bytes, A
       Adds the file Russian.xml"="11/18/2019 3:42 PM, 557 bytes, A
       Adds the file Spanish.xml"="11/18/2019 3:42 PM, 400 bytes, A
       Adds the file Swedish.xml"="11/18/2019 3:42 PM, 415 bytes, A
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\PC Reviver
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\platforms
       Adds the file qwindows.dll"="2/4/2020 12:52 PM, 1222472 bytes, A
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins
       Adds the file CrashHelper.dll"="2/4/2020 12:52 PM, 584008 bytes, A
       Adds the file DiskCleaner.dll"="2/4/2020 12:52 PM, 966984 bytes, A
       Adds the file DiskTools.dll"="2/4/2020 12:52 PM, 1018184 bytes, A
       Adds the file DriverUpdater.dll"="2/4/2020 12:52 PM, 10716488 bytes, A
       Adds the file FileExtensionManager.dll"="2/4/2020 12:52 PM, 648520 bytes, A
       Adds the file ProcessLibrary.dll"="2/4/2020 12:52 PM, 585032 bytes, A
       Adds the file RegistryDefrag.dll"="2/4/2020 12:52 PM, 1649480 bytes, A
       Adds the file RegistryOptimizer.dll"="2/4/2020 12:52 PM, 5604680 bytes, A
       Adds the file StartupManager.dll"="2/4/2020 12:52 PM, 956744 bytes, A
       Adds the file SystemDetails.dll"="2/4/2020 12:52 PM, 761160 bytes, A
       Adds the file Uninstaller.dll"="2/4/2020 12:52 PM, 2113352 bytes, A
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\CrashHelper
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\DiskCleaner
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\DiskTools
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\DriverUpdater
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\FileExtensionManager
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\ProcessLibrary
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\RegistryDefrag
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\RegistryOptimizer
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\StartupManager
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\SystemDetails
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\plugins\Uninstaller
    Adds the folder C:\Program Files\ReviverSoft\PC Reviver\printsupport
       Adds the file windowsprintersupport.dll"="2/4/2020 12:52 PM, 46920 bytes, A
    Adds the folder C:\Program Files\ReviverSoft\Smart Monitor
       Adds the file apps"="4/15/2020 3:08 PM, 4544 bytes, A
       Adds the file ReviverSoft Smart Monitor Service.exe"="4/15/2020 3:40 PM, 1463112 bytes, A
       Adds the file ReviverSoft Smart Monitor Service.mab"="4/15/2020 3:40 PM, 416624 bytes, A
       Adds the file ReviverSoftSmartMonitor.exe"="4/15/2020 3:40 PM, 5490504 bytes, A
       Adds the file ReviverSoftSmartMonitor.mab"="4/15/2020 3:40 PM, 1066640 bytes, A
       Adds the file Settings.exe"="4/15/2020 3:40 PM, 1084232 bytes, A
       Adds the file Settings.mab"="4/15/2020 3:40 PM, 303456 bytes, A
       Adds the file Uninstall.exe"="4/15/2020 3:40 PM, 186032 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft\PC Reviver
       Adds the file PC Reviver.lnk"="7/2/2020 9:05 AM, 1012 bytes, A
       Adds the file Uninstall.lnk"="7/2/2020 9:05 AM, 990 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\PC Reviver
       Adds the file PCReviver.ini"="7/2/2020 9:05 AM, 75 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}
       Adds the file du_statistic"="7/2/2020 9:07 AM, 32768 bytes, A
       Adds the file PCReviver.ini"="7/2/2020 9:07 AM, 491 bytes, A
       Adds the file ro_statistic"="7/2/2020 9:07 AM, 28672 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Disk Cleaner
       Adds the file scanStatisticInfo"="7/2/2020 9:07 AM, 133 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Driver Updater
       Adds the file Exclusions.xml"="7/2/2020 9:05 AM, 391 bytes, A
       Adds the file Request.xml"="7/2/2020 9:07 AM, 27989 bytes, A
       Adds the file Response.xml"="7/2/2020 9:07 AM, 975 bytes, A
       Adds the file scanStatisticInfo"="7/2/2020 9:07 AM, 120 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Driver Updater\backups
       Adds the file BackupInfo.xml"="7/2/2020 9:05 AM, 399 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\logs\Driver Updater
       Adds the file DR_manager.log"="7/2/2020 9:07 AM, 776 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\logs\Registry Cleaner
       Adds the file logRegScan.log"="7/2/2020 9:07 AM, 16024 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Registry Cleaner
       Adds the file scan.ini"="7/2/2020 9:07 AM, 120 bytes, A
       Adds the file Settings.ini"="7/2/2020 9:05 AM, 52 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\PC Reviver\Uninstall Manager\3.9.0.24\plugins
       Adds the file ToolbarPlugin64.dll"="2/4/2020 12:52 PM, 647496 bytes, A
       Adds the file UninstallManagerPlugin64.dll"="2/4/2020 12:52 PM, 137544 bytes, A
    Adds the folder C:\ProgramData\ReviverSoft\Smart Monitor\{admin identifier}
       Adds the file settings.data"="7/2/2020 9:06 AM, 676 bytes, A
       Adds the file smsettings"="7/2/2020 9:06 AM, 44 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file PC Reviver.lnk"="7/2/2020 9:05 AM, 988 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file Start PC Reviver for {computername}@{username}(logon)"="7/2/2020 9:05 AM, 3104 bytes, A
       Adds the file Start PC Reviver Schedule"="7/2/2020 9:05 AM, 3438 bytes, A
       Adds the file Start PC Reviver Update"="7/2/2020 9:05 AM, 3370 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PC Reviver]
       "(Default)"="REG_SZ", "{D59EA345-8611-4433-A2B6-302339608B90}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\.exe]
       "AppID"="REG_SZ", "{72FDEF43-1464-4451-9DC0-28CA990841F8}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2A2423AE-1AD9-4B60-A021-BBD75766C2FD}]
       "(Default)"="REG_SZ", "ReviverSoft Smart Monitor Service"
       "LocalService"="REG_SZ", "ReviverSoft Smart Monitor Service"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ReviverSoftSmartMonitor.exe]
       "IsHostApp"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D59EA345-8611-4433-A2B6-302339608B90}\InProcServer32]
       "(Default)"="REG_SZ", "C:\Program Files\ReviverSoft\PC Reviver\windowscontextmenuhandler-vc141-mt.dll"
       "ThreadingModel"="REG_SZ", "Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF12FA28-28F0-4A9D-B9B7-ECEF6F82AAFC}\LocalServer32]
       "(Default)"="REG_SZ", ""C:\Program Files\ReviverSoft\Smart Monitor\Settings.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PC Reviver]
       "(Default)"="REG_SZ", "{D59EA345-8611-4433-A2B6-302339608B90}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57518937-293A-46FC-A749-DE2AED21AE23}]
       "(Default)"="REG_SZ", "ISMSettings"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C214F44-DEE2-4F73-86CC-7427C4CAA32C}]
       "(Default)"="REG_SZ", "ISMSettings2"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ReviverSoft.SMSettings]
       "(Default)"="REG_SZ", "SMSettings Class"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}]
       "(Default)"="REG_SZ", "SMSettings"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
       "{D59EA345-8611-4433-A2B6-302339608B90}"="REG_SZ", "PC Reviver"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Reviver]
       "BID"="REG_SZ", "0"
       "DisplayIcon"="REG_SZ", "C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe"
       "DisplayName"="REG_SZ", "PC Reviver"
       "DisplayVersion"="REG_SZ", "3.9.0.24"
       "EstimatedSize"="REG_DWORD", 86786
       "InstallLocation"="REG_SZ", "C:\Program Files\ReviverSoft\PC Reviver"
       "InstallPath"="REG_SZ", "C:\Program Files\ReviverSoft\PC Reviver"
       "MajorVersion"="REG_DWORD", 3
       "MinorVersion"="REG_DWORD", 9
       "OSOURCE"="REG_SZ", ""
       "Publisher"="REG_SZ", "Corel Corporation"
       "TID"="REG_SZ", ""
       "UninstallString"="REG_SZ", "C:\Program Files\ReviverSoft\PC Reviver\uninst.exe"
       "URLInfoAbout"="REG_SZ", "https://www.reviversoft.com/support/pc-reviver"
       "VersionMajor"="REG_DWORD", 3
       "VersionMinor"="REG_DWORD", 9
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ReviverSoft Smart Monitor Service]
       "DependOnService"="REG_MULTI_SZ, "RPCSS "
       "Description"="REG_SZ", "ReviverSoft Smart Monitor Service"
       "DisplayName"="REG_SZ", "ReviverSoft Smart Monitor Service"
       "ErrorControl"="REG_DWORD", 1
       "FailureActions"="REG_BINARY, ......................
       "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoft Smart Monitor Service.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/2/20
Scan Time: 9:18 AM
Log File: 39241632-bc34-11ea-ac19-00ffdcc6fdfc.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.972
Update Package Version: 1.0.26289
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 232406
Threats Detected: 66
Threats Quarantined: 65
Time Elapsed: 6 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\PC REVIVER.EXE, Quarantined, 3308, 469266, , , , 

Module: 7
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\Uninstall Manager\3.9.0.24\plugins\ToolbarPlugin64.dll, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\Uninstall Manager\3.9.0.24\plugins\UninstallManagerPlugin64.dll, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\PC REVIVER.EXE, Quarantined, 3308, 469266, , , , 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\PLUGINS\REGISTRYOPTIMIZER.DLL, Quarantined, 3308, 469266, , , , 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\FILEEXTENSIONMANAGER-VC141-MT.DLL, Quarantined, 3308, 469266, , , , 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\PLUGINS\DRIVERUPDATER.DLL, Quarantined, 3308, 469266, , , , 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\WINDOWSCONTEXTMENUHANDLER-VC141-MT.DLL, Quarantined, 3308, 469266, , , , 

Registry Key: 12
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start PC Reviver for {computername}@{username}(logon), Quarantined, 3308, 383077, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6F9517D6-101D-431D-BB2F-CD4BD838D4A8}, Quarantined, 3308, 383077, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{6F9517D6-101D-431D-BB2F-CD4BD838D4A8}, Quarantined, 3308, 383077, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start PC Reviver Schedule, Quarantined, 3308, 383077, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{04EF5175-9FA0-4994-BD25-DCA724CD1538}, Quarantined, 3308, 383077, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{04EF5175-9FA0-4994-BD25-DCA724CD1538}, Quarantined, 3308, 383077, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start PC Reviver Update, Quarantined, 3308, 383077, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D8971EF3-4824-4B7E-99D6-5B1320DDE99A}, Quarantined, 3308, 383077, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D8971EF3-4824-4B7E-99D6-5B1320DDE99A}, Quarantined, 3308, 383077, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Reviver, Quarantined, 3308, 480851, 1.0.26289, , ame, 
PUP.Optional.PCReviver, HKLM\SOFTWARE\CLASSES\CLSID\{D59EA345-8611-4433-A2B6-302339608B90}, Quarantined, 3308, 469266, , , , 
PUP.Optional.PCReviver, HKLM\SOFTWARE\CLASSES\CLSID\{D59EA345-8611-4433-A2B6-302339608B90}\InprocServer32, Quarantined, 3308, 469266, , , , 

Registry Value: 5
PUP.Optional.PCReviver, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PC REVIVER.EXE, Quarantined, 3308, 483623, 1.0.26289, , ame, 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{04EF5175-9FA0-4994-BD25-DCA724CD1538}|PATH, Quarantined, 3308, 383080, 1.0.26289, , ame, 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6F9517D6-101D-431D-BB2F-CD4BD838D4A8}|PATH, Quarantined, 3308, 383080, 1.0.26289, , ame, 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D8971EF3-4824-4B7E-99D6-5B1320DDE99A}|PATH, Quarantined, 3308, 383080, 1.0.26289, , ame, 
PUP.Optional.PCReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{D59EA345-8611-4433-A2B6-302339608B90}, Quarantined, 3308, 469266, , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 13
PUP.Optional.PCReviver, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REVIVERSOFT\PC REVIVER, Quarantined, 3308, 336928, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Driver Updater\backups, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\logs\Registry Cleaner, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\logs\Driver Updater, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Registry Cleaner, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Driver Updater, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Disk Cleaner, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\logs, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}, Delete-on-Reboot, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\Uninstall Manager\3.9.0.24\plugins, Delete-on-Reboot, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\Uninstall Manager\3.9.0.24, Delete-on-Reboot, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\Uninstall Manager, Delete-on-Reboot, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\PROGRAMDATA\REVIVERSOFT\PC REVIVER, Delete-on-Reboot, 3308, 336927, 1.0.26289, , ame, 

File: 28
PUP.Optional.PCReviver, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REVIVERSOFT\PC REVIVER\PC REVIVER.LNK, Quarantined, 3308, 336928, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft\PC Reviver\Uninstall.lnk, Quarantined, 3308, 336928, , , , 
PUP.Optional.PCReviver, C:\WINDOWS\SYSTEM32\TASKS\Start PC Reviver for {computername}@{username}(logon), Quarantined, 3308, 383077, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\WINDOWS\SYSTEM32\TASKS\Start PC Reviver Schedule, Quarantined, 3308, 383077, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\WINDOWS\SYSTEM32\TASKS\Start PC Reviver Update, Quarantined, 3308, 383077, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\USERS\PUBLIC\DESKTOP\PC REVIVER.LNK, Quarantined, 3308, 336929, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\PROGRAMDATA\REVIVERSOFT\PC REVIVER\{admin identifier}\PCREVIVER.INI, Quarantined, 3308, 336927, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Disk Cleaner\scanStatisticInfo, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Driver Updater\backups\BackupInfo.xml, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Driver Updater\Exclusions.xml, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Driver Updater\Request.xml, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Driver Updater\Response.xml, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Driver Updater\scanStatisticInfo, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\logs\Driver Updater\DR_manager.log, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\logs\Registry Cleaner\logRegScan.log, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Registry Cleaner\scan.ini, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\Registry Cleaner\Settings.ini, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\du_statistic, Delete-on-Reboot, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\{admin identifier}\ro_statistic, Delete-on-Reboot, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\Uninstall Manager\3.9.0.24\plugins\ToolbarPlugin64.dll, Delete-on-Reboot, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\Uninstall Manager\3.9.0.24\plugins\UninstallManagerPlugin64.dll, Delete-on-Reboot, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\ProgramData\ReviverSoft\PC Reviver\PCReviver.ini, Quarantined, 3308, 336927, , , , 
PUP.Optional.PCReviver, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\PC Reviver.lnk, Removal Failed, 3308, 469266, , , , 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\PC REVIVER.EXE, Delete-on-Reboot, 3308, 469266, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\PLUGINS\REGISTRYOPTIMIZER.DLL, Delete-on-Reboot, 3308, 469266, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\FILEEXTENSIONMANAGER-VC141-MT.DLL, Delete-on-Reboot, 3308, 469266, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\PLUGINS\DRIVERUPDATER.DLL, Delete-on-Reboot, 3308, 469266, 1.0.26289, , ame, 
PUP.Optional.PCReviver, C:\PROGRAM FILES\REVIVERSOFT\PC REVIVER\WINDOWSCONTEXTMENUHANDLER-VC141-MT.DLL, Delete-on-Reboot, 3308, 469266, 1.0.26289, , ame, 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.