Jump to content

Recommended Posts

  • Staff

What is SuperEasy Registry Cleaner?

SuperEasy Registry Cleaner is a registry cleaner that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.

How do I know if I am affected by SuperEasy Registry Cleaner?

This is how the main screen of the registry cleaner looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this type of windows during install:

warning1.png

and this type of screens during operations:

warning5.png

You may see this entry in your list of installed programs:

warning4.png

and this task in your list of Scheduled Tasks:

warning3.png

How did SuperEasy Registry Cleaner get on my computer?

These so-called registry cleaners use different methods of getting installed. This particular one was downloaded from a software promoting website.

How do I remove SuperEasy Registry Cleaner?

Our program Malwarebytes can detect and remove this PUP.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of SuperEasy Registry Cleaner?

  • No, Malwarebytes removes SuperEasy Registry Cleaner completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

What if I want to keep SuperEasy Registry Cleaner?

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary files or folder(s) that belong to the software.

If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you in dealing with this registry cleaner.

As you can see below the full version of Malwarebytes would have warned you against the SuperEasy Registry Cleaner installer.
 

protection1.png

 

Technical details for experts

You may see these entries in FRST logs:


 

(SuperEasy Software GmbH & Co. KG -> SuperEasy Software) C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\SuperEasyRC.exe
Task: {8C08BC94-5738-49EC-A79C-69AE64257B61} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\SuperEasyRC.exe [8225704 2011-11-17] (SuperEasy Software GmbH & Co. KG -> SuperEasy Software)
C:\Windows\system32\Tasks\SuperEasy Registry Cleaner
C:\Users\Public\Desktop\SuperEasy Registry Cleaner.lnk
C:\ProgramData\Desktop\SuperEasy Registry Cleaner.lnk
C:\Users\{username}\AppData\Roaming\SuperEasy
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
C:\Program Files (x86)\SuperEasy Software
(SuperEasy Software) C:\Windows\system32\roboot64.exe
(SuperEasy Software ) C:\Users\{username}\Desktop\SuperEasy.exe

SuperEasy Registry Cleaner (HKLM-x32\...\SuperEasy Registry Cleaner_is1) (Version: 6.21 - SuperEasy Software)
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\XmlLite.dll
(Systweak Inc) [File not signed] C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\RegcleanPro.DLL

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner
       Adds the file Chinese_rcp.ini"="11/17/2011 8:24 AM, 46574 bytes, A
       Adds the file CleanSchedule.exe"="11/17/2011 8:46 AM, 776104 bytes, A
       Adds the file unins000.dat"="9/29/2020 8:34 AM, 39851 bytes, A
       Adds the file unins000.exe"="9/29/2020 8:34 AM, 1519528 bytes, A
       Adds the file unins000.msg"="9/29/2020 8:34 AM, 20903 bytes, A
       Adds the file xmllite.dll"="11/19/2010 11:03 AM, 126976 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software\SuperEasy Registry Cleaner
       Adds the file Register SuperEasy Registry Cleaner.lnk"="9/29/2020 8:34 AM, 1399 bytes, A
       Adds the file SuperEasy Registry Cleaner.lnk"="9/29/2020 8:34 AM, 1373 bytes, A
       Adds the file Uninstall SuperEasy Registry Cleaner.lnk"="9/29/2020 8:34 AM, 1358 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\SuperEasy\Registry Cleaner
       Adds the file eng_rcp.dat"="9/29/2020 8:34 AM, 32760 bytes, A
       Adds the file log_09-29-2020.log"="9/29/2020 8:34 AM, 0 bytes, A
       Adds the file results.rcp"="9/29/2020 8:35 AM, 16238 bytes, A
    In the existing folder C:\Users\{username}\Desktop
       Alters the file SuperEasy.exe
        7/11/1601 2:25 AM, 3767784 bytes, A ==> 7/11/1601 2:25 AM, 3767784 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file SuperEasy Registry Cleaner.lnk"="9/29/2020 8:34 AM, 1349 bytes, A
    In the existing folder C:\Windows\System32
       Adds the file roboot64.exe"="11/17/2011 8:46 AM, 18856 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file SuperEasy Registry Cleaner"="9/29/2020 8:34 AM, 3202 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SuperEasy Registry Cleaner_is1]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\supereasyrc.exe"
       "DisplayName"="REG_SZ", "SuperEasy Registry Cleaner"
       "DisplayVersion"="REG_SZ", "6.21"
       "EstimatedSize"="REG_DWORD", 15117
       "HelpLink"="REG_SZ", "http://www.SuperEasy.net"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner"
       "Inno Setup: Icon Group"="REG_SZ", "SuperEasy Software\SuperEasy Registry Cleaner"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Setup Version"="REG_SZ", "5.4.1 (u)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20200929"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\"
       "MajorVersion"="REG_DWORD", 6
       "MinorVersion"="REG_DWORD", 21
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "SuperEasy Software"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\SuperEasy Software\SuperEasy Registry Cleaner\unins000.exe" /silent"
       "URLInfoAbout"="REG_SZ", "http://www.SuperEasy.net"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SuperEasy\Registry Cleaner]
       "RCPURL"="REG_SZ", "http://r.ashampoo.com/r.php?id=77864&ri=b0kc&utm_source=supereasy&utm_campaign=default&utm_medium=newbuild"
       "RENEWALURL"="REG_SZ", "http://r.ashampoo.com/r.php?id=77865&utm_source=supereasy&utm_campaign=default&utm_medium=newbuild"
       "utm_campaign"="REG_SZ", "default"
       "utm_medium"="REG_SZ", "newbuild"
       "utm_source"="REG_SZ", "supereasy"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SuperEasy\Registry Cleaner\LANG]
       "LangID"="REG_DWORD", 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\RegClean Pro\Version 6.1]
       "Expired"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\Licenses]
       "{0C897F84B22AC53F6}"="REG_BINARY, ....................................................................
       "{IC897F84B22AC53F6}"="REG_BINARY, ..
       "{K7C0DB872A3F777C0}"="REG_BINARY, ......................................................................
       "{R7C0DB872A3F777C0}"="REG_BINARY, ..
    [HKEY_CURRENT_USER\Software\SuperEasy\Registry Cleaner]
       "AutoRepair"="REG_DWORD", 0
       "ConfirmBkUps"="REG_DWORD", 1
       "CurrentScanTime"="REG_BINARY, .....#..
       "GoToSystemTrayOnClose"="REG_DWORD", 0
       "ImprovementProgram"="REG_DWORD", 1
       "NumTimesRCPRunned"="REG_DWORD", 1
       "RegErrFoundTillDate"="REG_DWORD", 0
       "RegErrsFixedLast"="REG_DWORD", 0
       "RegErrsFixedTillDate"="REG_DWORD", 0
       "ScheduledTime"="REG_SZ", ""
       "SetChkREmovableMedia"="REG_DWORD", 1
       "SetChkSkipEmptyKeys"="REG_DWORD", 1
       "StartAutoScanPMUI"="REG_DWORD", 0
       "StartMinimized"="REG_DWORD", 0
       "StartScan"="REG_DWORD", 0
       "StartWhenWinBoots"="REG_DWORD", 1
       "StrLastOptimizeTime"="REG_SZ", ""
       "StrLastScan"="REG_SZ", "Tue. September 29, 2020. 08:35 AM"
       "StrLastScanResults"="REG_SZ", "43"
       "StrLastStartupOpt"="REG_SZ", ""
       "StrLatestRegDefrag"="REG_SZ", ""
       "StrLatestRestorePoint"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\SuperEasy\Registry Cleaner\LANG]
       "LangCode"="REG_SZ", "en"
       "LangID"="REG_DWORD", 0
    [HKEY_CURRENT_USER\Software\Systweak\RegClean Pro]
       "ErrorCount"="REG_DWORD", 43
       "IsTrial"="REG_DWORD", 1

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/29/20
Scan Time: 8:43 AM
Log File: 16d5264e-021f-11eb-a053-00ffdcc6fdfc.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1045
Update Package Version: 1.0.30542
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 231715
Threats Detected: 14
Threats Quarantined: 14
Time Elapsed: 4 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.SysTweak, C:\PROGRAM FILES (X86)\SUPEREASY SOFTWARE\SUPEREASY REGISTRY CLEANER\SUPEREASYRC.EXE, Quarantined, 814, 861327, , , , , 76E5B66A45CBB3EFB5763575DBBF597B, D50717671D105613A137A5E2BECAA092505DF838E6216DEC350C93838DCDB1DD

Module: 1
PUP.Optional.SysTweak, C:\PROGRAM FILES (X86)\SUPEREASY SOFTWARE\SUPEREASY REGISTRY CLEANER\SUPEREASYRC.EXE, Quarantined, 814, 861327, , , , , 76E5B66A45CBB3EFB5763575DBBF597B, D50717671D105613A137A5E2BECAA092505DF838E6216DEC350C93838DCDB1DD

Registry Key: 5
PUP.Optional.RegCleanerPro, HKCU\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, 1651, 242268, 1.0.30542, , ame, , , 
PUP.Optional.SysTweak, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SuperEasy Registry Cleaner, Quarantined, 814, 861327, , , , , , 
PUP.Optional.SysTweak, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8C08BC94-5738-49EC-A79C-69AE64257B61}, Quarantined, 814, 861327, , , , , , 
PUP.Optional.SysTweak, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{8C08BC94-5738-49EC-A79C-69AE64257B61}, Quarantined, 814, 861327, , , , , , 
PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, Quarantined, 4444, 242275, 1.0.30542, , ame, , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 7
PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\ROBOOT64.EXE, Quarantined, 814, 395666, 1.0.30542, , ame, , 979745F32FA2D0EE59173B9D94A21FC2, 79F499A1DA3054154FC404AA2129161DCD1B3D4441DDE3468A72D2FEE6DC6AB8
PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\TASKS\SuperEasy Registry Cleaner, Quarantined, 814, 861327, , , , , 06A20E422C4339B7DA82835CE4927FCB, CA89761E99811693409494E10DED0A667D6C899B2380F102E4286902CC2F1706
PUP.Optional.SysTweak, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\SuperEasy Registry Cleaner.lnk, Quarantined, 814, 861327, , , , , 37C3732B7EB167E7D5930E2E4A63ECCD, 3FFD2460AC096CE5DD03D5A5E7B8A96F8D5D8B5A1F821FE6E8512E91E7511C86
PUP.Optional.SysTweak, C:\USERS\PUBLIC\Desktop\SuperEasy Registry Cleaner.lnk, Quarantined, 814, 861327, , , , , 37C3732B7EB167E7D5930E2E4A63ECCD, 3FFD2460AC096CE5DD03D5A5E7B8A96F8D5D8B5A1F821FE6E8512E91E7511C86
PUP.Optional.SysTweak, C:\PROGRAM FILES (X86)\SUPEREASY SOFTWARE\SUPEREASY REGISTRY CLEANER\SUPEREASYRC.EXE, Quarantined, 814, 861327, 1.0.30542, , ame, , 76E5B66A45CBB3EFB5763575DBBF597B, D50717671D105613A137A5E2BECAA092505DF838E6216DEC350C93838DCDB1DD
PUP.Optional.SysTweak, C:\USERS\{username}\DESKTOP\SUPEREASY.EXE, Quarantined, 814, 861327, 1.0.30542, , ame, , 9E8EECE0556D0E10EE191B03400C47F4, BD44AEA9E37A79B035741474ED87244C49F93D8A1600CF1D29CD84F054E05BC9
PUP.Optional.SysTweak, C:\USERS\{username}\DESKTOP\SUPEREASYSETUP\SUPEREASY.EXE, Quarantined, 814, 861327, 1.0.30542, , ame, , 9E8EECE0556D0E10EE191B03400C47F4, BD44AEA9E37A79B035741474ED87244C49F93D8A1600CF1D29CD84F054E05BC9

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.