PUP.Optional.PerfectRegistry

Short bio

PUP.Optional.PerfectRegistry is Malwarebytes’ detection name for a specific registry cleaner called Perfect Registry 2.0. The use of registry cleaners is not advisable and some of them  use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems. PerfectRegistry is a member of a family of Windows system optimizers that can be recognized by the GUI and the use of the file roboot64.exe.

PerfectRegistry GUI

GUI of PerfectRegistry


                   
        

                                           
        

                    
            
Symptoms

            
PUP.Optional.PerfectRegistry uses several Scheduled Tasks to gain persistence and users may notice the icon in their taskbar, startmenu, and on their desktop. And find the software listed in their list of installed programs and features.


Scheduled Tasks
Scheduled Tasks for PerferctRegistry


PerfectRegistry icon
icons PerfectRegistry


listed software
PerfectRegistry entry in list of installed Programs

                   
        

                                           
        

                    
            
Type and source of infection

            
PUP.Optional.PerfectRegistry is usually installed by the user themselves due to advertising.


perfectregistry website
Raxco website advertising PerfectRegistry

                   
        

                                           
        

                    
            
Protection

            
Malwarebytes protects users against PUP.Optional.PerfectRegistry by stopping the installer.


PerfectRegistry protection
Malwarebytes blocks the PerfectRegsitry installer

                   
        

                                           
        

                    
            
Remediation

            
Malwarebytes can detect and remove this potentially unwanted application without further user interaction.


    

  1. Please download Malwarebytes to your desktop.
    2. 

  2. Double-click MBSetup.exe and follow the prompts to install the program.
    3. 

  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
    4. 

  4. Click on the Get started button.
    5. 

  5. Click Scan to start a Threat Scan.
    6. 

  6. Click Quarantine to remove the found threats.
    7. 

  7. Reboot the system if prompted to complete the removal process.
    8. 


                   
        

                                           
        

                    
            
Malwarebytes removal log

            
The Malwarebytes removal log will look similar to this:

Malwarebytes log:


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/14/18
Scan Time: 9:19 AM
Log File: c47a3d42-115f-11e8-9439-080027750297.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3948
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 242410
Threats Detected: 62
Threats Quarantined: 61
Time Elapsed: 2 min, 24 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe, Quarantined, [1013], [395661],1.0.3948

Module: 4
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\isxdl.dll, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\RegCleanPro.dll, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\xmllite.dll, Quarantined, [1013], [395661],1.0.3948

Registry Key: 12
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PerfectRegistry, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{20E5E4B6-666E-4527-A04A-824F3CC589A2}, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{20E5E4B6-666E-4527-A04A-824F3CC589A2}, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PerfectRegistry_DEFAULT, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{099B320F-06C7-477E-B862-1C05011E2A85}, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{099B320F-06C7-477E-B862-1C05011E2A85}, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PerfectRegistry_UPDATES, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D1A5B052-CF3A-4C42-B8E4-EE4211AE6A5A}, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D1A5B052-CF3A-4C42-B8E4-EE4211AE6A5A}, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PerfectRegistry_is1, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, HKCU\SOFTWARE\RAXCO\PerfectRegistry, Quarantined, [1013], [395667],1.0.3948
PUP.Optional.PerfectRegistry, HKLM\SOFTWARE\WOW6432NODE\RAXCO\PerfectRegistry, Quarantined, [1013], [396319],1.0.3948

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.PerfectRegistry, C:\PROGRAM FILES (X86)\RAXCO\PERFECTREGISTRY, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\RAXCO\PERFECTREGISTRY, Quarantined, [1013], [395662],1.0.3948
PUP.Optional.PerfectRegistry, C:\USERS\{username}\APPDATA\ROAMING\RAXCO\PERFECTREGISTRY, Removal Failed, [1013], [396318],1.0.3948

File: 42
PUP.Optional.PerfectRegistry, C:\USERS\PUBLIC\DESKTOP\PERFECTREGISTRY.LNK, Quarantined, [1013], [395663],1.0.3948
PUP.Optional.PerfectRegistry, C:\WINDOWS\TASKS\PerfectRegistry_DEFAULT.job, Quarantined, [1013], [395665],1.0.3948
PUP.Optional.PerfectRegistry, C:\WINDOWS\TASKS\PerfectRegistry_UPDATES.job, Quarantined, [1013], [395665],1.0.3948
PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\ROBOOT64.EXE, Quarantined, [217], [395666],1.0.3948
PUP.Optional.PerfectRegistry, C:\WINDOWS\SYSTEM32\TASKS\PerfectRegistry, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, C:\WINDOWS\SYSTEM32\TASKS\PerfectRegistry_DEFAULT, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, C:\WINDOWS\SYSTEM32\TASKS\PerfectRegistry_UPDATES, Quarantined, [1013], [395664],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Chinese_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\CleanSchedule.exe, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Danish_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Dutch_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\eng_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Finnish_rcp_fi.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\French_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\German_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\greek_rcp_el.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\install_left_image.bmp, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\isxdl.dll, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Italian_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Japanese_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\korean_rcp_ko.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Norwegian_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\polish_rcp_pl.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\portugese_rcp_pt.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Portuguese_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\PRUninstall.exe, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\RegCleanPro.dll, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\russian_rcp_ru.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Spanish_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\Swedish_rcp.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\TraditionalCn_rcp_zh-tw.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\turkish_rcp_tr.ini, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\unins000.dat, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\unins000.exe, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\unins000.msg, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\Program Files (x86)\Raxco\PerfectRegistry\xmllite.dll, Quarantined, [1013], [395661],1.0.3948
PUP.Optional.PerfectRegistry, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raxco\PerfectRegistry\PerfectRegistry.lnk, Quarantined, [1013], [395662],1.0.3948
PUP.Optional.PerfectRegistry, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raxco\PerfectRegistry\Uninstall PerfectRegistry.lnk, Quarantined, [1013], [395662],1.0.3948
PUP.Optional.PerfectRegistry, C:\Users\{username}\AppData\Roaming\Raxco\PerfectRegistry\log_02-14-2018.log, Quarantined, [1013], [396318],1.0.3948
PUP.Optional.PerfectRegistry, C:\Users\{username}\AppData\Roaming\Raxco\PerfectRegistry\results.rcp, Quarantined, [1013], [396318],1.0.3948
PUP.Optional.PerfectRegistry, C:\USERS\{username}\DESKTOP\PRSETUP.EXE, Quarantined, [1013], [395680],1.0.3948

Physical Sector: 0
(No malicious items detected)


(end)


                   
        

                                           
        

                    
            
Add an exclusion

            
Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.


    

  • Open Malwarebytes for Windows.
    • 

  • Click the Detection History
    • 

  • Click the Allow List
    • 

  • To add an item to the Allow List, click Add.
    • 

  • Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
    • 

  • Repeat this for any secondary files or folder(s) that belong to the software.
    • 



If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.

                   
        

                                           
        

                    
            
Traces/IOCs

            
Possible entries in a FRST log

(Raxco Software, Inc.) C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe
 C:\Windows\System32\Tasks\PerfectRegistry
 C:\Windows\System32\Tasks\PerfectRegistry_UPDATES
 C:\Windows\System32\Tasks\PerfectRegistry_DEFAULT
 C:\Users\Public\Desktop\PerfectRegistry.lnk
 C:\Windows\Tasks\PerfectRegistry_UPDATES.job
 C:\Windows\Tasks\PerfectRegistry_DEFAULT.job
 C:\Users\{username}\AppData\Roaming\Raxco
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raxco
 C:\Program Files (x86)\Raxco
 (Raxco Software, Inc) C:\Windows\system32\roboot64.exe

PerfectRegistry (HKLM-x32\...\PerfectRegistry_is1) (Version: 2.0 - Raxco Software Inc)
Task: {099B320F-06C7-477E-B862-1C05011E2A85} - System32\Tasks\PerfectRegistry_DEFAULT => C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe [2015-07-16] (Raxco Software, Inc.)
Task: {20E5E4B6-666E-4527-A04A-824F3CC589A2} - System32\Tasks\PerfectRegistry => C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe [2015-07-16] (Raxco Software, Inc.)
Task: {D1A5B052-CF3A-4C42-B8E4-EE4211AE6A5A} - System32\Tasks\PerfectRegistry_UPDATES => C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe [2015-07-16] (Raxco Software, Inc.)
Task: C:\Windows\Tasks\PerfectRegistry_DEFAULT.job => C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe
Task: C:\Windows\Tasks\PerfectRegistry_UPDATES.job => C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe

Files: PerfectRegistry.exe, roboot64.exe
Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Raxco\PerfectRegistry
Domain: raxco.com

                   
        

                                                   
            
            
                        
             
            
            
          

          

            
           
            

                          
            
                                                   
                                                   
                                                   
                                                   
                                                   
                                                   
                                                   
                                                   
                                             
            
Related blog content

            
Registry Cleaners: Digital Snake Oil


Malwarebytes gets tougher on PUPs

            
                   
                                          

         
            
          

        

      

    

  





















  

    

      

     
        
Select your language