PUA_TUNEUP.GA
RiskTool.Win32.Tuneup.b (Kaspersky); RiskTool.Tuneup (QuickHeal)
Windows
Tipo de malware
Potentially Unwanted Application
Destructivo?
No
Cifrado
In the Wild:
Sí
Resumen y descripción
Puede haberlo instalado manualmente un usuario.
Detalles técnicos
Detalles de entrada
Puede haberlo instalado manualmente un usuario.
Instalación
Infiltra los archivos siguientes:
- %Application Data%\ASP\aspsetup.exe
- %Application Data%\Systweak\Advanced System Protector\ASPLog.txt
- %Application Data%\Systweak\Advanced System Protector\QDetail.db
- %Application Data%\Systweak\Advanced System Protector\QDetail.db-journal
- %Application Data%\Systweak\Advanced System Protector\Settings.db
- %Application Data%\Systweak\Advanced System Protector\Settings.db-journal
- %Application Data%\Systweak\Advanced System Protector\Update.ini
- %Application Data%\Systweak\Advanced System Protector\Utility_kit.ini
- %Application Data%\Tuneup Pro\ExcludeList.rcp
- %Application Data%\Tuneup Pro\TempHLList.rcp
- %Application Data%\Tuneup Pro\backup3.bin
- %Application Data%\Tuneup Pro\backup6.bin
- %Application Data%\Tuneup Pro\eng_rcp.dat
- %Application Data%\Tuneup Pro\log_06-21-2018.log
- %Application Data%\Tuneup Pro\results.rcp
- %Desktop%\Advanced System Protector.lnk
- %Desktop%\Tuneup Pro.lnk
- %Program Files%\Advanced System Protector\unins000.dat
- %Program Files%\Advanced System Protector\unins000.msg
- %Program Files%\Tuneup Pro\unins000.dat
- %Program Files%\Tuneup Pro\unins000.msg
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Advanced System Protector.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Register Advanced System Protector.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Uninstall Advanced System Protector.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\Tuneup Pro\Register Tuneup Pro.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\Tuneup Pro\Tuneup Pro.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\Tuneup Pro\Uninstall Tuneup Pro.lnk
- %System%\roboot.exe
- %System%\sasnative32.exe
- %User Temp%\is-{random characters}.tmp\_isetup\_iscrypt.dll
- %User Temp%\is-{random characters}.tmp\_isetup\_shfoldr.dll
- %User Temp%\is-{random characters}.tmp\aspsetup.tmp
- %User Temp%\is-{random characters}.tmp\isxdl.dll
- %User Temp%\is-{random characters}.tmp\roboot.exe
- %User Temp%\is-{random characters}.tmp\sasnative32.exe
- %Windows%\Tasks\Tuneup Pro_DEFAULT.job
- %Windows%\Tasks\Tuneup Pro_UPDATES.job
(Nota: %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data).
. %Desktop% es la carpeta Escritorio del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}\Escritorio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Escritorio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Escritorio).. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).. %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows XP y Server 2003 en C:\Windows\System32).. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).. %Windows% es la carpeta de Windows, que suele estar en C:\Windows o C:\WINNT).)Otras modificaciones del sistema
Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_CURRENT_USER\Software
Systweak =
HKEY_CURRENT_USER\Software\Systweak
Advanced System Protector =
HKEY_CURRENT_USER\Software\Systweak
params =
HKEY_CURRENT_USER\Software
Tune =
HKEY_CURRENT_USER\Software\Tune
up =
HKEY_CURRENT_USER\Software\Tune\
up
pro =
HKEY_CURRENT_USER\Software\Tune\
up\pro
key =
HKEY_CURRENT_USER\Software\Tune\
up\pro\key
6 =
HKEY_CURRENT_USER\Software
Tuneup Pro =
HKEY_CURRENT_USER\Software\Tuneup Pro
Pro\LANG =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall
Tuneup Pro_is1 =
HKEY_LOCAL_MACHINE\SOFTWARE
Systweak =
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak
Advanced System Protector =
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
LANG =
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak
Params =
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak
aso3 =
HKEY_LOCAL_MACHINE\SOFTWARE
Tuneup Pro =
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro
LANG =
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
2.3.1000.24108 =
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
LANG =
Agrega las siguientes entradas de registro:
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
Expired = 0
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
InstalledPath = %Program Files%\Advanced System Protector
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
IsFreeCleanDone = 0
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
Key = ""
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
MaxFixLimit = 0
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
REGVER = 0
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
REGVER-UNINSTALL = 0
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
TELNO = (855) 716-7026
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
TELNOFR = ""
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
affiliateid = 9407
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
utm_campaign = default
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
utm_days = ""
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
utm_medium = newbuild
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
utm_source = systweak
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector
x-at = ""
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector\LANG
LangCode = en
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector\LANG
LangID = 0
HKEY_CURRENT_USER\Software\Systweak\
Advanced System Protector\LANG
LangId = 0
HKEY_CURRENT_USER\Software\Systweak\
params
ASPInstalledPath = %Program Files%\Advanced System Protector
HKEY_CURRENT_USER\Software\Tune\
up\pro\key\
6
(Default) = {hex values}
HKEY_CURRENT_USER\Software\Tuneup Pro
AutoRepair = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
ConfirmBkUps = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
CurrentScanTime = {hex values}
HKEY_CURRENT_USER\Software\Tuneup Pro
ErrorCount = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
ErrorCount = 219
HKEY_CURRENT_USER\Software\Tuneup Pro
FirstRun = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
GoToSystemTrayOnClose = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
ImprovementProgram = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
NumTimesRCPRunned = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
RegErrFoundTillDate = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
RegErrFoundTillDate = 219
HKEY_CURRENT_USER\Software\Tuneup Pro
RegErrsFixedLast = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
RegErrsFixedTillDate = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
ScheduledTime = ""
HKEY_CURRENT_USER\Software\Tuneup Pro
SetChkDontShowRedTrayPopup = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
SetChkREmovableMedia = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
SetChkSkipEmptyKeys = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
SetEnableSound = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
StartAutoScanOnLaunch = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
StartAutoScanPMUI = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
StartAutoScanPMUI = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
StartAutoTutorial = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
StartMinimized = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
StartScan = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
StartWhenWinBoots = 1
HKEY_CURRENT_USER\Software\Tuneup Pro
StrLastOptimizeTime = ""
HKEY_CURRENT_USER\Software\Tuneup Pro
StrLastScan = ""
HKEY_CURRENT_USER\Software\Tuneup Pro
StrLastScan = {date}
HKEY_CURRENT_USER\Software\Tuneup Pro
StrLastScanResults = 0
HKEY_CURRENT_USER\Software\Tuneup Pro
StrLastScanResults = 219
HKEY_CURRENT_USER\Software\Tuneup Pro
StrLastStartupOpt = ""
HKEY_CURRENT_USER\Software\Tuneup Pro
StrLatestRegDefrag = ""
HKEY_CURRENT_USER\Software\Tuneup Pro
StrLatestRestorePoint = ""
HKEY_CURRENT_USER\Software\Tuneup Pro
TrialType = 0
HKEY_CURRENT_USER\Software\Tuneup Pro\
LANG
LangCode = en
HKEY_CURRENT_USER\Software\Tuneup Pro\
LANG
LangID = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
DisplayIcon = %Program Files%\Tuneup Pro\TuneupPro.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
DisplayName = Tuneup Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
DisplayVersion = 1.08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
EstimatedSize = 12162
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
HelpLink = http://www.tuneuppro.com/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
Inno Setup: App Path = %Program Files%\Tuneup Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
Inno Setup: Icon Group = Tuneup Pro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
Inno Setup: Language = en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
Inno Setup: Setup Version = 5.5.1 (u)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
Inno Setup: User = {user name}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
InstallDate = {install date}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
InstallLocation = %Program Files%\Tuneup Pro\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
MajorVersion = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
MinorVersion = 8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
NoModify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
NoRepair = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
Publisher = tuneuppro.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
QuietUninstallString = "%Program Files%\Tuneup Pro\unins000.exe" /SILENT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
URLInfoAbout = http://www.tuneuppro.com/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
UninstallString = "%Program Files%\Tuneup Pro\unins000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Tuneup Pro_is1
UninstallString = "%Program Files%\Tuneup Pro\unins000.exe" /silent
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
BuyNowURL = http://www.systweak.com/antispyware/iprice.asp?
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
BuyNowURLADU = http://powerbundle.systweak.com/pb/price/?pname=adu&
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
BuyNowURLASP = http://powerbundle.systweak.com/pb/price/?pname=asp&
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
BuyNowURLPB = http://powerbundle.systweak.com/PB/purchase/?pname=asp&
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
BuyNowURLRCP = http://powerbundle.systweak.com/pb/price/?pname=rcp&
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
Expired = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
InstalledPath = %Program Files%\Advanced System Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
IsScanOptional = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
Key = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
MaxFixLimit = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
NoLPHIconNeeded = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
REGVER = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
REGVER-UNINSTALL = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
RenewNowURL = http://www.systweak.com/antispyware/renewal.asp?
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
RenewNowURLADU = http://powerbundle.systweak.com/pb/renewal/?pname=adu&
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
RenewNowURLASP = http://powerbundle.systweak.com/pb/renewal/?pname=asp&
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
RenewNowURLPB = http://powerbundle.systweak.com/PB/pbrenewal/?pname=asp&
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
RenewNowURLRCP = http://powerbundle.systweak.com/pb/renewal/?pname=rcp&
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
TELNO = (855) 716-7026
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
TELNOFR = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
affiliateid = 9407
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
afterInstallUrl = http://powerbundle.systweak.com/ASP/firstinstall/?newasp=1&utm_content=AfterInstall&utm_term=Setup&page=install&
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
isphone = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
issilent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
showbc = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
showfth = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
showfthsetting = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
showpb = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
showsadtab = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
showsm = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
showutk = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
support_email = support@systweak.com
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
utm_campaign = default
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
utm_medium = newbuild
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
utm_source = systweak
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector
x-at = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector\LANG
LangCode = en
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector\LANG
LangID = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Advanced System Protector\LANG
LangId = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Params
ASPInstalledPath = %Program Files%\Advanced System Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Params
TELNO = (855) 716-7026
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Params
affiliateid = 9407
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Params
utm_campaign = default
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Params
utm_medium = newbuild
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Params
utm_source = systweak
HKEY_LOCAL_MACHINE\SOFTWARE\Systweak\
Params
x-at = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Tune\
up\pro\key\
6
(Default) = {hex values}
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro
Expired = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro
FirstTimeASPFired = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro
InstallASP = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro
LaunchASP = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro
MaxFixLimit = 15
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro
ShowExitPage = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro
TELNO = (855) 973-2093
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro
affiliateid = 9407
HKEY_LOCAL_MACHINE\SOFTWARE\Tuneup Pro\
LANG
LangID = 0