If you decided to "fix" these "issues", there was more fake activity to make it look like something was happening. The end result is the problem count would increase over time, sort-of simulating real life, but none of them represented any real issue on your PC.
When you ran a scan later, it checked how many days had elapsed since your last check, and if this was more than a fixed figure - 15 for shared DLLs, 25 for services etc - it added the keys in that section to the list. The program was writing the date it scanned a particular area of the Registry, such as your shared DLLs. The secret turned out to be childishly simple. This allowed us to follow the logic of the program's code, and see exactly what it was doing. NET program, we tried opening it in DnSpy, a. Even when it was supposedly "fixing" these "issues", nothing was ever deleted.Īs Clean PC Smart is a.
Suspicious, so we used Sysinternals Process Monitor to watch what Clean PC Smart was doing during its Registry scanning and cleaning, and found it was just reading the same keys, over, and over, and over again. Most maintenance programs will find more "issues" immediately, either because they were unable to delete everything they found last time, or removing Registry keys has created more inconsistencies, but Clean PC Smart claimed there were now no problems at all. We asked Clean PC Smart to "fix" these issues anyway, and ran more scans. The program starts its "scan" immediately, and quickly delivered an almost useless report: "Registry Cleaner" listed thousands of legitimate keys, "Windows Startup" contained only four items from a single Registry key (even Task Manager listed 21), the "Browser Add-Ons" page actually referred to internet history files, the "Task Manager" section was a static list of running processes, and so on. Network capture tool Colasoft Capsa showed how Clean PC Smart attempted to compromise our privacy on its first launch by obtaining our IP address, computer name and network adapter's MAC address, then uploading them to its own server. We started by using Sysinternals Process Monitor to track what the program did during installation and its first run, and noticed that it buried its settings under a Microsoft key, where they'd be very difficult to spot: "HKEY_CURRENT_USER\SOFTWARE\Microsoft\SecurityXX". Other major review sites didn't seem to be concerned and listed the program immediately, but we decided to investigate a little further. We first noticed the program in October, when it quickly raised concerns: new product, new website, unknown developer, no reviews, no clarity at all about the program license or functions.
0 kommentar(er)
