Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for PC SmartCare

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,001 posts
Content is republished with permission from Malwarebytes.

What is PC SmartCare?

PC SmartCare is a computer cleaner that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.

How do I know if I am affected by PC SmartCare?

This is how the main screen of the computer cleaner looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this type of windows during install:

warning1.png

warning2.png

and this type of screens during operations:

warning5.png

warning6.png

You may see this entry in your list of installed programs:

warning4.png

and this task in your list of Scheduled Tasks:

warning3.png

How did PC SmartCare get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website.

website.png

How do I remove PC SmartCare?

Users that installed PC SmartCare can uninstall it from the Windows "Apps and features" menu.
You can use our program Malwarebytes to scan for additional problems.
  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.
Is there anything else I need to do to get rid of PC SmartCare?
  • This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks.
What if I want to keep PC SmartCare?

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Heres how to do it.
  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary files or folder(s) that belong to the software.
If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you in dealing with this registry cleaner.

As you can see below the full version of Malwarebytes would have warned you against the PC SmartCare installer.

protection1.png


Technical details for experts

You may see these entries in FRST logs:

(Sutherland Global Services Inc -> ) C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByPCSmartCare.exe
(Sutherland Global Services Inc -> Sutherland Global Services, Inc.) C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe
Task: {CBBF4145-8F59-4B79-83A0-E8661C66CC2B} - System32\Tasks\RunAnswersByPCSmartcare => C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByPCSmartCare.exe [9362696 2018-08-24] (Sutherland Global Services Inc -> )
R2 AnswersByDownloadService; C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe [2579208 2018-03-05] (Sutherland Global Services Inc -> Sutherland Global Services, Inc.)
C:\Program Files (x86)\AnswersBy PC Smartcare
C:\Windows\system32\Tasks\RunAnswersByPCSmartcare
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC SmartCare.lnk
C:\Users\Public\Desktop\AnswersBy PC SmartCare.lnk
C:\ProgramData\Desktop\AnswersBy PC SmartCare.lnk
C:\Users\{username}\AppData\Roaming\AnswersBy PC SmartCare
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC Smartcare

AnswersBy PC Smartcare (HKLM-x32\...\{4137CB7D-7777-4374-BC93-CE7E7E72799E}) (Version: 1.2.0.9 - My Company) Hidden
AnswersBy PC Smartcare (HKLM-x32\...\AnswersBy PC Smartcare) (Version: 1.2.0.9 - Sutherland Global Services)
() [File not signed] C:\Program Files (x86)\AnswersBy PC Smartcare\libeay32.dll
(SQLite Development Team) [File not signed] C:\Program Files (x86)\AnswersBy PC Smartcare\sqlite3.dll
Alterations made by the installer:

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\AnswersBy PC Smartcare
       Adds the file AnswersByDownloadServiceLog.log"="10/2/2020 10:06 AM, 2449 bytes, A
       Adds the file AnswersByPCSmartCare.exe"="8/24/2018 1:25 PM, 9362696 bytes, A
       Adds the file AnswersByTA.exe"="8/24/2018 1:25 PM, 2430216 bytes, A
       Adds the file AnswersByUpdateService.exe"="3/5/2018 11:52 AM, 2579208 bytes, A
       Adds the file AnswersByUpdateSVC.exe"="3/5/2018 10:24 AM, 2575624 bytes, A
       Adds the file ApplicationStarter.exe"="9/27/2017 1:53 PM, 2227000 bytes, A
       Adds the file BPub.txt"="3/1/2017 12:32 PM, 916 bytes, A
       Adds the file Captions.txt"="6/12/2017 6:31 PM, 7214 bytes, A
       Adds the file CloudAccounts.txt"="5/29/2017 7:05 PM, 154 bytes, A
       Adds the file Config.xml"="4/3/2017 8:02 PM, 184 bytes, A
       Adds the file devcon32.exe"="9/27/2017 1:53 PM, 56320 bytes, A
       Adds the file devcon64.exe"="9/27/2017 1:53 PM, 81920 bytes, A
       Adds the file DiskCleaner.txt"="3/9/2017 5:14 PM, 9935 bytes, A
       Adds the file DomainList.txt"="5/23/2017 6:43 PM, 11107 bytes, A
       Adds the file ExcludeFolderList.txt"="3/21/2017 6:30 PM, 26205 bytes, A
       Adds the file faq.htm"="3/5/2018 10:24 AM, 23775 bytes, A
       Adds the file Featurecode.ini"="2/10/2017 6:38 PM, 3165 bytes, A
       Adds the file HashGuide.db"="10/2/2020 10:06 AM, 990208 bytes, A
       Adds the file IdealProcLog.txt"="10/2/2020 9:51 AM, 300 bytes, A
       Adds the file libeay32.dll"="9/27/2017 1:53 PM, 1552412 bytes, A
       Adds the file LP.txt"="3/1/2017 12:32 PM, 1654 bytes, A
       Adds the file Main.Db"="10/2/2020 10:07 AM, 165888 bytes, A
       Adds the file PCMTUpdateStart2.exe"="9/28/2017 4:00 PM, 2621344 bytes, A
       Adds the file PerformanceScanErrors.txt"="10/2/2020 10:07 AM, 2999 bytes, A
       Adds the file PerformanceScanLog.log"="10/2/2020 10:05 AM, 3579 bytes, A
       Adds the file ProcBy.dll"="7/20/2018 11:51 AM, 8255440 bytes, A
       Adds the file RefGuide.mdb"="10/2/2020 9:05 AM, 2260992 bytes, A
       Adds the file SafeFolders.txt"="3/21/2017 6:30 PM, 12890 bytes, A
       Adds the file ScanProcStepsLog.txt"="10/2/2020 10:07 AM, 418 bytes, A
       Adds the file SmartLeapServiceCenter.exe"="8/24/2018 1:38 PM, 7991712 bytes, A
       Adds the file SmtDBConfig.txt"="6/12/2017 6:31 PM, 43 bytes, A
       Adds the file SoftwareList.txt"="5/11/2017 2:59 PM, 9256 bytes, A
       Adds the file spyware.txt"="4/27/2017 3:51 PM, 0 bytes, A
       Adds the file spywareTTK.txt"="6/10/2017 7:30 PM, 306978 bytes, A
       Adds the file sqlite3.dll"="9/27/2017 1:53 PM, 658797 bytes, A
       Adds the file ssleay32.dll"="9/27/2017 1:53 PM, 268136 bytes, A
       Adds the file supportfiles.cab"="9/27/2017 1:53 PM, 101139 bytes, A
       Adds the file SystemInformation.xml"="10/2/2020 10:07 AM, 908 bytes, A
       Adds the file UpdateConfig.ini"="3/5/2018 10:49 AM, 505 bytes, A
       Adds the file UpdateConfig.txt"="3/5/2018 10:49 AM, 505 bytes, A
       Adds the file UpdateFiles.Cab"="6/6/2017 8:36 PM, 23527 bytes, A
       Adds the file VirusScanErrors.txt"="10/2/2020 10:07 AM, 0 bytes, A
       Adds the file WPub.txt"="5/11/2017 6:58 PM, 9740 bytes, A
       Adds the file WpubForMemory.txt"="3/1/2017 12:32 PM, 332 bytes, A
    Adds the folder C:\Program Files (x86)\AnswersBy PC Smartcare\Cache
    Adds the folder C:\Program Files (x86)\AnswersBy PC Smartcare\Logs\VirusRemoval_2020_10_02_10_05_50
       Adds the file 01_FilesCollected.csv"="10/2/2020 10:06 AM, 454496 bytes, A
       Adds the file 02_HashCollected.csv"="10/2/2020 10:06 AM, 95030 bytes, A
       Adds the file 03_RetunrListLocal.csv"="10/2/2020 10:06 AM, 100620 bytes, A
       Adds the file 04_ReturnListSgs.csv"="10/2/2020 10:06 AM, 100620 bytes, A
       Adds the file 05_ReturnListSmt.csv"="10/2/2020 10:06 AM, 7056 bytes, A
       Adds the file 05_ReturnListSmtAndSgs.csv"="10/2/2020 10:06 AM, 100637 bytes, A
       Adds the file 06_ReturnListBlackSignCheck.csv"="10/2/2020 10:06 AM, 13580 bytes, A
       Adds the file 07_FilesToUpload.csv"="10/2/2020 10:06 AM, 32130 bytes, A
       Adds the file 07A_Uploadinitiated.csv"="10/2/2020 10:07 AM, 5024 bytes, A
       Adds the file 08_UploadCompletionStatus.csv"="10/2/2020 10:07 AM, 3411 bytes, A
       Adds the file 09_UploadedResults.csv"="10/2/2020 10:07 AM, 2 bytes, A
       Adds the file 99_ScanProcessLog.csv"="10/2/2020 10:07 AM, 37885 bytes, A
       Adds the file ExFolders.txt"="10/2/2020 10:06 AM, 21658 bytes, A
       Adds the file FilesToUpload.txt"="10/2/2020 10:06 AM, 32130 bytes, A
       Adds the file FilesWithmd5.csv"="10/2/2020 10:06 AM, 30332 bytes, A
       Adds the file HashJsonReturnList.csv"="10/2/2020 10:06 AM, 11480 bytes, A
       Adds the file MFTallFiles.txt"="10/2/2020 10:06 AM, 141801 bytes, A
       Adds the file MFTfiles.txt"="10/2/2020 10:06 AM, 109051 bytes, A
       Adds the file SgsBlackAndWhiteFilesUploaded.xml"="10/2/2020 10:07 AM, 546407 bytes, A
       Adds the file UploadCloudDataResults.xml"="10/2/2020 10:07 AM, 45974 bytes, A
       Adds the file UploadTimeLog.csv"="10/2/2020 10:07 AM, 4401 bytes, A
       Adds the file VirusScanResult_in_ui.csv"="10/2/2020 10:07 AM, 2 bytes, A
    Adds the folder C:\Program Files (x86)\AnswersBy PC Smartcare\ServiceLogs
       Adds the file Co-10-02-2020-10-05-40-AM.xml"="10/2/2020 10:07 AM, 5616 bytes, A
    Adds the folder C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2}
       Adds the file instance.dat"="10/2/2020 9:04 AM, 104 bytes, AC
       Adds the file mia.lib"="8/24/2018 1:43 PM, 1335758 bytes, AC
       Adds the file PC Smartcare.dat"="10/2/2020 9:04 AM, 308 bytes, AC
       Adds the file PC Smartcare.exe"="8/24/2018 1:43 PM, 5985976 bytes, AC
       Adds the file PC Smartcare.lnk"="10/2/2020 9:04 AM, 475 bytes, AC
       Adds the file PC Smartcare.msi"="8/24/2018 1:43 PM, 790528 bytes, AC
       Adds the file PC Smartcare.par"="10/2/2020 9:04 AM, 3210 bytes, AC
       Adds the file PC Smartcare.res"="8/24/2018 1:43 PM, 6629664 bytes, AC
    In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs
       Adds the file AnswersBy PC SmartCare.lnk"="10/2/2020 9:04 AM, 1013 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC Smartcare
       Adds the file Uninstall AnswersBy PC Smartcare.lnk"="10/2/2020 9:04 AM, 801 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\AnswersBy PC SmartCare
       Adds the file test.xml"="10/2/2020 9:04 AM, 1555 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu
       Adds the file AnswersBy PC SmartCare.lnk"="10/2/2020 9:04 AM, 1013 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file AnswersBy PC SmartCare.lnk"="10/2/2020 9:04 AM, 1001 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file RunAnswersByPCSmartcare"="10/2/2020 9:05 AM, 3560 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\smtUploader]
       "ToolLogId"="REG_SZ", "5894493"
    [HKEY_LOCAL_MACHINE\SOFTWARE\VirusScanTest]
       "LocalLogsPath"="REG_SZ", "C:\Program Files (x86)\AnswersBy PC Smartcare\Logs\VirusRemoval_2020_10_02_10_05_50"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AnswersByPCSmartcare]
       "AutoFix"="REG_SZ", "Disabled"
       "EMail"="REG_SZ", "{username}@home.com"
       "exception_wsdl"="REG_SZ", "3"
       "FirstName"="REG_SZ", "Matt"
       "InternetState"="REG_SZ", "TRUE"
       "LastName"="REG_SZ", "Lica"
       "NextScheduledScan"="REG_SZ", "10/9/2020 9:05:28 AM"
       "PhoneNo"="REG_SZ", ""
       "PIN"="REG_SZ", "123465"
       "Scheduled"="REG_SZ", "WEEKLY,Friday,09:05"
       "Status"="REG_SZ", "0"
       "SubscriptionStatus"="REG_SZ", "0"
       "TaskSchedule"="REG_SZ", "1"
       "ToolUpFirstTime"="REG_SZ", "False"
       "Trail"="REG_SZ", "0"
       "ValidateDate"="REG_SZ", "10-02-2020 9:20:52 AM"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4137CB7D-7777-4374-BC93-CE7E7E72799E}]
       "AuthorizedCDFPrefix"="REG_SZ", ""
       "Comments"="REG_SZ", ""
       "Contact"="REG_SZ", ""
       "DisplayName"="REG_SZ", "AnswersBy PC Smartcare"
       "DisplayVersion"="REG_SZ", "1.2.0.9"
       "EstimatedSize"="REG_DWORD", 42358
       "HelpLink"="REG_SZ", ""
       "HelpTelephone"="REG_SZ", ""
       "InstallDate"="REG_SZ", "20201002"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\AnswersBy PC Smartcare"
       "InstallSource"="REG_SZ", "C:\Users\{username}\AppData\Local\Temp\mia1\"
       "Language"="REG_DWORD", 1033
       "NoModify"="REG_DWORD", 1
       "NoRemove"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "My Company"
       "Readme"="REG_SZ", ""
       "Size"="REG_SZ", ""
       "SystemComponent"="REG_DWORD", 1
       "UninstallString"="REG_SZ", "C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2}\PC Smartcare.exe"
       "URLInfoAbout"="REG_SZ", ""
       "URLUpdateInfo"="REG_SZ", ""
       "Version"="REG_DWORD", 16908288
       "VersionMajor"="REG_DWORD", 1
       "VersionMinor"="REG_DWORD", 2
       "WindowsInstaller"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnswersBy PC Smartcare]
       "Comments"="REG_SZ", ""
       "Contact"="REG_SZ", ""
       "DisplayIcon"="REG_SZ", "C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2}\PC Smartcare.exe"
       "DisplayName"="REG_SZ", "AnswersBy PC Smartcare"
       "DisplayVersion"="REG_SZ", "1.2.0.9"
       "HelpLink"="REG_SZ", ""
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\AnswersBy PC Smartcare"
       "ModifyPath"="REG_SZ", "C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2}\PC Smartcare.exe"
       "Publisher"="REG_SZ", "Sutherland Global Services"
       "UninstallString"="REG_SZ", ""C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2}\PC Smartcare.exe" REMOVE=TRUE MODIFY=FALSE"
       "URLUpdateInfo"="REG_SZ", ""
       "VersionMajor"="REG_DWORD", 1
       "VersionMinor"="REG_DWORD", 2
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AnswersByDownloadService]
       "Description"="REG_SZ", "AnswersBy PC Smartcare Updater which will updates all the files in the PC Smartcare folder"
       "DisplayName"="REG_SZ", "AnswersBy PC Smartcare Updater"
       "ErrorControl"="REG_DWORD", 0
       "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe" "
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
Malwarebytes protection log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/8/20
Protection Event Time: 8:08 AM
Log File: c0f638ac-092c-11eb-965e-080027235d76.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1061
Update Package Version: 1.0.30966
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
PUP.Optional.AnswersBy, C:\Downloads\PCSmartcare.exe, Quarantined, 9137, 862462, 1.0.30966, , ame, , E81ABDDE09AA23096E50BEDD15541473, 948231B1F605DF66A3582F6D098611B25C9611018B20A7FF8C622575EA3AE93F


(end)
As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.