rchelper.exe

Registry Clean Expert

CleanMyPC Software

The application rchelper.exe, “RegClean Expert Scheduler” by CleanMyPC Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RegClean Expert Scheduler’.
Publisher:
iExpert Software  (signed by CleanMyPC Software)

Product:
Registry Clean Expert

Description:
RegClean Expert Scheduler

Version:
4, 6, 4, 0

MD5:
b01650315258f7d0ba1f73198fe793f8

SHA-1:
b3e3bf0b3ad5c7dbf49817758d307474b3c2cace

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:38:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
17.2.16.17

File size:
592.7 KB (606,968 bytes)

Product version:
4, 6, 4, 0

Copyright:
Copyright (C) 2001-2009

Original file name:
RCScheduler.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\registry clean expert\rchelper.exe

Digital Signature
Authority:
The USERTRUST Network

Valid from:
3/29/2007 7:00:00 PM

Valid to:
3/29/2010 6:59:59 PM

Subject:
CN=CleanMyPC Software, O=CleanMyPC Software, STREET="Room 305, Building 01B, MuXuYuan Street 66#", L=NanJing, S=JiangSu, PostalCode=210007, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A8AC359D82019ABB29423B87491BA8C5

File PE Metadata
Compilation timestamp:
1/5/2009 12:55:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1000

Entry point:
68, 01, 70, 49, 00, E8, 01, 00, 00, 00, C3, C3, 69, E5, FA, 99, 70, D0, 10, 80, 9E, 18, 0A, 4B, E2, C6, B3, 32, F4, 5C, D7, 67, E6, F0, 28, 4D, 72, 07, 8E, 76, 8A, 8A, E7, F3, 36, 04, D0, 15, 46, 3B, 05, 54, 2D, 80, 3E, C1, 2D, AD, 43, 92, 32, B1, 24, FD, 57, BE, 91, 1F, C4, F9, 3E, 56, 6F, 71, F4, 7C, 44, 38, F6, 61, 2E, 27, 8C, 84, 6C, C1, DC, 36, C8, D4, 62, AF, 20, 3F, 6A, F4, F8, DE, B8, FB, 87, 12, 7D, B1, 5A, 7A, C9, 6F, E4, 8F, 0A, 88, 5D, 6D, EF, AB, 82, 46, 4B, E4, BA, E6, 1F, B6, C3, D6, 84, 8E...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
172 KB (176,128 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RegClean Expert Scheduler

Command:
"C:\Program Files\registry clean expert\rchelper.exe" \startup


Remove rchelper.exe - Powered by Reason Core Security