home

rchelper.exe

Registry Clean Expert

CleanMyPC Software

The application rchelper.exe, “RegClean Expert Scheduler” by CleanMyPC Software has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RegClean Expert Scheduler’. This file is typically installed with the program Registry Clean Expert by iExpert Software.
Publisher:
iExpert Software  (signed by CleanMyPC Software)

Product:
Registry Clean Expert

Description:
RegClean Expert Scheduler

Version:
4, 7, 5, 0

MD5:
90097480c9120677f12a1690f945f328

SHA-1:
594a016b2682646f254dcc85dcca4276b9f6d330

SHA-256:
250f41c6f91d7210bf84a99b398b9b9449bd269104a048cfee4a644eff580d10

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/27/2024 1:16:56 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Heuristic-210
v6.-

Reason Heuristics
Win32.Generic
16.1.12.15

Vba32 AntiVirus
suspected of Win32.BrokenEmbeddedSignature
16.01.12

File size:
588.2 KB (602,360 bytes)

Product version:
4, 7, 5, 0

Copyright:
Copyright (C) 2001-2009

Original file name:
RCScheduler.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\registry clean expert\rchelper.exe

Digital Signature
Signed by:
CleanMyPC Software

Authority:
The USERTRUST Network

Valid from:
3/29/2007 5:00:00 PM

Valid to:
3/29/2010 4:59:59 PM

Subject:
CN=CleanMyPC Software, O=CleanMyPC Software, STREET="Room 305, Building 01B, MuXuYuan Street 66#", L=NanJing, S=JiangSu, PostalCode=210007, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A8AC359D82019ABB29423B87491BA8C5

File PE Metadata
Compilation timestamp:
11/15/2009 12:52:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:36ffX8Q+3YoJOjFLyT+3PgjZ2S56b7MP+Dd2QTgy:KffXRCOjFOS3PgVQ7MP+h2Qsy

Entry address:
0x1000

Entry point:
68, 01, 70, 49, 00, E8, 01, 00, 00, 00, C3, C3, CF, D5, 37, C7, EC, C6, 4D, 2C, 31, 4D, 63, 12, 3C, 1E, 0E, 5E, 55, 7D, EA, 83, 7B, 92, 38, 0D, D8, 1B, D4, C1, E0, 7F, 7F, 07, 83, 60, DD, 81, 10, B4, 12, 0D, D8, 4B, 5C, 56, DE, 70, C8, A0, C2, F1, C6, 6A, 1B, E3, 79, 38, A7, 58, 95, A5, 91, 3B, FF, AE, 04, 83, C0, 37, 7F, 30, E4, 85, 5D, C4, 6B, AA, 32, 0B, 45, 76, 6F, A5, 6A, FE, 22, 83, 79, 17, 59, B8, 75, 66, B5, 2C, 54, 08, E4, 95, F2, FF, 3D, 08, D0, C2, 21, 5D, 48, DF, 59, B6, 7A, E0, EB, D3, CC, 36...
 
[+]

Entropy:
7.6212

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
172 KB (176,128 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RegClean Expert Scheduler

Command:
"C:\Program Files\registry clean expert\rchelper.exe" \startup


The file rchelper.exe has been discovered within the following program.

Registry Clean Expert  by iExpert Software
This is a 'registry cleaner' that is supposed to clean or fix a PC by removing invalid registry settings.
www.registry-clean.net
50% remove it
 
Powered by Should I Remove It?

Remove rchelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.