RegDefense
RegDefense portrays itself as a legitimate registry repair software, generally installed manually by the user due to inexperience or faulty advertising. Once installed, RegDefense will scan the registry for any problems, and then display fictitious and sometimes grossly exaggerated infection results.
File System Details
RegDefense may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %ProgramFiles%\Registry Defense\prep.cmd | |
| 2. | %UserProfile%\Start Menu\Programs\Uninstall Registry Defense.lnk | |
| 3. | %ProgramFiles%\Registry Defense\RegistryDefense.exe.manifest | |
| 4. | %UserProfile%\Start Menu\Programs\Registry Defense.lnk | |
| 5. | %UserProfile%\Desktop\Registry Defense.lnk | |
| 6. | %ProgramFiles%\Registry Defense\Logs | |
| 7. | %UserProfile%\Start Menu\Programs\Help and Support.url | |
| 8. | %UserProfile%\Start Menu\Programs\Upgrade Registry Defense.url |
Registry Details
RegDefense may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryDefense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"RDListener" = "%PROGRAMS_FILES%\Registry Defense\RDListener.exe"
HKEY_CURRENT_USER\Software\Sysinternals\PsKill\"EulaAccepted" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"RDAgent" = "%PROGRAMS_FILES%\Registry Defense\RDAgent.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\RegistryDefense
