RegDefense

RegDefense portrays itself as a legitimate registry repair software, generally installed manually by the user due to inexperience or faulty advertising. Once installed, RegDefense will scan the registry for any problems, and then display fictitious and sometimes grossly exaggerated infection results.

File System Details

RegDefense may create the following file(s):
# File Name Detections
1. %ProgramFiles%\Registry Defense\prep.cmd
2. %UserProfile%\Start Menu\Programs\Uninstall Registry Defense.lnk
3. %ProgramFiles%\Registry Defense\RegistryDefense.exe.manifest
4. %UserProfile%\Start Menu\Programs\Registry Defense.lnk
5. %UserProfile%\Desktop\Registry Defense.lnk
6. %ProgramFiles%\Registry Defense\Logs
7. %UserProfile%\Start Menu\Programs\Help and Support.url
8. %UserProfile%\Start Menu\Programs\Upgrade Registry Defense.url

Registry Details

RegDefense may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryDefense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"RDListener" = "%PROGRAMS_FILES%\Registry Defense\RDListener.exe"
HKEY_CURRENT_USER\Software\Sysinternals\PsKill\"EulaAccepted" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"RDAgent" = "%PROGRAMS_FILES%\Registry Defense\RDAgent.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\RegistryDefense

Related Posts

Trending

Most Viewed

Loading...