RealSearch
RealSearch is a rogue security app that has been known to use creative measures to ultimately swindle computer users out of money. RealSearch may look similar to other known computer security programs and display messages that appear to have come from the Windows security center. Many of the deceptive tactics of RealSearch will make a computer user feel as if they need to purchase a full version of RealSearch to alleviate the issues at hand. Surprisingly RealSearch is completely unable to resolve these issues and is basically used as a scam tool. It is best that RealSearch be removed with a trusted spyware removal tool.
File System Modifications
- The following files were created in the system:
# File Name 1 %AllUsersProfile%\ 2 %AllUsersProfile%\.dll 3 %AllUsersProfile%\.exe 4 %AllUsersProfile%\Application Data\ 5 %AllUsersProfile%\Application Data\.dll 6 %AllUsersProfile%\Application Data\.exe 7 %AllUsersProfile%\Application Data\~r 8 %AllUsersProfile%\~ 9 %AllUsersProfile%\~r 10 %UserProfile%\Desktop\RealSearch.lnk 11 %UserProfile%\Start Menu\Programs\RealSearch\ 12 %UserProfile%\Start Menu\Programs\RealSearch\RealSearch.lnk 13 %UserProfile%\Start Menu\Programs\RealSearch\Uninstall RealSearch.lnk 14 Windows Vista & 7:
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.