Home Rogue Websites Regfixguide.com

Regfixguide.com

Posted: October 21, 2009

Regfixguide.com is a malicious website with the goal to promote the rogue anti-spyware program Soft Cop. Regfixguide.com displays an online system scan that resembles a blue MS-DOS screen. The scan is absolutely false and it's meant to encourage users to download Soft Cop, which is a fake software. Computer users should not download any programs, including Soft Cop, or provide credit card information to Regfixguide.com.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\All Users\Desktop\SoftCop.lnk
    2 %Documents and Settings%\All Users\Start Menu\Programs\SoftCop
    3 %Documents and Settings%\All Users\Start Menu\Programs\SoftCop\1 SoftCop.lnk
    4 %Documents and Settings%\All Users\Start Menu\Programs\SoftCop\2 Homepage.lnk
    5 %Documents and Settings%\All Users\Start Menu\Programs\SoftCop\3 Uninstall.lnk
    6 %Program Files%\SoftCop Software
    7 %Program Files%\SoftCop Software\SoftCop
    8 %Program Files%\SoftCop Software\SoftCop\SoftCop.exe
    9 %Program Files%\SoftCop Software\SoftCop\uninstall.exe
    10 %Temp%\ca85mxcq.exe
    11 %WINDOWS%\10134spamb9zb95.dll
    12 %WINDOWS%\1015zpyware2930.dll
    13 %WINDOWS%\10753tzo5931.bin
    14 %WINDOWS%\system32\288995acktool3z1.dll
    15 %WINDOWS%\system32\28935virus54z.ocx
    16 %WINDOWS%\system32\28a6d9wnlzader1957.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SoftCop"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ca85mxcq.exe"HKEY_CURRENT_USER\Software\SoftCopHKEY_LOCAL_MACHINE\SOFTWARE\SoftCopHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SoftCop
Loading...