The Registry Sentinel

The Registry Sentinel Description

The Registry Sentinel, also known as TheRegistrySentinel, is a rogue registry cleaner. TheRegistrySentinel is designed to identify and fix registry errors, but instead it displays false positives to trick the user into believing there's a malware infection. The Registry Sentinel comes bundled with another rogue anti-spyware program called The Web Sentinel, which together they form a group of anti-spyware program that is under the name Your Web Safe.

Once you're infected with either of the rogue anti-spyware programs (TheRegistrySentinel, The Web Sentinel or Your Web Safe), it installs the Locker.exe file on the user's computer which displays a purchase window that will not close until the user purchases the program. The Locker.exe file disables typical keyboard commands like Alt+Tab, Ctrl+Alt+Delete, and others. The only way you can remove TheRegistrySentinel, along with The Web Sentinel and Your Web Safe, is by pressing Ctrl+N to open a new browser window and begin a scan with an antivirus or anti-spyware program to clean the computer. If you download The Registry Sentinel, it will start a scan that displays false positives on your computer. It is strongly recommended to remove The Registry Sentinel from your system without any hesitation.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %ProgramFiles%The Registry Sentinel
    2 %ProgramFiles%The Registry Sentinel\rnf456
    3 %ProgramFiles%The Registry Sentinel\The Registry Sentinel.exe
    4 %ProgramFiles%The Registry Sentinel\UninstallCleanReg.exe
    5 %ProgramFiles%The Web Sentinel
    6 %ProgramFiles%The Web Sentinel\licence.txt
    7 %ProgramFiles%The Web Sentinel\The Web Sentinel.exe
    8 %ProgramFiles%The Web Sentinel\UninstallSentinel.exe
    9 %UserProfile%\Desktop\The Registry Sentinel.lnk
    10 %UserProfile%\Desktop\The Web Sentinel.lnk
    11 %UserProfile%\Start Menu\Programs\The Registry Sentinel
    12 %UserProfile%\Start Menu\Programs\The Registry Sentinel\The Registry Sentinel.lnk
    13 %UserProfile%\Start Menu\Programs\The Registry Sentinel\UninstallCleanReg.lnk
    14 %UserProfile%\Start Menu\Programs\The Web Sentinel
    15 %UserProfile%\Start Menu\Programs\The Web Sentinel\The Web Sentinel.lnk
    16 %UserProfile%\Start Menu\Programs\The Web Sentinel\UninstallSentinel.lnk
    17 c:\WINDOWS\AttentionEX.html
    18 c:\WINDOWS\BadUrl.txt
    19 c:\WINDOWS\delete.jpg
    20 c:\WINDOWS\delete1.jpg
    21 c:\WINDOWS\IEBHO.dll
    22 c:\WINDOWS\locked.ico
    23 C:\Windows\locker.exe
    24 c:\WINDOWS\opened.ico
    25 c:\WINDOWS\paths.jpg
    26 c:\WINDOWS\prgrsbar.gif
    27 c:\WINDOWS\pskill.exe
    28 c:\WINDOWS\refs.jpg
    29 c:\WINDOWS\Sentinel1.jpg
    30 c:\WINDOWS\Sentinel2.jpg
    31 c:\WINDOWS\Sentinel3.jpg
    32 c:\WINDOWS\Sentinel4.jpg
    33 c:\WINDOWS\setts.jpg
    34 c:\WINDOWS\setupc.exe
    35 c:\WINDOWS\setups.exe
    36 c:\WINDOWS\stores.jpg
    37 c:\WINDOWS\uid.tmp
    38 c:\WINDOWS\vals.jpg
    39 c:\WINDOWS\www.jpg
    40 TheRegistrySentinel.exe
    41 TheRegistrySentinel.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SentinelHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\The Registry Sentinel.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\The Web The Web Sentinel.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\clean registryHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{82297D11-31C1-40B1-960A-BDF40B3B365F}HKEY_CLASSES_ROOT\CLSID\{D032570A-5F63-4812-A094-87D007C23012}HKEY_CLASSES_ROOT\IEBHO.TIEAdvBHOHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "The Registry Sentinel"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "The Web Sentinel"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}The Web The Web SentinelTheRegistrySentinel

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to The Registry Sentinel may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: July 15, 2008

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.