Win32.Adware.RegDefense

Posted: June 23, 2011

Win32.Adware.RegDefense Description

Win32.Adware.RegDefense is an adware component of the RegDefense threat. RegDefense, also known by the name of Registry Defense, is a fake Registry cleaner that has no real Registry-cleaning functions. However, RegDefense will still request that you purchase it periodically. The Win32.Adware.RegDefense component of RegDefense may create pop-up warnings, pop-up web browser windows or other forms of advertisements that try to persuade you to purchase Win32.Adware.RegDefense. Having any part of a RegDefense infection on your PC, including Win32.Adware.RegDefense is a threat to your computer's security. Since Win32.Adware.RegDefense is a multi-component threat, you should attempt to remove Win32.Adware.RegDefense with suitable anti-virus software if this software is available.

The Rogue Security Program That Win32.Adware.RegDefense Goes Hand in Hand With

Win32.Adware.RegDefense occurs as one part of a RegDefense or Registry Defense infection. This basic threat is often detected by the name of Program:MSIL/RegDefense. As a rogue security program, the RegDefense program that Win32.Adware.RegDefense markets is unable to clean your Windows Registry or perform other beneficial functions. However, you may find the following problems occur on a PC that has Win32.Adware.RegDefense and RegDefense-related threats installed:

  • RegDefense will modify the Registry so that Win32.Adware.RegDefense and other RegDefense components can launch themselves whenever Windows starts.
  • RegDefense may pretend to find errors in your Registry or in other serious system components, and request that you purchase RegDefense's full version to remove these problems. However, RegDefense can't detect or delete Registry problems.
  • RegDefense or Win32.Adware.RegDefense may block programs from being run or hijack your browser to control which websites you visit.

Win32.Adware.RegDefense and other RegDefense program components are visibly active, with an icon in your toolbar, as well as shortcuts in various locations. Non-shortcut files for Win32.Adware.RegDefense and the rest of RegDefense are confined to the Program Files folder.

Where Win32.Adware.RegDefense Gets in On the Registry Defense Operation

Win32.Adware.RegDefense and other parts of a RegDefense infection will periodically subject you to reminders to purchase RegDefense or create advertisements in other ways. Some Win32.Adware.RegDefense advertisement possibilities include changing your homepage to a RegDefense website, creating pop-up windows with your web browser or displaying notices from your Windows toolbar.

Win32.Adware.RegDefense and related RegDefense infections are marketed by the regdefense.com website. Although regdefense.com was active recently as of June 2011, Win32.Adware.RegDefense is reported to be down and may have been permanently shut down. You should beware of any contact with other websites that are affiliated with Win32.Adware.RegDefense and RegDefense, since these websites are known to steal credit card information and install Trojans on visiting computers without your consent.

To protect yourself from advertisement-embedded Win32.Adware.RegDefense attacks, as well as website-based infections, disable Flash and JavaScript. Safe Mode and an updated security scanner should be able to delete Win32.Adware.RegDefense and other RegDefense infections without any other problems.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch
    2 %Documents and Settings%\[UserName]\Start Menu\Buy.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'ProxyServer' = 'http=127.0.0.1:5555'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments 'SaveZoneInformation' = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'HKEY_LOCAL_MACHINE\SOFTWARE\Malware DefenseHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall�1HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\secfileHKEY_CURRENT_USER\ Software\ Microsoft \Windows\ CurrentVersion

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Win32.Adware.RegDefense may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Adware Win32.Adware.RegDefense

One Comment

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.