Home Malware Programs Adware Win32.Adware.RegDefense

Win32.Adware.RegDefense

Posted: June 23, 2011

Win32.Adware.RegDefense is an adware component of the RegDefense threat. RegDefense, also known by the name of Registry Defense, is a fake Registry cleaner that has no real Registry-cleaning functions. However, RegDefense will still request that you purchase it periodically. The Win32.Adware.RegDefense component of RegDefense may create pop-up warnings, pop-up web browser windows or other forms of advertisements that try to persuade you to purchase Win32.Adware.RegDefense. Having any part of a RegDefense infection on your PC, including Win32.Adware.RegDefense is a threat to your computer's security. Since Win32.Adware.RegDefense is a multi-component threat, you should attempt to remove Win32.Adware.RegDefense with suitable anti-virus software if this software is available.

The Rogue Security Program That Win32.Adware.RegDefense Goes Hand in Hand With

Win32.Adware.RegDefense occurs as one part of a RegDefense or Registry Defense infection. This basic threat is often detected by the name of Program:MSIL/RegDefense. As a rogue security program, the RegDefense program that Win32.Adware.RegDefense markets is unable to clean your Windows Registry or perform other beneficial functions. However, you may find the following problems occur on a PC that has Win32.Adware.RegDefense and RegDefense-related threats installed:

  • RegDefense will modify the Registry so that Win32.Adware.RegDefense and other RegDefense components can launch themselves whenever Windows starts.
  • RegDefense may pretend to find errors in your Registry or in other serious system components, and request that you purchase RegDefense's full version to remove these problems. However, RegDefense can't detect or delete Registry problems.
  • RegDefense or Win32.Adware.RegDefense may block programs from being run or hijack your browser to control which websites you visit.

Win32.Adware.RegDefense and other RegDefense program components are visibly active, with an icon in your toolbar, as well as shortcuts in various locations. Non-shortcut files for Win32.Adware.RegDefense and the rest of RegDefense are confined to the Program Files folder.

Where Win32.Adware.RegDefense Gets in On the Registry Defense Operation

Win32.Adware.RegDefense and other parts of a RegDefense infection will periodically subject you to reminders to purchase RegDefense or create advertisements in other ways. Some Win32.Adware.RegDefense advertisement possibilities include changing your homepage to a RegDefense website, creating pop-up windows with your web browser or displaying notices from your Windows toolbar.

Win32.Adware.RegDefense and related RegDefense infections are marketed by the regdefense.com website. Although regdefense.com was active recently as of June 2011, Win32.Adware.RegDefense is reported to be down and may have been permanently shut down. You should beware of any contact with other websites that are affiliated with Win32.Adware.RegDefense and RegDefense, since these websites are known to steal credit card information and install Trojans on visiting computers without your consent.

To protect yourself from advertisement-embedded Win32.Adware.RegDefense attacks, as well as website-based infections, disable Flash and JavaScript. Safe Mode and an updated security scanner should be able to delete Win32.Adware.RegDefense and other RegDefense infections without any other problems.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch
    2 %Documents and Settings%\[UserName]\Start Menu\Buy.lnk

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'ProxyServer' = 'http=127.0.0.1:5555'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments 'SaveZoneInformation' = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'HKEY_LOCAL_MACHINE\SOFTWARE\Malware DefenseHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall�1HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\secfileHKEY_CURRENT_USER\ Software\ Microsoft \Windows\ CurrentVersion

One Comment

  • registry easy says:

    Hi I was playing World of Warcraft and had a problem so i googled it and I clicked a site.....dont know what it was called, but it told me i had a virus but it wasnt my security system so i closed it but it kept popping up and it auto downloaded or something and it keeps telling me everything i open is infected with a virus and i cant do anything, im using my bros laptop cuz mines infected and i dont know how to fix it D:

Loading...