Home / malware Program:Win32/RegistryEasy
First posted on 03 February 2010.
Source: SecurityHomeAliases :
Program:Win32/RegistryEasy is also known as RegistryGreat (Symantec), Adware.RegistryEasy (VirusBuster).
Explanation :
Program:Win32/RegistryEasy is a program that is promoted as a system optimization tool. This program may have been installed via a Web site falsely claiming a system scan took place and that critical system errors are present, directing the user to download the program to correct these fictitious errors. Also, some versions of this program may display deceptive or fraudulent claims about files, registry entries and/or other items on the computer.
Top
Program:Win32/RegistryEasy is a program that is promoted as a system optimization tool. This program may have been installed via a Web site falsely claiming a system scan took place and that critical system errors are present, directing the user to download the program to correct these fictitious errors. Also, some versions of this program may display deceptive or fraudulent claims about files, registry entries and/or other items on the computer. Installation Program:Win32/RegistryEasy may be present as the following programs and shortcut links: %ALLUSERSPROFILE%\Start Menu\Programs\registry easy\Registry Easy Help.lnk %ALLUSERSPROFILE%\Start Menu\Programs\registry easy\Registry Easy on the Web.lnk %ALLUSERSPROFILE%\Start Menu\Programs\registry easy\Registry Easy.lnk %ALLUSERSPROFILE%\Start Menu\Programs\registry easy\Uninstall Registry Easy.lnk %AppData%\Microsoft\Internet Explorer\Quick Launch\Registry Easy.lnk %ProgramFiles%\Registry Easy\Code %ProgramFiles%\Registry Easy\EasyHelp.chm %ProgramFiles%\Registry Easy\errorlist.txt %ProgramFiles%\Registry Easy\FileAssociation.ass %ProgramFiles%\Registry Easy\fu.dat %ProgramFiles%\Registry Easy\GetAutoSavePwd.dll %ProgramFiles%\Registry Easy\RE.exe %ProgramFiles%\Registry Easy\Recoveryer.dll %ProgramFiles%\Registry Easy\RegEasyUpdate.exe %ProgramFiles%\Registry Easy\RegistryEasy.url %ProgramFiles%\Registry Easy\ScanResult %ProgramFiles%\Registry Easy\ScanSection.ini %ProgramFiles%\Registry Easy\soft.dat %ProgramFiles%\Registry Easy\unins000.dat %ProgramFiles%\Registry Easy\unins000.exe %ProgramFiles%\Registry Easy\Update.ini %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Easy.lnk %UserProfile%\Desktop\Registry Easy.lnk The installer creates the fo llowing registry subkeys: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\Registry Easy_is1 HKCU\Software\RegistryEasy When run, Program:Win32/RegistryEasy may display an alert with an indication that errors are present on the affected computer, such as the following:
Analysis by Aaron HulettLast update 03 February 2010
