RealScan

RealScan

Found: 
2011-03-02
Description: 

Win32.FraudTool.RealScan is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

Known system changes: 


Files


Folders

c:\crefree


RegistryEntries

Key: HKEY_CURRENT_USER\Software\CREFREE
Key: HKEY_CURRENT_USER\Software\Microsoft\RealScan
Key: HKEY_CLASSES_ROOT\CFI.CFICtrl.1
Key: HKEY_CLASSES_ROOT\CLSID\{79B12FC8-2D4F-4258-9291-D5ED00BA4D52}
Key: HKEY_CLASSES_ROOT\CLSID\{879D8338-513E-47A6-A7C7-6B6BAAF70F25}
Key: HKEY_CLASSES_ROOT\Interface\{188A93ED-B48D-4E94-B88A-B50D6A525561}
Key: HKEY_CLASSES_ROOT\Interface\{2C6F308B-7CD6-4E5C-B906-D8E946A27275}
Key: HKEY_CLASSES_ROOT\TypeLib\{9F9058CB-5E10-4D0C-8A6A-75A360B83668}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{879D8338-513E-47A6-A7C7-6B6BAAF70F25}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RealScan_Launcher.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D2B0FEF-AD16-4BC8-A733-9B79B2FAD84E}
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: RealScan.exe
Data: C:\CREFREE\RealScan\RealScan.exe /start /C /S
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Value: C:\WINDOWS\Downloaded Program Files\RealScan_Launcher.dll