RegistryDoktor2010

RegistryDoktor2010

Found: 
2011-01-13
Description: 

Win32.FraudTool.RegistryDoktor is a rogue application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

Known system changes: 

Files
%CommonDesktop%\Registry Doktor*
%Desktop%\Registry Doktor 4.1.lnk

Folders

%ProgramFiles%\Registry Doktor*
%CommonPrograms%\Registry_Doktor*
%CommonPrograms%\Registry Doktor*
%ProgramFiles%\Registry_Doktor*
%ProgramFiles%\RegistryDoktor*
%StartMenu%\RegistryDoktor*

RegistryEntries

Key: HKEY_CURRENT_USER\Software\RegistryDoktorFrNE
Key: HKEY_CURRENT_USER\Software\RegistryDoktorNE
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: RegistryDoktorFrNET
Data: C:\Program Files\Registry Doktor 4.12\RegistryDoktor.exe
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: RegistryDoktorNET
Data: C:\Program Files\Registry Doktor 4.1\RegistryDoktor.exe
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: RDfrNET
Data: C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe
Key: HKEY_CURRENT_USER\Software\RD_DENE
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegDok_is1
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: Kuyt76GNT
Data: C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe