RegistryRescue
RegistryRescue is a program that may give exaggerated reports of threats on the compromised computer. It will then prompt the user to purchase a registered version of the software in order to remove the reported threats. It is a low risk Adware. Low
Risk Adware is advertising software that displays ads on the desktop but is installed with better notice, disclosure and user consent than the majority of adware programs. Nonetheless, some Low Risk Adware programs may still not fully disclose all
potentially objectionable functionality during installation. Some Low Risk Adware programs display less intrusive forms of advertising, such as banner ads or text links embedded within the program itself. Low Risk Adware typically does not transmit
personally identifiable information (PII) and is not considered a serious privacy risk0
General information:
| Malware Name: |
RegistryRescue |
| Malware Type: |
Adware |
| Company Name: |
PC Privacy Software |
| Company URL: |
http://www.pcprivacysoftware.com/
|
| Threat Level: |
Low Risk |
| Operating System: |
WIN XP |
| Installation Type: |
Installed through EXE |
| Operation: |
Time of After Installation. |
Company Description:
PC Privacy Software provides software for the security and privacy of our system. One of its software is Registry Rescue. Registry Rescue scans, removes, and repairs invalid entries, references and links in our Windows registry. Errors in our registry,
and stuff left behind by other programs in our registry are one of the main causes of system slow down, computer crashes and lockups, also a potential privacy threats. By repairing errors in the registry our system's performance will be visibly
increased.
Spyware Description:
RegistryRescue is a program that may give exaggerated reports of threats on the compromised computer. It will then prompt the user to purchase a registered version of the software in order to remove the reported threats. It is a low risk Adware. Low
Risk Adware is advertising software that displays ads on the desktop but is installed with better notice, disclosure and user consent than the majority of adware programs. Nonetheless, some Low Risk Adware programs may still not fully disclose all
potentially objectionable functionality during installation. Some Low Risk Adware programs display less intrusive forms of advertising, such as banner ads or text links embedded within the program itself. Low Risk Adware typically does not transmit
personally identifiable information (PII) and is not considered a serious privacy risk0
Characteristics/Symptoms:
-> False positives work as good to purchase -> False scan results -> Uses inadequate scan/detection scheme0
Additional information might be found here:
Processes Running:
regresc.exe
File information Created after Installation:
| File Location |
Size (Bytes) |
Type |
| C:\Documents and Settings\All Users\Start Menu\Programs\PcPrivacySoftware.com\RegistryRescue\RegistryRescue.lnk |
843 |
Shortcut |
| C:\Documents and Settings\All Users\Start Menu\Programs\PcPrivacySoftware.com\RegistryRescue\uninstall.lnk |
742 |
Shortcut |
| C:\Documents and Settings\[USER]\Desktop\RegistryRescue.lnk |
825 |
Shortcut |
Folder information Created after Installation:
Registry information Created after Installation:
| Main Registry Key |
Sub Registry Key |
Key Value Name |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PcPrivacySoftware.com - RegistryRescue_is1 |
NoRepair |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PcPrivacySoftware.com - RegistryRescue_is1 |
QuietUninstallString |
| HKEY_LOCAL_MACHINE |
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PcPrivacySoftware.com - RegistryRescue_is1 |
UninstallString |
