CODE
http://downloadsetup.org/registry-doktor-07fr.exe
Password is infected.
Full Version: registry-doktor-07fr
Password is infected.
QUOTE (ChTiPowA @ Nov 19 2009, 03:07 PM) 
CODE
http://downloadsetup.org/registry-doktor-07fr.exe
Password is infected.
Not sure I would classify this as a threat. It may use misleading marketing and all that, but it's not malware per se. My 2 cents.
Seems most others agree:
http://www.virustotal.com/analisis/0b36bf0...8c35-1258661557
Hi ChTiPowA,
Both the installer and installer are hit by current MBAM database.Please verify it is new to MBAM rogue first before posting please.
Hi Alex,
I will PM you the support data why we have listed this(&many other clones) from the same group.
Malwarebytes' Anti-Malware 1.41
Database version: 3196
Windows 5.1.2600 Service Pack 3
19/11/2009 20:22:20
mbam-log-2009-11-19 (20-22-20).txt
Scan type: Quick Scan
Objects scanned: 89784
Time elapsed: 45 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 12
Memory Processes Infected:
C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe (Rogue.AntivirusDoktor) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\Registry_Doktor 4.1\EngineAP.dll (Rogue.RegistryDoctor) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry_Doktor 2009_is1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdfrnet (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Registry_Doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Registry_Doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\Cl.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\EngineAP.dll (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\ScheduleAP.txt (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\Task.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\unins000.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\unins000.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\200812.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Registry_Doktor 4.1\Désinstaller Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Registry_Doktor 4.1\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
Both the installer and installer are hit by current MBAM database.Please verify it is new to MBAM rogue first before posting please.
Hi Alex,
I will PM you the support data why we have listed this(&many other clones) from the same group.
Malwarebytes' Anti-Malware 1.41
Database version: 3196
Windows 5.1.2600 Service Pack 3
19/11/2009 20:22:20
mbam-log-2009-11-19 (20-22-20).txt
Scan type: Quick Scan
Objects scanned: 89784
Time elapsed: 45 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 12
Memory Processes Infected:
C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe (Rogue.AntivirusDoktor) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\Registry_Doktor 4.1\EngineAP.dll (Rogue.RegistryDoctor) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry_Doktor 2009_is1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdfrnet (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Registry_Doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Registry_Doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\Cl.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\EngineAP.dll (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\ScheduleAP.txt (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\Task.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\unins000.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\unins000.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\200812.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Registry_Doktor 4.1\Désinstaller Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Registry_Doktor 4.1\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
Could you tell me how to verify if you have it on DB ?
QUOTE (ChTiPowA @ Nov 19 2009, 08:37 PM)
Could you tell me how to verify if you have it on DB ?
Install MBAM and update to the most current database.
Custom scan target file with MBAM >>If we flag it then it is known to our database
In the case of suspected rogue applications,
Install rogue then run updated MBAM quick scan>>If you have a log like the one above it is very known to our database and no need to report it.
Ok
Gonna do that =)
Gonna do that =)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.