Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/Adware.RegistryCleanFix2008 is a adware that installs Win32/MonaGray.A malware.
Installation
The adware must be manually installed.

The adware creates the following files:
  • %allusersprofile%\Start Menu\Programs\Startup\SRVSPOOL.exe
    (Win32/MonaGray.A)
  • %programfiles%\RegistryCleanFix2008\RegistryCleaner2008.exe
  • %programfiles%\RegistryCleanFix2008\unins000.dat
  • %programfiles%\RegistryCleanFix2008\unins000.exe
  • %allusersprofile%\Desktop\RegistryCleanFix2008.lnk
In order to be executed on every system start, the adware sets the following Registry entry:
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
    Run]
    "RegistryCleanFixMFC" = "%programfiles%\RegistryCleanFix2008\
    RegistryCleaner2008.exe"
The following Registry entries are created:
  • [HKEY_CURRENT_USER\Software\FCR2008MFC]
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Uninstall\RegistryCleanFix2008_is1]
Other information
The adware displays warnings about possible problems detected on the compromised computer that need to be fixed. The problems/threats are fake.

Some examples follow.

Example [1.] :
Example [2.] :
The goal of these programs is to persuade the user to purchase them. During the registration of the adware the user may be redirected to one of the following Internet web sites:
  • http://www.registrycleanfix.com
Example [3.] :