Win32/Adware.RegistryCleanFix2008 [Threat Name] go to Threat

Win32/Adware.RegistryCleanFix2008 [Threat Variant Name]

Category adware
Size 1990711 B
Detection created Mar 05, 2008
Detection database version 2925
Aliases FraudTool.Win32.RegCleanFix.b (Kaspersky)
Short description

Win32/Adware.RegistryCleanFix2008 is a adware that installs Win32/MonaGray.A malware.


The adware must be manually installed.

The adware creates the following files:

  • %allusersprofile%\­Start Menu\­Programs\­Startup\­SRVSPOOL.exe (Win32/MonaGray.A)
  • %programfiles%\­RegistryCleanFix2008\­RegistryCleaner2008.exe
  • %programfiles%\­RegistryCleanFix2008\­unins000.dat
  • %programfiles%\­RegistryCleanFix2008\­unins000.exe
  • %allusersprofile%\­Desktop\­RegistryCleanFix2008.lnk
  • %allusersprofile%\­Start Menu\­Programs\­RegistryCleanFix2008\­RegistryCleanFix2008.lnk
  • %allusersprofile%\­Start Menu\­Programs\­RegistryCleanFix2008\­RegistryCleanFix2008 on the Web.url
  • %allusersprofile%\­Start Menu\­Programs\­RegistryCleanFix2008\­Uninstall RegistryCleanFix2008.lnk
  • %userprofile%\­Application Data\­Microsoft\­Internet Explorer\­Quick Launch\­RegistryCleanFix2008.lnk

In order to be executed on every system start, the adware sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "RegistryCleanFixMFC" = "%programfiles%\­RegistryCleanFix2008\­RegistryCleaner2008.exe"

The following Registry entries are created:

  • [HKEY_CURRENT_USER\­Software\­FCR2008MFC]
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Uninstall\­RegistryCleanFix2008_is1]
Other information

The adware displays warnings about possible problems detected on the compromised computer that need to be fixed.

The problems/threats are fake.

Some examples follow.

Example [1.] :

Example [2.] :

The goal of these programs is to persuade the user to purchase them.

During the registration of the adware the user may be redirected to one of the following Internet web sites:


Example [3.] :

Please enable Javascript to ensure correct displaying of this content and refresh this page.