Repair Registry 2008 – 2009

28 July 2009 Rogue 0 Comment

Repair Registry 2008 – 2009 is fraudulent Windows Utility software that pretends as error removal program. Repair Registry 2008 maybe an old rogue program but new generations of this adware still uses the same propagation technique. It is supposed to be a Windows registry repair tool but turns out as another program that aims to steal money from computer users. This product also endorse self as performance optimization tool but after thorough diagnostics it was found that Repair Registry 2008 is very much incapable to provide functions as it promises.

Screen Shot Images:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)

When this potentially unwanted application is installed on the system, it may cause moderate annoyances like browser redirection and pop-up alerts. It used to redirect Internet browser to web site that poses as an online virus scanner. Any visitor’s execution on the web site will download additional threats that can further harm the computer.

Malware Behavior
This rogue program aims to infect target by sending malicious links through instant messaging programs. It gathers contact details from the infected PC and sends a message that typically looks like this:

Online Repair: WINDOWS REQUIRES IMMEDIATE ATTENTION
ATTENTION ! Security Center has detected malware on your computer !
Affected Software: Microsoft Windows Vista, Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection / Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair utility immediately. Your system is affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.
[malicious link here] For the link to become active, please click on ‘Add to contacts’ skype button or type it in manually into your web browser!”

Visiting the link may cause browser hijacking. It will point user to another malicious web site that will pop-up a message like this:

WARNING!!! Quick system scan results
Harmful and malicious software detected
Online scanner detected programs that may compromise your privacy or damage your computer.
Backdoor:Win32/NTRoot
Backdoor:Win32/Sivuxa
Trojan.Caiijing

As you can notice, the malware will routinely forward user to various web site that offers fake security and optimization product.

Added Registry Entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Repair Registry 2008" 

Associated Files and Folders:

RepairRegistry2008.exe 
uninstall.exe 

1. Kill any running process that belongs to AKM Antivirus 2010 Pro.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
RepairRegistry2008.exe

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Repair Registry 2008"
- Close registry editor. Changes made will be save automatically.

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by AKM Antivirus 2010 Pro.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'