Registry Defender Removal Guide
Computer fraud is very popular nowadays and hackers become more and more aggressive in their ways to trick unsuspecting users. To make people believe that they are about to buy a legitimate and effective program, cyber criminals often use the reliable layout of security software. This is the case with one of their latest creations – Registry Defender. Do not be deceived by its reliable name – it will neither defend your system, not detect any present infections. On the contrary, in will put your system in real danger and will do everything possible to make you pay for a bogus program.
Registry Defender pretends to be a trustworthy AV application which is able to detect any system problems and infections. It tries to convince you that there are system errors and to do that displays many pop-up messages and warnings. It also makes a system scan, which says that you have to remove some infected files immediately. Although all of these messages are really frightening, do not be misled by their fake content. They have nothing to do with reality and are displayed only to scare you into buying a scam application.
Registry Defender will redirect you to some fake web page. If you have a closer look at that page, you will see that it has no detailed information about the security product and its creators. Moreover, the site will has only a form, which requires you to submit your personal and credit card details. Do not give your information, as this program will not give you even a registry key. It will only take your money and leave your computer in danger.
Registry Defender Screenshots:
Registry Defender technical info for manual removal:
Files Modified/Created on the system:
| # | File Name | File Size (Bytes) | File Hash |
|---|---|---|---|
| 1 | 1AB8.exe | 303211 bytes | MD5: b7553dbc27115a1c9273493ae28d132c |
| 2 | NUSB3w32.dll | 157184 bytes | MD5: 4a0c63fba11b0a2917051f14fe66678a |
| 3 | agente.exe | 176128 bytes | MD5: 5820c0a140f9502d1e4ff17a40f51641 |
| 4 | lsi.exe | 396288 bytes | MD5: b2cf2b46b363e0e66bff49ea666ed572 |
| 5 | Setup%20Registry%20Defender[1].exe | ||
| 6 | ivn.exe | 372224 bytes | MD5: e42a03d4fdde7304377750b095c44e20 |
| 7 | ClipUserNetM.dll | 151552 bytes | MD5: 15dc33b7a56949cbe29df63cc8117fb5 |
| 8 | rutserv.exe | 4003328 bytes | MD5: 8008e5a7f569e95bd2ebb05d347f481e |
| 9 | GenDM.exe | 888832 bytes | MD5: 7e5a0164275d00d65eb8a1f6b2ddd259 |
| 10 | eekum0qzb2.exe | 16384 bytes | MD5: 5fd74d17d0ebfeae798120350ceebffe |
| 11 | remote.exe | 940544 bytes | MD5: 473d4e19499a0c3a49a6b29618207516 |
| 12 | jml.exe | 364544 bytes | MD5: 51925bb97ef917841f95334eaf64394f |
| 13 | escritorio.exe | 305845 bytes | MD5: 0550f5a4c60537e200495bd01a1fd273 |
| 14 | svchost.exe | 2435072 bytes | MD5: 0f641dda991e2eda7b94d86ca52e52ef |
| 15 | 3A92.exe | 147456 bytes | MD5: c703d2e55a5b5b5132c5a737ea98bfb5 |
| 16 | questdns179.exe | 26112 bytes | MD5: 3c5030716e0cfc56bb25ea1a5d9de23e |
| 17 | RDAssistant.exe | 815792 bytes | MD5: fb924bd37175d57189906345b86416fb |
| 18 | RegDef2011.exe | 1198048 bytes | MD5: 69dc05b8ef8ac9a4bcfe47ba0e61a74e |
| 19 | Lucifer.exe | 62464 bytes | MD5: d811cd76c43e6a8cfb781ed94f83c456 |
| 20 | wscntfy.exe | 36864 bytes | MD5: 1cd712a5faec6519bcc38cfc0a43f169 |
| 21 | p0906tqqzv.exe | 16384 bytes | MD5: dbec012628545cbf21f8524375d474df |
| 22 | vhs.exe | 308224 bytes | MD5: dc103b463216a7c226e24b06f29e1419 |
| 23 | RegistryDefender.exe | 1126400 bytes | MD5: b3c66c0f4f53f4dd15d8e814c6535665 |
| 24 | ek0igjo911.exe | 16384 bytes | MD5: 6d5c50a827ea8092888caef1a2517545 |
| 25 | pm_proc1.exe | 515592 bytes | MD5: 90879f9696947bebb4bcddcb906c84c2 |
| 26 | Chrome_Loader.exe | 2090277 bytes | MD5: 90658655035c54d71a41e731b791cce6 |
| 27 | 0318be33-62f8-a702-0e4c-b3fea26b9b45.dll | 2730496 bytes | MD5: 54daea86968425ee7437eed17465101d |
| 28 | trracert.exe | 57344 bytes | MD5: 16bf529b01d4547a9ae36b00a68073ab |
| 29 | Eset fix(1).exe | 1803474 bytes | MD5: a1d08cf77b0d3366d52c18aebfb4e905 |
| 30 | DqSeoCbFrTc.exe | 458752 bytes | MD5: 71fb1ee9ab2f56359249a1c4c9335b4c |
| 31 | INSTALL.LOG | 19511 bytes | MD5: e6743bbf541ba9916cb12517f72f3fa1 |
| 32 | vdn.exe | 374784 bytes | MD5: c49c9904027ea013f08b12822ede8085 |
| 33 | privacy.exe | 816640 bytes | MD5: 9f17f66bda05c039331b775e32a6453f |
| 34 | ulbrnii.dll | 11264 bytes | MD5: 9b0e51d090b978bcedff8f2b8ec2a55c |
| 35 | bqg.exe | 344064 bytes | MD5: 7583beae74d202a63b6946c485f1829f |
| 36 | ucms.exe | 157696 bytes | MD5: 23d9a444e0b0e5af69a3904cb81060ea |
| 37 | CktPzrpm8100kw.exe | 362178 bytes | MD5: 1ecf1452ffbfcdbf99e6c2b5e494ccb9 |
| 38 | user32.dll | 858112 bytes | MD5: c4ce20b61b69f4fe226d74b46666bb84 |
| 39 | 2895.exe | 389120 bytes | MD5: dba4160733afc4e67aced4babc8af88d |
| 40 | oef.exe | 305152 bytes | MD5: 49bc100ad6eef23f112ce7d754fce7c3 |
| 41 | hhJj43j0mrE2fc.exe | 346880 bytes | MD5: 46b5449d4b8d5611661088cd0c0cd0aa |
| 42 | Uninstall.exe | 410141 bytes | MD5: 7e7f1f5cb6b79ee6403137f90f5bd63e |
| 43 | rd2010.exe | 1193408 bytes | MD5: 71af7accf79edff874b19be6b718e972 |
Memory Processes Created:
| # | Process Name | Process Filename | Main module size |
|---|---|---|---|
| 1 | 1AB8.exe | 1AB8.exe | 303211 bytes |
| 2 | agente.exe | agente.exe | 176128 bytes |
| 3 | lsi.exe | lsi.exe | 396288 bytes |
| 4 | Setup%20Registry%20Defender[1].exe | Setup%20Registry%20Defender[1].exe | |
| 5 | ivn.exe | ivn.exe | 372224 bytes |
| 6 | rutserv.exe | rutserv.exe | 4003328 bytes |
| 7 | GenDM.exe | GenDM.exe | 888832 bytes |
| 8 | eekum0qzb2.exe | eekum0qzb2.exe | 16384 bytes |
| 9 | remote.exe | remote.exe | 940544 bytes |
| 10 | jml.exe | jml.exe | 364544 bytes |
| 11 | escritorio.exe | escritorio.exe | 305845 bytes |
| 12 | svchost.exe | svchost.exe | 2435072 bytes |
| 13 | 3A92.exe | 3A92.exe | 147456 bytes |
| 14 | questdns179.exe | questdns179.exe | 26112 bytes |
| 15 | RDAssistant.exe | RDAssistant.exe | 815792 bytes |
| 16 | RegDef2011.exe | RegDef2011.exe | 1198048 bytes |
| 17 | Lucifer.exe | Lucifer.exe | 62464 bytes |
| 18 | wscntfy.exe | wscntfy.exe | 36864 bytes |
| 19 | p0906tqqzv.exe | p0906tqqzv.exe | 16384 bytes |
| 20 | vhs.exe | vhs.exe | 308224 bytes |
| 21 | RegistryDefender.exe | RegistryDefender.exe | 1126400 bytes |
| 22 | ek0igjo911.exe | ek0igjo911.exe | 16384 bytes |
| 23 | pm_proc1.exe | pm_proc1.exe | 515592 bytes |
| 24 | Chrome_Loader.exe | Chrome_Loader.exe | 2090277 bytes |
| 25 | trracert.exe | trracert.exe | 57344 bytes |
| 26 | Eset fix(1).exe | Eset fix(1).exe | 1803474 bytes |
| 27 | DqSeoCbFrTc.exe | DqSeoCbFrTc.exe | 458752 bytes |
| 28 | vdn.exe | vdn.exe | 374784 bytes |
| 29 | privacy.exe | privacy.exe | 816640 bytes |
| 30 | bqg.exe | bqg.exe | 344064 bytes |
| 31 | ucms.exe | ucms.exe | 157696 bytes |
| 32 | CktPzrpm8100kw.exe | CktPzrpm8100kw.exe | 362178 bytes |
| 33 | 2895.exe | 2895.exe | 389120 bytes |
| 34 | oef.exe | oef.exe | 305152 bytes |
| 35 | hhJj43j0mrE2fc.exe | hhJj43j0mrE2fc.exe | 346880 bytes |
| 36 | Uninstall.exe | Uninstall.exe | 410141 bytes |
| 37 | rd2010.exe | rd2010.exe | 1193408 bytes |
Registry Modifications:
The following Registry Keys were created:
- RUNNING PROGRAM\RegistryDefender.exe
- RUNNING PROGRAM\rd2010.exe
