Thursday, March 12, 2009

RegistryFox Rogue

RegistryFox is a Fake Security application from AntiSpyware LLC. The same company that use to create SmitfraudFixTool rogue (from the original and legit application SmitfraudFix), MalwareRemovalBot Rogue, and many other fake stuff.



The two rogue websites are hosted on the same server:
malwareremovalbot.com (74.53.169.2)
registryfox.com (74.53.169.2)

The application is contacting database.registrysmart.com (75.125.200.226) to update the "heavy" data base: 7Kb. IP shared with other rogues softwares:
adwarealert.com (75.125.200.226)
evidenceeraser.com (75.125.200.226)
registrysmart.com (75.125.200.226)
restore-pc.com (75.125.200.226)

In the code, there is a reference to file (DataBase.ref) downloaded from 2squared.com (75.125.61.162):
antispywarebot.com (75.125.61.162)
errorsweeper.com (75.125.61.162)
privacycontrol.com (75.125.61.162)
regclean.com (75.125.61.162)

There is also a link to Antispyware 2009 Rogue setup:
antispyware.com (75.125.241.58)
adwarebot.com (75.125.241.58)
antispyware2009.com (75.125.241.58)
errorsmart.com (75.125.241.58)
regsweep.com (75.125.241.58)

Thanks to NoVirusThanks