Regtidy 2009

[spectre]

Fraudulent Security Program site claims
"Boost PC and internet speeds up to 300% "
[red]
regtidy.com[/red]

http://www.virustotal.com/reanalisis.ht ... 1248400064

http://info.prevx.com/aboutprogramtext. ... 007A7619FC

[c۞g]

whois
Created: 2009-07-07
Expires: 2010-07-07
Updated: 2009-07-09
Domain regtidy.com

Date Registered: 2009-7-7
Date Modified: 2009-7-9
Expiry Date: 2010-7-7

DNS1: ns-canada.topdns.com
DNS2: ns-usa.topdns.com
DNS3: ns-uk.topdns.com

Registrant
Private Whois Service
*******PLEASE DO NOT SEND LETTERS******
****Contact the owner by email only****
c/o regtidy.com
N4892 Nassau
Bahamas

Shared IP

-------
Against Intuition - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
G7W

[Nigel-Lew]

You folks need to learn how to play fair. I am not even sure where to start so I will post the following:

I am sorry but you folks are not even in the balllpark of correct. For starters, there is no REGTIDY.DLL associated with this application. Its RegTidy.dll Secondlly, here is the response from prevx support:

Thank you, we have marked this item as safe.

Regards,

Prevx Support

You can feel free to qualify this here: http://info.prevx.com/aboutprogramtext. ... 007A7619FC

Please learn how to read before you go futzing with someones brand and or reputation.

Nigel

[c۞g]

If we've made a mistake, it will get resolved; much quicker than it would at SA, but now SA will be reviewing a different archive with different files... >> SA

The Prevx link doesn't state "safe" merely Currently being reviewed
there is a difference; and whether or not the file name is all CAPS or HungarianProper is mute - they are the same file.

As for "playing fair'
I see you've quickly removed the .DLL from the archive and packed it into the new installer.
regtidy2009.zip - 19 July 2009
MD5: 685a7f81d107270e544e8d75aba78307 - ThreatExpert




regtidy2009.zip - 21 July 2009
MD5: 7fe660be6bfefc16514fd96846b12db6 - ThreatExpert




Now this looks suspicious to me; comparing apples to oranges.

Sophos still has it as listed as Sus/Behav-113
Sus/Behav-113 exhibits characteristics commonly, but not exclusively, found in malware.

I need to see if anyone has a test machine they can install this on, sandboxed and see the results... I have both files available if anyone has the time, PM me.

-------
Against Intuition - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
G7W

[Nigel-Lew]

Hi, sorry. I was a bit wound up when I woke up to this mess. It would seem that the sophos link has nothing to do with the dll in question. It has been protecting against it since 07 yet this app has been in the wild for like a week now.

They may very well have repacked it. I have provided them with a range of suggestions but they are all usability and business model related.

I run a marketing firm. I am not a programmer. That said, I would not have taken the job if it was a dodgy app or I did not believe in the developers.

We do also run a full blown IT firm. I am not making this stuff up
cept for days like this I prefer brand management and marketing lol....

At any rate, I have scanned this stuff repeatedly with a wide range of things. It is fine.

I did not invent the prevx response either. I sent that off to them first thing this morning.

thanks,
Nigel

[MysteryFCM]

Fire me an e-mail ;o)

steven @ my domain (the it-mate.co.uk one, not the hosts-file.net one)

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

[MysteryFCM]

Care to explain why you've got awards on your site, for sites that don't have your software listed? (e.g. Softpedia). This is dishonest at best, and downright fraudulent at worst.

Secondly, you claim you believe in the application, suggesting you've actually tested it - yet you claimed regtidy.dll was not present?? Both the installer itself, and the following, show otherwise;

http://www.threatexpert.com/report.aspx ... 6846b12db6

Third, care to explain why the application has references to RegConvoy (registryconvoy.com - 97.74.144.68) - another rogue application? And interestingly, another application that claims to be the recipient of a Softpedia award when in actuality, the application is not listed at Softpedia - making the award claim absolute rubbish.

*******************************************************
Registrant:
Lin Fan
China ShangHai MingHangQu
ShangHai, ShangHai 200000
China

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: REGISTRYCONVOY.COM
Created on: 11-Jun-09
Expires on: 11-Jun-10
Last Updated on: 11-Jun-09

Administrative Contact:
Fan, Lin regconvoy@gmail.com
China ShangHai MingHangQu
ShangHai, ShangHai 200000
China
+86.021364656 Fax --

Technical Contact:
Fan, Lin regconvoy@gmail.com
China ShangHai MingHangQu
ShangHai, ShangHai 200000
China
+86.021364656 Fax --

Domain servers in listed order:
NS03.DOMAINCONTROL.COM
NS04.DOMAINCONTROL.COM
*******************************************************

I'll let you explain this before I go into the rest .....

I should note, we do actually know what we're doing ;o)

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

[spectre]

Thanks MysteryFCM.!

[red]registryconvoy.com
[/red]
See http://www.malwareurl.com/search.php?do ... e=on&as=on
http://www.malwareurl.com/search.php?do ... e=on&as=on

[MysteryFCM]

Always a pleasure ;o)

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

[Tonor]

» At any rate, I have scanned this stuff repeatedly with a wide range of things. It is fine.

Unfortunately, as is often the case with fraudulent software, many scanners will report the files as clean. I have submitted files for analysis only to be told there's no malicious code in the file.

The virus analysts are often correct when they say there is no malicious code, but it's how the file gets classified that's important in cases like this. Many will eventually tag the applications as a fraud tool.