Fraudulent Security Program site claims
"Boost PC and internet speeds up to 300% "
regtidy.com
http://www.virustotal.com/reanalisis.html?e46c40764d94cdfa898595d437f2bb9db46c026a42d46ed8c47079be635b1b6f-1248400064
http://info.prevx.com/aboutprogramtext.asp?PX5=E4A396A700FBDD7E44FE0630F18542007A7619FC
Regtidy 2009
internet speeds up to 300%
[url=http://whois.domaintools.com/regtidy.com t=_self]whois[/url]
Created: 2009-07-07
Expires: 2010-07-07
Updated: 2009-07-09
Domain regtidy.com
Date Registered: 2009-7-7
Date Modified: 2009-7-9
Expiry Date: 2010-7-7
DNS1: ns-canada.topdns.com
DNS2: ns-usa.topdns.com
DNS3: ns-uk.topdns.com
Registrant
Private Whois Service
*******PLEASE DO NOT SEND LETTERS******
****Contact the owner by email only****
c/o regtidy.com
N4892 Nassau
Bahamas
Shared IP
-------
Against Intuition - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
[url=http://g7w.net/ t=_self]G7W [/url]
Created: 2009-07-07
Expires: 2010-07-07
Updated: 2009-07-09
Domain regtidy.com
Date Registered: 2009-7-7
Date Modified: 2009-7-9
Expiry Date: 2010-7-7
DNS1: ns-canada.topdns.com
DNS2: ns-usa.topdns.com
DNS3: ns-uk.topdns.com
Registrant
Private Whois Service
*******PLEASE DO NOT SEND LETTERS******
****Contact the owner by email only****
c/o regtidy.com
N4892 Nassau
Bahamas
Shared IP
-------
Against Intuition - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
[url=http://g7w.net/ t=_self]G7W [/url]
Regarding Regtidy
You folks need to learn how to play fair. I am not even sure where to start so I will post the following:
I am sorry but you folks are not even in the balllpark of correct. For starters, there is no REGTIDY.DLL associated with this application. Its RegTidy.dll Secondlly, here is the response from prevx support:
Thank you, we have marked this item as safe.
Regards,
Prevx Support
You can feel free to qualify this here: http://info.prevx.com/aboutprogramtext.asp?PX5=E4A396A700FBDD7E44FE0630F18542007A7619FC
Please learn how to read before you go futzing with someones brand and or reputation.
Nigel
I am sorry but you folks are not even in the balllpark of correct. For starters, there is no REGTIDY.DLL associated with this application. Its RegTidy.dll Secondlly, here is the response from prevx support:
Thank you, we have marked this item as safe.
Regards,
Prevx Support
You can feel free to qualify this here: http://info.prevx.com/aboutprogramtext.asp?PX5=E4A396A700FBDD7E44FE0630F18542007A7619FC
Please learn how to read before you go futzing with someones brand and or reputation.
Nigel
Hello Nigel
If we've made a mistake, it will get resolved; much quicker than it would at SA, but now SA will be reviewing a different archive with different files... [url=http://www.siteadvisor.com/sites/regtidy.com/ t=_self]>> SA[/url]
The Prevx link doesn't state "safe" merely Currently being reviewed
there is a difference; and whether or not the file name is all CAPS or HungarianProper is mute - they are the same file.
As for "playing fair'
I see you've quickly removed the .DLL from the archive and packed it into the new installer.
regtidy2009.zip - 19 July 2009
MD5: 685a7f81d107270e544e8d75aba78307 - [url=http://www.threatexpert.com/report.aspx?md5=685a7f81d107270e544e8d75aba78307 t=_self]ThreatExpert[/url]
[img]http://i562.photobucket.com/albums/ss66/gate7wizard/fraud-scam/regTidy_19July09.jpg[/img]
regtidy2009.zip - 21 July 2009
MD5: 7fe660be6bfefc16514fd96846b12db6 - [url=http://www.threatexpert.com/report.aspx?md5=7fe660be6bfefc16514fd96846b12db6 t=_self]ThreatExpert[/url]
[img]http://i562.photobucket.com/albums/ss66/gate7wizard/fraud-scam/regTidy_21July09.jpg[/img]
Now this looks suspicious to me; comparing apples to oranges.
Sophos still has it as listed as [url=http://www.sophos.com/security/analyses/suspicious-behavior-and-files/susbehav113.html t=_self]Sus/Behav-113[/url]
Sus/Behav-113 exhibits characteristics commonly, but not exclusively, found in malware.
I need to see if anyone has a test machine they can install this on, sandboxed and see the results... I have both files available if anyone has the time, PM me.
-------
Against Intuition - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
[url=http://g7w.net/ t=_self]G7W [/url]
The Prevx link doesn't state "safe" merely Currently being reviewed
there is a difference; and whether or not the file name is all CAPS or HungarianProper is mute - they are the same file.
As for "playing fair'
I see you've quickly removed the .DLL from the archive and packed it into the new installer.
regtidy2009.zip - 19 July 2009
MD5: 685a7f81d107270e544e8d75aba78307 - [url=http://www.threatexpert.com/report.aspx?md5=685a7f81d107270e544e8d75aba78307 t=_self]ThreatExpert[/url]
[img]http://i562.photobucket.com/albums/ss66/gate7wizard/fraud-scam/regTidy_19July09.jpg[/img]
regtidy2009.zip - 21 July 2009
MD5: 7fe660be6bfefc16514fd96846b12db6 - [url=http://www.threatexpert.com/report.aspx?md5=7fe660be6bfefc16514fd96846b12db6 t=_self]ThreatExpert[/url]
[img]http://i562.photobucket.com/albums/ss66/gate7wizard/fraud-scam/regTidy_21July09.jpg[/img]
Now this looks suspicious to me; comparing apples to oranges.
Sophos still has it as listed as [url=http://www.sophos.com/security/analyses/suspicious-behavior-and-files/susbehav113.html t=_self]Sus/Behav-113[/url]
Sus/Behav-113 exhibits characteristics commonly, but not exclusively, found in malware.
I need to see if anyone has a test machine they can install this on, sandboxed and see the results... I have both files available if anyone has the time, PM me.
-------
Against Intuition - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
[url=http://g7w.net/ t=_self]G7W [/url]
HI
Hi, sorry. I was a bit wound up when I woke up to this mess. It would seem that the sophos link has nothing to do with the dll in question. It has been protecting against it since 07 yet this app has been in the wild for like a week now.
They may very well have repacked it. I have provided them with a range of suggestions but they are all usability and business model related.
I run a marketing firm. I am not a programmer. That said, I would not have taken the job if it was a dodgy app or I did not believe in the developers.
We do also run a full blown IT firm. I am not making this stuff up
cept for days like this I prefer brand management and marketing lol....
At any rate, I have scanned this stuff repeatedly with a wide range of things. It is fine.
I did not invent the prevx response either. I sent that off to them first thing this morning.
thanks,
Nigel
They may very well have repacked it. I have provided them with a range of suggestions but they are all usability and business model related.
I run a marketing firm. I am not a programmer. That said, I would not have taken the job if it was a dodgy app or I did not believe in the developers.
We do also run a full blown IT firm. I am not making this stuff up
cept for days like this I prefer brand management and marketing lol....
At any rate, I have scanned this stuff repeatedly with a wide range of things. It is fine.
I did not invent the prevx response either. I sent that off to them first thing this morning.
thanks,
Nigel
-
MysteryFCM
- Posts: 4912
- Joined: Mon Jul 14, 2008 4:47 pm
....
Fire me an e-mail ;o)
steven @ my domain (the it-mate.co.uk one, not the hosts-file.net one)
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net
steven @ my domain (the it-mate.co.uk one, not the hosts-file.net one)
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net
-
MysteryFCM
- Posts: 4912
- Joined: Mon Jul 14, 2008 4:47 pm
...
Care to explain why you've got awards on your site, for sites that don't have your software listed? (e.g. Softpedia). This is dishonest at best, and downright fraudulent at worst.
Secondly, you claim you believe in the application, suggesting you've actually tested it - yet you claimed regtidy.dll was not present?? Both the installer itself, and the following, show otherwise;
http://www.threatexpert.com/report.aspx?md5=7fe660be6bfefc16514fd96846b12db6
Third, care to explain why the application has references to RegConvoy (registryconvoy.com - 97.74.144.68) - another rogue application? And interestingly, another application that claims to be the recipient of a Softpedia award when in actuality, the application is not listed at Softpedia - making the award claim absolute rubbish.
*******************************************************
Registrant:
Lin Fan
China ShangHai MingHangQu
ShangHai, ShangHai 200000
China
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: REGISTRYCONVOY.COM
Created on: 11-Jun-09
Expires on: 11-Jun-10
Last Updated on: 11-Jun-09
Administrative Contact:
Fan, Lin regconvoy@gmail.com
China ShangHai MingHangQu
ShangHai, ShangHai 200000
China
+86.021364656 Fax --
Technical Contact:
Fan, Lin regconvoy@gmail.com
China ShangHai MingHangQu
ShangHai, ShangHai 200000
China
+86.021364656 Fax --
Domain servers in listed order:
NS03.DOMAINCONTROL.COM
NS04.DOMAINCONTROL.COM
*******************************************************
I'll let you explain this before I go into the rest .....
I should note, we do actually know what we're doing ;o)
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net
Secondly, you claim you believe in the application, suggesting you've actually tested it - yet you claimed regtidy.dll was not present?? Both the installer itself, and the following, show otherwise;
http://www.threatexpert.com/report.aspx?md5=7fe660be6bfefc16514fd96846b12db6
Third, care to explain why the application has references to RegConvoy (registryconvoy.com - 97.74.144.68) - another rogue application? And interestingly, another application that claims to be the recipient of a Softpedia award when in actuality, the application is not listed at Softpedia - making the award claim absolute rubbish.
*******************************************************
Registrant:
Lin Fan
China ShangHai MingHangQu
ShangHai, ShangHai 200000
China
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: REGISTRYCONVOY.COM
Created on: 11-Jun-09
Expires on: 11-Jun-10
Last Updated on: 11-Jun-09
Administrative Contact:
Fan, Lin regconvoy@gmail.com
China ShangHai MingHangQu
ShangHai, ShangHai 200000
China
+86.021364656 Fax --
Technical Contact:
Fan, Lin regconvoy@gmail.com
China ShangHai MingHangQu
ShangHai, ShangHai 200000
China
+86.021364656 Fax --
Domain servers in listed order:
NS03.DOMAINCONTROL.COM
NS04.DOMAINCONTROL.COM
*******************************************************
I'll let you explain this before I go into the rest .....
I should note, we do actually know what we're doing ;o)
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net
Rated Registryconvoy too,
Thanks MysteryFCM.!
registryconvoy.com
See http://www.malwareurl.com/search.php?domain=&s=registryconvoy.com&match=0&rp=50&redirs=on&ip=on&reverse=on&as=on
http://www.malwareurl.com/search.php?domain=&s=regtidy.com&match=0&rp=50&redirs=on&ip=on&reverse=on&as=on
registryconvoy.com
See http://www.malwareurl.com/search.php?domain=&s=registryconvoy.com&match=0&rp=50&redirs=on&ip=on&reverse=on&as=on
http://www.malwareurl.com/search.php?domain=&s=regtidy.com&match=0&rp=50&redirs=on&ip=on&reverse=on&as=on
-
MysteryFCM
- Posts: 4912
- Joined: Mon Jul 14, 2008 4:47 pm
...
Always a pleasure ;o)
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net
Fraudulent software can be marked as 'clean'
» At any rate, I have scanned this stuff repeatedly with a wide range of things. It is fine.
Unfortunately, as is often the case with fraudulent software, many scanners will report the files as clean. I have submitted files for analysis only to be told there's no malicious code in the file.
The virus analysts are often correct when they say there is no malicious code, but it's how the file gets classified that's important in cases like this. Many will eventually tag the applications as a fraud tool.
Unfortunately, as is often the case with fraudulent software, many scanners will report the files as clean. I have submitted files for analysis only to be told there's no malicious code in the file.
The virus analysts are often correct when they say there is no malicious code, but it's how the file gets classified that's important in cases like this. Many will eventually tag the applications as a fraud tool.
Who is online
Users browsing this forum: No registered users and 13 guests