Questionable little system helper does very little but does not come for free

01/30/2013
G DATA Blog

The RegClean Pro scareware was recently advertised on web banners of people search engine yasni.de, which is very popular in Germany. But what claims to be a useful little helper is actually a program with questionable benefits and costs.

The website yasni.de offers, among other things, a people search engine and usually appears as one of the top hits if you search for names using Google or Bing. According to Alexa.com, yasni.de is currently the 315th most popular German website and is often related to social media portals like Xing or Stayfriends and other popular websites, which makes this current case even more controversial.

Screenshot: The scareware pop-up window

How did the ad make it onto a website with a good reputation?
According to the current state of research, we assume that the operators of the website yasni.de were not aware of the advertising banner. We have informed the persons responsible of the incident.
Even though Yasni GmbH is a platinum member of 'naiin – no abuse in internet', an NGO fighting "Internet crime and pursuing better consumer and data protection and stronger civil rights on the Internet", it is unfortunately not sheltered from such incidents.
At the end of last week, even the website of the PC Welt magazine was used as a carrier for malware; this was apparently an attack on the web servers and had nothing to do with advertising banners but this incident shows that just about any website can be attacked.

It has already happened many times that unwanted advertising appeared on websites. In most cases, the operators of the websites cannot do anything at first and do not even know about this happening because they hire a company, affiliate network or advertising network to display paid advertising on a specific part of the website. However, within the advertising networks, there are several subnetworks that work for well-known advertising companies and even advertisers find it hard to understand these structures, and customers even more so. That is how black sheep manage to enter the cycle time and again.

There are at least two possible reasons why undesired advertising is displayed:

  1. A company that wants to sell its product offers the advertising network sufficient (monetary) incentive to display the ad on certain types of websites. The more popular the website on which the advertising is displayed, the more expensive it is for the advertiser. If the advertising network does not perform any detailed filtering of advertising subjects or the operator of the website does not require this, there is a wide range of potential advertising that can be displayed on a website. In this way, it is also possible for potentially unwanted advertising to be displayed.
  2. Another option: Something fishy is happening and the rules of the market economy are being broken. If attackers manage to get onto advertising lists or even hack them, the advertising manipulated by the attackers is displayed. In the best case scenario, this merely damages the website's reputation; in the worst case scenario, it infects visitors to the website.


What is the advertised program supposed to achieve?
According to provider Systweak, RegClean Pro is supposed to ensure "better computer performance, quicker computer start-up and improved stability". In the trial version that is offered for download and offers "limited functionality", "only 15 registry problems can be resolved" – that is the information provided on the Systweak website, however, users can easily miss that.

Screenshot of the website announcing several functions of RegClean Pro

What does the program actually do?
We have tested the offered test version of RegClean Pro on a fresh installation of Windows 7, without any software or updates.
There, RegClean Pro manages to find a whopping 60 errors, which lead to a "bad" rating because there is a lot of "registry damage" of the "Com and ActiveX error" type. However, referring to orphans as "damage" is a bit of an exaggeration, let alone refer to the "overall bad state" of the registry when Windows is freshly installed.
Many Internet users who have used the program report that using it did not speed up their PCs and express their disappointment. We do not find this surprising since the effect of such registry optimising programs is marginal or unnoticeable with today's hardware and operating systems. Rather than spending $29.95 on the software, you would be better off investing this money in hardware upgrades.

RegClean Pro’s actions do not appear to cause any obvious or immediate damage but editing the registry goes to the root of the system and any errors in making adjustments or deletions at this point can lead to serious problems for the PC and its users. Hence, you should be very careful!

We think the benefits of the free test program are doubtful and we do not recommend using the program or buying the full version.


What you can do:

  • If you do not want to see flashing advertising banners, you can install ad blocker add-ons in your browser. The most popular tool, which is available for many browsers, is AdBlock Plus
  • If you have installed one of these so-called little helpers, we recommend removing this program completely. You can usually do this in the traditional way using the Control Panel and the "Programs and Functions" menu item.
  • Most of these programs thankfully do not contain any malware but we still recommend scanning the system with comprehensive AV software.
  • If programs or websites offer full versions for purchase, closely check the reputation of the website or developer company before entering any personal data, let alone bank details! In the worst case, this is a phishing scam and your data will be abused for various advertising measures or even fraud.