Posts Tagged ‘Viruses’

Clean slow Windows PC / Laptop from Spyware, Malware, Viruses, Worms and Trojans – Anti-Malware Program Arsenal

Monday, January 26th, 2015

clean-slow-Windows-computer-notebook-laptop-from-malware-spyware-viruses-worms-and-trojans

Malware Bytes is a great tool to clean a PC in a quick and efficient way from Malware /  Spyware that wormed while browsing infectious site on the internet.
But sometimes PCs that has to be fixed are so badly infected with Spyware, Malware and Viruses that even after running Malware Bytes on boot time, left Work or Viruses do automatically download from the Internet or have been polymorphically renamed to a newer one that escapes Malware Bytes badware database and heroistics
Such problematic PCs are usually unmaintained user PCs whose Anti-Virus procetion with Nod32 or Kaspersky licensing has long expired leaving the PC without any mean of protection / PCs with removed Firewall / AV Program (due to Virus or Malware Infection) or on Computers which were used actively to download Cracked Programs, Games – by small kids or PCs used for watching heavily Porn (by teenagers).

Here is a List of Top Iseful FreeWare anti-Malware softwares, you can use in combination with MalwareBytes to (Clean) / Fix a Windows PC that is in almost unsolvable state (and obviously needs re-install) but contains too much software either obsolete or hard (time wasting) to configure:

Below anti-malware goodies helps in “Resurrecting” even the worst infected PC, so I believe every Win Admin should know them well and in computer clubs and university Windows computer networks with Internet it is recommended to check computers at least once a year …

1. Remove Bootkits and Trojans with Kaspersky TDSSKiller

Bootkit is a rootkit which loads when Windows system boots.  To search and destroy bootkits – Download the latest official version of Kaspersky TDSSKiller.

remove-bootkits-and-trojans-with-kaspersky-tdsskiller-screenshot-anti-malware

KASPERSKY TDSSKILLER DOWNLOAD LINK Run Kaspersky (after changing parameters  – enable Detect TDLFS file system) and remove any found infections

2. Download and use latest official version of RKill to terminate any malicious processes running in background

rkill-terminate-any-malicious-spyware-malware-processes-running-in-background-rkill-logo

Please note that you will have to rename version of RKILL so that malicious software won’t block this utility from running. (link will automatically download RKILL renamed as iExplore.exe)
Double click on iExplore.exe to start RKill and stop any processes associated with Luhe.Sirefef.A.

rkill-terminate-trojan-spyware-processes-windows-xp-7-screenshot

RKill will now start working in the background, please be patient while the program looks for any malicious process and tries to end them.
When the Rkill utility has completed its task, it will generate a log.

Do not reboot your computer after running RKill as the malware programs will start again.

When the Rkill utility has completed its task, it will generate a log. Do not reboot computer after running RKill as the malware programs will start again.

3. Clean (any remaining) malware from your computer with HitmanPro

clean-remaining-malware-from-computer-with-hitmanpro-scanning-screenshot

HITMANPRO DOWNLOAD LINK is here

My Mirror of HitmanPro 3.7 (32 bit) Windows version is here
My Mirror of HitmanPro 3.7 (64 bit) Windows version is here

Because HitmanPro is unfortunately proprietary software, when you run a scan on the computer “Activate free license” button to begin the free 30 days trial, and remove all the malicious files found on your computer.

4. Remove Windows adware with AdwCleaner

The AdwCleaner utility will scan your computer and web browser for the malicious files, browser extensions and registry keys, that may have been installed on your computer without your knowledge.

adwcleaner-clean-remove-delete-adware-with-AdwCleaner-found-malware-screenshot

Here isAdwCleaner utility ADWCLEANER DOWNLOAD LINK 
My Download AdwCleaner 4.109 is here

Note that before starting AdwCleaner, close all open programs and internet browsers. After finishing scan AdwCleaner requires a reboot (always backup cause you never know what can happen).

5. Remove any malicious registry keys added by malware with RogueKiller

remove-any-malicious-registry-keys-added-by-malware-with-RogueKiller

RogueKiller is a utility that will scan for the unwanted registry keys and any other malicious files on your computer. It is pretty much like the free software Little Registry Cleaner but it is specialised in removing common malware left junk keys.

download the latest official version of RogueKiller from the below links.

ROGUEKILLER x86 DOWNLOAD LINK (For 32-bit machines)
ROGUEKILLER x64 DOWNLOAD LINK (For 64-bit machines)

Download Mirror link of Roguekiller X86 is here
Download Mirror link of Roguekiller X64 is here

Wait for the Prescan to complete.This should take only a few seconds,  then click on the “Scan” button to perform a system scan. After scan complete delete any found hax0r malicious registries

6. Purge any leftover infections on your computer with Emsisoft Anti-Malware

purge-any-left-over-infections-on-your-computer-with-EmsiSoft-anti-malware

Emsisoft scan (potentially) infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other badware.

DOWNLOAD EMSISOFT EMERGENCY KIT HERE  – The link will open in new window tab. Note that EmsiSoftEmergencyKit is huge 168 Mbs!

My mirror of EmsiSoft Emergency kit is here

It is recommended to do the SMART Scan as it is more complete, though if you're in a hurry Quick Scan might also find something ugly. Once Scan completes Quarantine any found infected items.

It is best if all of the 7 Win cleaners are run, e.g.:

(TDSSKiller, RKill, HitmanPro, AdwCleaner, RogueKiller, Little Registry Cleaner  and EmsiSoft) in a consequential order as they're shown in article). Finally a run of Malware Bytes just to make sure nothing has remained is a good idea too.

Hopefully now you should be malware free. If you know other useful Anti-Spyware tools that helped you in case of PC Malware Slowness problems (constant Hard Disk read writes), please drop a comment and I will include them in this list). 
Once badware is removed from your PC or laptop the CPU should no longer show constantly busy with some strange process in taskmgr and notebook should be much more responsive (and if you have power management enabled) it will consume less energy reducing your electricity bills 🙂
 

Any feedback on experience with running above bunch of anti spy programs is also mostly welcome. 

Microsoft Windows most secure OS for 2014 ? – Short OS and Application Security report for 2014

Tuesday, February 24th, 2015

windows-more-secure-OS-for-2014-than-Linux-and-Mac-OSX-and-iOS-operating-systems-short-security-report-2014

It is shocking news for me and probably to many that according to security specialists at National Vulnerability Database, at present moment for year 2014 Windows looks like more secure than both Apple's (iOS and Mac OS X) as well as to Linux.

Windows has been  bullied for its bad OS design and easier to breach Security compared to Linux, there was a constant hype also of Mac OS users claiming the invulnerability of their BSD based OS, but it seems security breach statistics given by  National Vulnerability Database security breach evaluation reports tell us security issues for 2014 Windows OSes while compared to other OS vulnerabilities in different operating systems such as Linux.

statistics-of-Operating-System-security-issues-vulnerabilities-for-2014-windows-most-secure-OS-2014-source-national-vulnerability-database
I will have to disappoint Apple Mac fans but in 2014 Mac OS X was found to be riddled with the greatest number of security problems147 in total, including 64 rated as high severity, and 67 as medium.

iOS's security was also ranked poor with 127 vulnerabilities including 32 high and 72 with a medium rating.

For comparison the latest Windows 8.1 had only 36 vulnerabilities, and its predecessors — Windows 8 and 7 — both had same number.
In Enterprise World (users) Windows Server 2007 and 2008 both have 38 vulnerabilities. Reported vulnerabilities were mainly of middle and high severity.

high-severity-vulnerabilities-graph-of-operating-systems-year-2014

Overall statistics also show there has been a huge increase in the number security vulnerabilities in the NVD security reports database.
In 2013 the number of all logged vulnerabilities were 4,794 while this jumped to 7,038 in y. 2014. The good news is lower percentage of all logged in security issues were rated of critical security importance.
It is mostly third party software not part of OS which contain security issues, 83% of all reported vulnerabilities were laying in 3rd party applications, only 13% percantage were OS specific and 4% hardware related.
Though overall statistics shows Microsoft products more secure than Apple Inc. Products and (Open Source) Linux, though still M$ Internet Explorer is the most insecure web browser, for 2014,  Internet Explorer had  242 vulnerabilities while Google Chrome had 124 security issues and the most secure browser rated for 2014 is (surprising for me) Mozilla Firefox.
It is important to say such statistics are not completely relevant because, for example you can rarely see a Linux desktop user infected with Malware but almost everyone around using Windows OS is malware infected, same goes for Mac OS users, there are plenty of vulnerabilities for Mac but overall security of Mac OS is better as I haven't still met Mac OS users with Viruses and Spyware but I fixed about (30!!) of Microsoft PCs and notebooks infected with various Viruses and badware throughout 2014. Also it should be considered that many securitty bugs are kept secret and actively exploited for a long time by blackhats like it happened recently with Heartbleed and ShellShock vulnerabilities
For those interested, below is a list of top vulnerable applications for 2014

security-issues-vulnerability-report-2012-2013-2014_graph_windows-most-secure-operating-system-for-2014

ClamTK Linux Desktop Anti-Virus program – Checking Windows mapped drives with ClamTK

Thursday, June 20th, 2013

Linux desktop graphical program to scan for-viruses ClamTK clamav frontend application

In general Linux has fame for being Virus Free Operating System. During the 13 last years as dedicated GNU / Linux user, I've seen Linux servers with binaries infected with Viruses, however the hosts, were severely messed hosts because noone updated them on time and script kiddy crackers has "hacked" multiple times. In lifetime one of my old testing computers got infected with Virus because of my mistake of running "suspicious" pre-compiled "cracker" software binaries with no MD5 verification and "questionable" websites…
I share this story because, I want to beat-up the Myth that Linux cannot have Viruses. It CAN but not very likely to happen 🙂

As a Desktop user over the last 10 years, even though I installed plenty of packages from third party sources and never happened to infect my computer with Virus – or at least if I infected I never knew it. A lot of popular MS-Windows Anti-Virus programs, has already ports for Linux. Just to mention few non-free Linux AV software providing install binaries;

  • Avast

  • BitDefender

  • AVG

  • Dr. Web

Though risk of Viruses on Linux is so tiny, it is useful to have ANTI-Virus Software to check files received from Skype, E-mails and onse downloaded with Browser. I always prefer so until now I used Clamav Antivirus to keep an eye periodically on my Desktop Linux host and servers running mail servers (those who run Mail Servers know how useful is Clamav in stopping tons of E-mail attached Malware Viruses and Trojans).

I use mostly Debian Linux, so on every new server or Desktop one of first things I did was to install it, i.e.:

# apt-get --yes install clamav
...

Before I knew Clamav AV for Windows has GUI, anyways till recently I didn't know if there is some kind of free software AV Graphical frontend for Linux. I just found out about ClamTK

Linux Free Antivirus ClamTk clamav Virus Scanner graphical frontend

ClamTK is available in most Linux distributions from default package repositories

On Debian and Ubuntu to install it run common:

debian:~# apt-get --yes clamtk
...

On Fedora and CentOS Linux to install:

[root@fedora ~]# yum -y install clamtk
...

Its best to run it as root superuser (or via sudo) to make ClamTK able read all files or mounts on system:

hipo@debian:~$ sudo clamtk

ClamTK is very simple to use and there are only few configuration options;
clamtk desktop linux free antivirus startup preferences

clamtk scan for viruses linux gui proxy

linux Anti-Virus Desktop graphics easy to use AntiVirus ClamTK preferences screenshot

ClamTK is very useful when used with mounted Samba Shared (Mapped) Windows drives to scan for Viruses and malware, i.e, after mounting share using cmd like:

# smbmount //192.168.2.28/projects /mnt/projects -o user=USERNAME

Fixing enter not working in Skype 6 – Skype cannot send message bug on Windows XP

Sunday, March 10th, 2013

Skype how to fix enter not sending messages in Skype6 downgrade to Skype5 windows XP
Yesterday, I had to fix another Windows XP computer infested with Spyware and Viruses. Thanksfully I cleaned it up as usual using standard combination of Malware Bytes + Little Registry Cleaner and Avira. The PC haven't been updated recently and running still Windows XP SP2, thus to make Avira running I had to install SP3 as Avira nowdays depends on Win SP3. After clean up it worked much better, though it is not 100% sure if some kind of malicious software is still not on PC.
After all seemed fine on this Russian Windows XP, there was one thing still problematic – Skype. For some weird reason whenever user from Skype contact list is messaged, it was impossible to send the message with Enter key. I tried checking if all seems fine in Keyboard Settings and Regional Settings in Windows Control Center, cause XP version was with Russian Language Pack and I suspected the Language Pack might mess up something in how Keyboard keys are mapped but all seemed fine there. One important note to make here is PC is running on old hardware and had an old standard PS/2 Keyboard detected as PS/2 – 101 – 102 keys standard keyboard. I tried re-installing the keyboard driver, trying to auto-detect however driver detected for this keyboard seemed to be latest issued for PS/2 Keyboards from Microsoft so after update Skype can't send message bug was still present and respectively the only way to communicate with people from contact list was to Call the person and speak. I researched online on the problem and found a multitude of users complaining to face the same Skype messaging – Enter key not working, unfortunately noone online seemed to have found a solution. I've seen some suggestions to use Skype settings to re-map Enter key but on this Skype 6.2.0.106 the option to remap how Enter key reacts wasn't present. Thus I decided to try to downgrade Skype 6 to Skype 5 here is a mirror of Skype 5 -and try if this helps. After Uninstalling Skype 6 and installing Skype 5 – enter key started working again so mission accomplished 🙂 If you happen to have the annoying Enter key not working in skype bug just downgrade to any below version to 6 and all will be fine. Drop me a comment if you experience the same bug with Win and Skype version.
Finally, be sure not to upgrade further Skype to avoid problems. Last but not least, there is even some advantages in older skype releases, the interface is simpler – making work with skype easier.

Is it possible mail server to work on alternative port to 25?

Thursday, February 28th, 2013

If you're running a small home based Linux or BSD server with Qmail, Exim or Postfix and it happens your ISP has filtered incoming connections to TCP/IP port 25 and you wonder if it is possible to use other alternative port to 25 for example the (Secure SMTP) SMTPS 465 supported by all major SMTP servers, the answer unfortunately is it is not possible.

The only accepted and working mail transmission port works on TCP/IP Port 25, thus the only option to make the mail server working fine is contact your ISP and convince them to remove filtering for port 25 to your custom IP. Many ISPs set a Firewall filter for 25, because nowadays many Windows XP / Vista / 7 PCs get infected with Viruses and Trojans running a tiny SMTP server on the host and trying to send million of SPAM messages via the poor unknowing victim. This congests the network and often even creates ISP network overloads, thus ISPs prefer to filter Port 25 to get rid of such eventual problems.

Once again,  alternative port to 25 for Mail is impossible !

Fix to sfc /scannow (System File Checker) error “The specific code is 0x000006ba [The RPC Server is unavailable.] “

Friday, December 14th, 2012

I had to fix one Windows XP computer today. The computer was in a terrible state (meak to say), the system was hanging during boot,

None of Windows recovery modes worked,  except when running it through:

Windows Safe Mode (With Command Prompt) mode (pressing F8 before Windows boot with Windows flag screen).


I followed some Usual commands to repair broken Windows XP, as the system was hanging during boot there was obviously some issues with corrupt by Viruses and Malware system binary (.exe) files or some .DLL was substituted in (C:WindowsSystem32 and C:WindowsSystem32DllCacache) with a trojanned version by some "bad ware". 

Thus the logical thing to do was to try:

sfc /scannow


from Safe Mode's cmd prompt. Instead of starting its work as usual System File Checker spitted an error:
 

Windows File Protection could not be initiate a scan of protected system files.  
The specific code is 0x000006ba [The RPC Server is unavailable.]

You can guess my amazement as I see this error for a first time in my life. Actually I don't remember if I run System File Checker scan from a Safe Mode With only Command Prompt ever so I'm not sure if this error was caused by some Virus activity which broke up the Win host, or it is due to the fact RCP Services are not loaded in Safe Mode – With Command Prompt Only.

As the message implies RCP Server is not running and sfc depends on it.

The reason for the error is Windows File Protection (WFP) was disabled by some of the Spyware or Viruses which infested the poor Win PC.

As the problem consisted in unworking RPC Services I tried launching RPC manually with command:

> net start rpcss  

This unfortunately did not succeeded (dunno why).

I've later seen another fix pointed on a couple of forums around, which is using Registry to enable SFC.

Re-enabling SFC is done by:

1. Launching regedit

2. Once launched go to the following reg settings (sub-values)

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

Use modify on it and change value to be "0"
3. Restart windows and launch again Safe Mode With (Command Prompt Only)

There execute:

> sfc /purgecache
> sfc /scannow

This solves it however, as you never can be sure if the Install time .DLLs are not already rootkited by the Virus-es and Spywares which "posessed" the computer. It is generally a good idea to Launch the Windows Install CD, recovery console and launch SFC using it, or even try using the Windows CD (Repair) mode. Though this is a temporary work around, this system will need a re-install in very short future, or it will most likely came in the same broken state in a very while – I don't believe such an infested computer can be "cured" except with a clean CD Windows re-install.
If this method didn't work for you but something else worked for you, whether you had to fix a Win PC please drop a comment with the solution.

Poderosa a tabbed Terminal Emulator (PuTTY Windows Alternative)

Tuesday, December 6th, 2011

Even though, I rarely use Windows to connect to remote servers using SSH or Telnet protocols in some cases I’m forced to do that (in cases I’m away from my Linux notebook). I’m doing my best to keep away from logging anywhere via SSH using Windows as when using Windows you never know what kind of spyware, malware or Viruses is already on the system, not to mention Microsoft are sniffing a lot if not everything which is typed on the keyboard… Anyways, usually I use Putty as a quick way to access a remote SSH, however pitily PuTTY lacks an embedded functionality for Tabs and each new connection to a server I had to run a new instance of PuTTY. This is okay if you need to access a single server but in some cases where access to multple servers is necessery lacking the tab functionality and starting 10 times putty is really irritating and one forgets what kind of connection is present on which PuTTY instance.

Earlier on, I’ve blogged about the existence of PuTTY Connection Manager PuTTY add-on program which is a PuTTY wrapper which enables PuTTY to be used with Connection Tabs feature, however installing two programs is quite inconvenient, especially if you have to do this every few days (in case if travelling a lot).

Luckily there is another terminal emulator free program for Windows called PodeRoSA which natively supports a tabbed Secure Shell connections.
If you want to get some experience with it check out Poderosa’s website , here is also a screenshot of the program running few ssh encrypted connections in tabs on a Windows host.

Poderosa Windows ssh / telnet tabs terminal emulator screenshot
Another good reason that one might consider using Poderosa instead of PuTTY is the Apache License under which Poderosa is developed. Currently the Apache License is compatible with GPL free software license which makes the program fully free software. The PuTTY license is under BSD and MIT and some other weird custom license not 100% compatible with GPL and hence PuTTY can be considered less free software in terms of freedom.

Cause and solution for Qmail sent error “Requested action aborted: error in processing Server replied: 451 qq temporary problem (#4.3.0)”

Friday, October 28th, 2011

One of the qmail servers I manage today has started returning strange errors in Squirrel webmail and via POP3/IMAP connections with Thunderbird.

What was rather strange is if the email doesn’t contain a link to a webpage or and attachment, e.g. mail consists of just plain text the mail was sent properly, if not however it failed to sent with an error message of:

Requested action aborted: error in processing Server replied: 451 qq temporary problem (#4.3.0)

After looking up in the logs and some quick search in Google, I come across some online threads reporting that the whole issues are caused by malfunction of the qmail-scanner.pl (script checking mail for viruses).

After a close examination on what is happening I found out /usr/sbin/clamd was not running at all?!
Then I remembered a bit earlier I applied some updates on the server with apt-get update && apt-get upgrade , some of the packages which were updated were exactly clamav-daemon and clamav-freshclam .
Hence, the reason for the error:

451 qq temporary problem (#4.3.0)

was pretty obvious qmail-scanner.pl which is using the clamd daemon to check incoming and outgoing mail for viruses failed to respond, so any mail which contained any content which needed to go through clamd for a check and returned back to qmail-scanner.pl did not make it and therefore qmail returned the weird error message.
Apparently for some reason apparently the earlier update of clamav-daemon failed to properly restart, the init script /etc/init.d/clamav-daemon .

Following fix was very simple all I had to do is launch clamav-daemon again:

linux:~# /etc/inid.d/clamav-daemon restart

Afterwards the error is gone and all mails worked just fine 😉

How to exclude sorbs.net for a particular IP address in Qmail Mail server install / Fix to Thunderbird mail sent error (Exploitable Server See: http://www.sorbs.net/lookup.shtml?xx.xx.xx.xx) error

Tuesday, November 1st, 2011

In the office, some of my colleagues has started receiving error messages, while trying to send mail with Thunderbird and Outlook Express
The exact error they handed to me reads like this:

An error occured while sending mail. The mail server responded: Exploitable Server See:
http://www.sorbs.net/lookup?xx.xx.xx.xx. Please check the message recipient

Here is also a screenshot, I’ve been sent via Skype with the error poping up on a Thunderbird installed on Windows host.

Typing the url http://www.sorbs.net/lookup?xx.xx.xx.xx lead me to sorbs.net to a page saying that the IP address of the mail client which is trying to send mail is blacklisted . This is not strange at all condireng that many of the office computers are running Windows and periodically get infected with Viruses and Spyware which does sent a number of Unsolicated Mail (SPAM).

The sorbs.net record for the IP seems to be an old one, since at the present time the office network was reported to be clear from malicious SMTP traffic.

The error sorbs.net disallowing the mail clients to send from the office continued for already 3 days, so something had to be done.

We asked the ISP to change the blacklisted IP address of xx.xx.xx.xx , to another one but they said it will take some time and they can’t do it in a good timely matter, hence to make mail sending work again with POP3 and IMAP protocols from the blacklisted IPs I had to set in the Qmail install to not check the xx.xx.xx.xx IP against mail blacklisting databases.

On qmail install disabling an IP check in RBLSMTPD is done through editting /etc/tcp.smtp and following recreate of /etc/tcp.smtp.cdb – red by qmailctl script start.
The exact line I put in the end of /etc/tcp.smtp to disable the RBLSMTPD check is:

xx.xx.xx.xx:allow,RBLSMTPD="",RELAYCLIENT="",QS_SPAMASSASSIN="0"

Further on to recreate /etc/tcp.smtp.cdb and reload the new cdb db records:

qmail:~# qmailctl cdb
qmail:~# qmailctl restart
...

Onwards, the sorbs.net IP blacklist issue was solved and all office computers from xx.xx.xx.xx succeeded in sending mails via SMTP.

Little Registry Cleaner (Free Software / Open Source Windows XP Registry Cleaner)

Saturday, December 17th, 2011

Little Registry Cleaner - Free and Open Source Software Windows XP Registry cleaner / Alternative to Registry Booster
Have you ever wondered, if there is a free (open source) software that could fix Windows XP registry irregularities e.g. (obsolete or unwanted items that build up in the registry over time.)?

I did not either until now, however when I had to fix, few Windows XP computers which was not maintained for a long time fixing the Windows registry was necessery to make the sluggerish computers improve their overall stability and performance.

The reasons of the slowness in computers who run for a long time by users who does not have a "computer culture" are obvious.
Windows programs which has incorrectly placed registry records withint the Windows registry database, Programs which on Uninstall / Removal left behind a lot of registry records just to hang around because of impotent (coders), or records created on purpose on program uninstall to intentionally further track the user behavior etc.
Other reasons why Windows registry gots bloated with time, are due to Malware or polymorphic Viruses which load them selves everytime on Windows load using some obscure registry records.

Though I'm not a big proprietary software lover still my job as a system administrator , enforces me to fix some broken Windowses.
I haven't fixed Windows machines for a long time, so my memories on programs that clean up registry are from my young years.

The software, I've used before to fix Windows 2000 / XP Registry was:

1. Registry Booster

From my current perspective of a free software hobbyist / evangelist it was important for me to clean up the Windows PCs with a program that is Free or Open Source Software.
When I'm asked to fix some Windows computer I always do my best to make most of the programs that roll on the PC to be FOSS.

Using FOSS instead of downloading from torrents, some cracked software has multiple benefits.

1. Usually Free Software is more stable and more robust2. FOSS software for Windows usually does not come with Malware / Spyware as many of the cracked proprietary software

3. Free and Open Source Programs are simplistic in interface and way of use

A bit of research if there is a Free (Open Source) Software immediately lead me to a program called Little Registry Cleaner
You can see a screenshot of the program in the beginning of the article, the program is very easy to install and use and uses some .NET framework classes so right before installing it installs .NET library (code).

The use results of Little Registry Cleaner were amazing. Even though it is a free software the program found and fixed more registry problems than its competitor Windows Registry Booster! 😉