ReginScanner Checks for Presence of Super Spyware Regin

It appears that there are many more state spyware silently at work around the world than the security researchers expected earlier. After Duqu, Stuxnet, Flame and a few others, now another state sponsored malware called Regin has surfaced. Security researchers are calling it a super spyware as it uses some very unique techniques of using virtual file systems, creating a small network of its own from the infected machines and using the cellphone GSM networks. The logs analyzed by the Kaspersky labs experts show its presence on some systems as early as 2008. As with all the state sponsored spyware, it is not expected to infect the machines of ordinary users.

Although the latest virus definitions of many security products are now able to detect it, you can use the open source ReginScanner to check a system for the presence of Regin. For the detection of many other state sponsored spyware, you can use another open source tool Detekt.

ReginScanner is based on the information about Regin that was made public by Kaspersky Labs and G-Data Security. It is a command line tool, but being a portable program it can be useful to detect Regin on any Windows computer without having to install anything.

You can run ReginScanner as is without any parameters by giving command regin-scanner.exe in the command prompt. This will scan your entire system for the presence of Regin spyware. But if you want to scan only a particular folder, then you can use the  -p switch followed by a space and the full path of the folder.


If it does not find Regin spyware on the system, then you would see a message “Result: System seems to be clean”. But if it finds some of the files that could be related to Regin spyware, then it will show message in red color – the names of the infected files and modules and finally the message “Result: Regin indicators detected!”. If it indicates the presence of Regin spyware on your system, then you should inform the authorities in charge of cyber security in your firm, office or department. On a local computer, if you find Regin infection, then you can contact your security product vendor for more help.


Conclusion: ReginScanner can be used to detect the presence of the super spyware Regin that targets computers belonging to governments, industries, companies, financial institutes etc. Detection of such a state spyware can be crucial to the security of any organization.

You can download ReginScanner from