How To Remove Trust Cleaner (removal Instructions)

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Spyware and Malware Removal Guides and Reading Room

How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

How To Remove Trust Cleaner (removal Instructions)

Options

Grinler View Member Profile	Jun 4 2006, 09:01 AM Post #1
Bleep Bleep! Group: Admin Posts: 31,022 Joined: 24-January 04 From: USA Member No.: 3	How to remove Trust Cleaner (Removal Instructions) Skip the introduction and take me to the fix! A more detailed analysis of this malware can be found at the Security blog. What this program does: Trust Cleaner is a rogue anti-spyware application that uses fake alerts to goad you into purchasing the full commercial version. When infected and you start Windows the Trust Cleaner program will start and scan your computer checking for Spyware and other malware. Some of the items it states it finds is true, others are not. The interesting thing is that it finds its own files and states they are spyware as shown in the image below (Trustin popups and TrustInBar) Trust Cleaner Program This infection will show show fake alerts stating that you are possibly infected with spyware as shown in the images below. These alerts are fake and are only used as a goad to coerce you into purchasing the full commercial version of Trust Cleaned. Needless to say, you should not purchase it. Fake Desktop Popup Fake Taskbar alert Last but not least, this infection will also do the following: Block your access to any msn.com web page. Change your home page to one that strikingly resembles Google but is in fact the site hxxp://www.mswindowssearch.com,. Show popups with ads when you visit certain sites such as Google, Yahoo, and CNN among others. Not allow you to restart your computer till you kill the trustinpopups.exe process. Install a toolbar into your Internet Explorer web browser. Tools Needed for this fix: FixTC.reg (Only if you are doing the manual fix) Symptoms in a HijackThis Log: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html O2 - BHO: tisa.MyBHO - {6BBD6756-F9BA-4A7E-8C94-A801F740A608} - C:\WINDOWS\system32\tisa.dll O2 - BHO: TrustIn Bar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\Program Files\trustin bar\trustin.dll O2 - BHO: ticont.MyBHO - {F365382D-CF21-45BA-80CF-B868C6ED9634} - C:\WINDOWS\system32\ticont.dll O2 - BHO: SpoofBHO Class - {07A78AEA-4A54-4967-9A60-4B68592D30C7} - C:\WINDOWS\se_spoof.dll O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\inetloader.dll O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - C:\Program Files\TrustIn Contextual\trustincontext.dll O3 - Toolbar: TrustIn Bar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\Program Files\trustin bar\trustin.dll O4 - HKCU\..\Run: [TrustIn Popups] "C:\Program Files\TrustIn Popups\TrustInPopups.exe" O4 - HKCU\..\Run: [Trust Cleaner] "C:\Program Files\Trust Cleaner\Trust Cleaner.exe" Print out these instructions as we will need to close every window that is open later in the fix. Download FixTC.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser. FixTC.reg Download Link Confirm that the file FixTC.reg now resides on your desktop as we will need it later. Click on the Start Menu Click on the Control Panel option. Double-click on the Add or Remove Programs icon. Find the following entries and double-click on each of them. Follow the prompts to uninstall the programs, but do not allow it to reboot the computer if it asks. If after you uninstall a particular entry below it still remains, double-click on the entry again to remove it. Trust Cleaner TrustIn Bar TrustIn Contextual Ads Trustin Popups TrustIn Search Assistant Trust Cleaner Promo When it has completed uninstalling you can close Add or Remove Programs and your Control Panel. Next, please reboot your computer into Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. When you are at the logon prompt, log in as the user account you were logged on as when you extracted the SmitRem files. When your computer has started in safe mode and you see the desktop. Go to your desktop and double click on the FixTC.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button. Delete the following files and folders (Do not be concerned if a folder or file does not exist): C:\Program Files\TrustIn Popups C:\Program Files\TrustIn Bar C:\Program Files\TrustIn Contextual C:\Program Files\TrustIn Popups C:\Program Files\TrustIn Search %Temp%\wschtm35.dll %Temp%\srsvc.exe C:\WINDOWS\local.html C:\WINDOWS\SYSTEM32\tisa.dll C:\WINDOWS\SYSTEM32\lut.dat C:\WINDOWS\SYSTEM32\tisa.cnf C:\WINDOWS\SYSTEM32\ticads.exe C:\WINDOWS\SYSTEM32\tctool.exe C:\WINDOWS\SYSTEM32\ticont.dll C:\WINDOWS\SYSTEM32\tpopup.exe C:\WINDOWS\SYSTEM32\tconini.dat C:\WINDOWS\SYSTEM32\lcch.dat C:\WINDOWS\onlineshopping.ico C:\WINDOWS\removeadware.ico C:\WINDOWS\sexpersonals.ico C:\WINDOWS\local.html C:\WINDOWS\SYSTEM32\tu.exe C:\WINDOWS\SYSTEM32\ttu.exe C:\WINDOWS\se_spoof.dll C:\WINDOWS\inetloader.dll C:\Windows\mxd.exe C:\Windows\tse.exe C:\Windows\trustinbar.exe C:\Windows\ads.js C:\WINDOWS\videoslots.ico Delete these icons from your Desktop: Online Shopping.url Remove Adware.url Sex Personals.url Video Slots.url Close all open Windows. Reboot your computer back to normal mode. Download the ATF-Cleaner to your desktop from the following link: http://www.atribune.org/ccount/click.php?id=1 When it is download to your desktop, double-click on the program to run it. Select the box labeled Select All and then press the Empty Select button. When it is done you can close the program. Perform an onlinescan with Panda: Panda Online Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a few minutes) When download is complete, click on Local Disks to start the scan Your computer should now be free of the Trust Cleaner infection. If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below: Preparation Guide For Use Before Posting A Hijackthis Log This is a self-help guide. Use at your own risk. BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum. If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you. -------------------- Lawrence Become a BleepingComputer fan: Facebook

Grinler View Member Profile	Jul 7 2006, 11:03 PM Post #2
Bleep Bleep! Group: Admin Posts: 31,022 Joined: 24-January 04 From: USA Member No.: 3	Updated to add these extra files: C:\Windows\mxd. C:\Windows\tse. C:\Windows\trustinbar. C:\Windows\ads.js %Desktop%\Online Shopping.url %Desktop%\Remove Adware.url %Desktop%\Sex Personals.url %Desktop%\Video Slots.url -------------------- Lawrence Become a BleepingComputer fan: Facebook

« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 3rd July 2009 - 09:21 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive