Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


> How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

 
Reply to this topicStart new topic
> How To Remove Registry Cleaner 2.5 (removal Instructions)
Grinler
post Jan 25 2007, 11:50 AM
Post #1


Bleep Bleep!
******

Group: Admin
Posts: 32,137
Joined: 24-January 04
From: USA
Member No.: 3



How to remove Registry Cleaner 2.5 (Removal Instructions)




What this program does:

Registry Cleaner is a program that states it will scan your computer for and fix Registry problems. If problems are found then you need to purchase the commercial version of the software in order to fix them. The reality is that this program is a security risk that displays false positives and exaggerated results as a scare tactic in order to have you purchase the commercial version. What is quite amusing is that this software finds as one of its results the Trojan, Ctpmon.exe, that was used to install it. It goes without saying that you should not purchase the software.

Ctpmon.exe is a program that starts up automatically when Windows starts and displays an alert stating The registry is corrupted. To help protect your computer please update your security software. It then asks Would you like to update your security software now? The software being named System Registry Cleaner with a publisher name of Microsoft Certified Partner. You have an option of clicking on the Update button or the Ask Me Later button. If you press the Update button it will download and install Registry Cleaner on your computer. Registry Cleaner will automatically start and scan your system where it will list the Ctpmon.exe file as one of the entries that need to be fixed. If you select the Ask Me Later button the alert will go away and ask you again in a couple of hours.

Below are some screen shots of the program including the main Registry Cleaner screen, the Registry Cleaner download alert, and the results page of Registry Cleaner showing that it found its own infector.


Registry Cleaner Screenshot
Registry Cleaner Screen shot


Registry Cleaner Notification
Registry Cleaner Notification


Results showing the Trojan that installed the program in the first place
Results showing the Trojan that installed the program in the first place

Tools Needed for this fix:
Symptoms in a HijackThis Log:

O4 - HKLM\..\Run: [ctpmon] ctpmon.exe

Revision History

No revisions.


Removal Instructions:
  1. Print out these instructions as we will need to close every window that is open later in the fix.

  2. Download SmitfraudFix.exe from here and save it to your desktop:

    SmitFraudFix.exe

    Confirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:



  3. Next, please reboot your computer into Safe Mode by doing the following:

    1. Restart your computer

    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

    3. Instead of Windows loading as normal, a menu should appear

    4. Select the first option, to run Windows in Safe Mode.

    5. When you are at the logon prompt, log in as the user your normally log in as.

  4. When your computer has started in safe mode and you see the desktop.

  5. Close all open Windows.

  6. Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:



  7. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.

  8. You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).




  9. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.





    This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11.

  10. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.


  11. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.
  12. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen.
Your computer should now be free of the Registry Cleaner infection.

If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log




This is a self-help guide. Use at your own risk.



BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.


--------------------
Lawrence
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Go to the top of the page
 
+Quote Post
« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 9th February 2010 - 12:24 PM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2010 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2010  IPS, Inc.