Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Serious Problem...

  • Please log in to reply
4 replies to this topic

#1 Village Baka

Village Baka

  • Members
  • 62 posts
  • Location:Arizona
  • Local time:07:06 PM

Posted 03 September 2007 - 01:01 AM

Okay, my computer's been infected with something. It regularly puts up popup ads for stuff like DriveCleaner, MagicAntiSpyware Wizard, WinAntiVirus 2007, and other bogus programs. Now it's gone a step further and changed my background to a "YOU ARE INFECTED! DOWNLOAD THIS!" message, and it's also disabled the Task manager (when I try to access it it says "Task Manager his been disabled by your administrator").

First things first, I want to restore my background and task manager, especially the task manager. I know that you have to look in the registry and delete a certain entry to do so, but I can't remember where to look for it. So can someone tell me where the entries are, and what I should do after that? I'd just do a reformat like I usually do, but my XP cd key stopped working. Thanks in advance!

BC AdBot (Login to Remove)


#2 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:12:06 PM

Posted 03 September 2007 - 04:24 AM

See the following Bleeping Computer removal guide.

How to remove DriveCleaner 2006

To fix the Task Manger try Kelly's Korner.

Enable the Task Manager - Disable - Repair - #113 on the left.

Right click on it and save the .reg file to your desktop. Then, double click on the file icon (on your desktop) to merge it into your registry. You may need to reboot your computer for the changes to take affect.

With any fix like this you should create a new restore point and backup the registry first.

How To Back Up The Registry
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Village Baka

Village Baka
  • Topic Starter

  • Members
  • 62 posts
  • Location:Arizona
  • Local time:07:06 PM

Posted 03 September 2007 - 02:52 PM

Okay, I suppose I didn't really make my problem clear.

I'm not trying to remove DriveCleaner specifially. What I meant was that I'm getting popup ads for things similar to those types of programs, as well as task bar notifications with all of the usual "You are infected" messages. There's no specific scamware mentioned in the notifications, so any guide telling me how to remove a specific program doesn't help.

The task manager thing worked, temporarily. I also found the registry entry location for restoring my desktop (and promptly deleted it) but it's in there again. Any suggestions?

#4 oldf@rt


  • Members
  • 2,609 posts
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:06 PM

Posted 03 September 2007 - 03:21 PM

Try This:
  • Please download Rogue Remover Free from Malwarebytes.
  • Please save the file to your normal saved file location or the desktop
  • double click on rr-free-setup to run the installation program
  • accept the license agreement.
  • follow all the steps and click finish to run the program
  • Click the check for updates link
  • click the scan link to start scanning
  • when done, follow the onscreen directions to remove anything that it found.
Let us know your results, please.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 buddy215


  • Moderator
  • 13,518 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:06 PM

Posted 03 September 2007 - 03:22 PM

Rogue Remover removes several Vundo related programs such as Drivecleaner.

Super Antispyware removes a lot Vundo related malware, too.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.

You can use the Vundofix tool in the link below.

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

How to Start Windows in Safe Mode:
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users