About a month ago I was on my notebook browsing clipart on Office.Microsoft.com when a window popped up in the lower right corner (taskbar). The only anti-virus I was using was Windows Defender and running IOBit360.
I will tell you what I remember. The window borders in the pop up were red, it presented itself as a Microsoft Windows product and it stated I was infected with a virus. There were 2 or 3 buttons to click and I clicked one of them which prompted me to buy the product, I did not do this. I closed the window, again and again, and downloaded several anti-virus, anti-spyware, and anti-malware free programs in addition to system optimization software. Several threats were found and removed (unfortunately I do not have the logs for these events) but the startup was getting slower and slower and I believe my settings were being hijacked. Over the last several weeks, I did a little amateur investigation to see what was running in the task manager. I came across a process that I was not familiar with and that I had not seen previously, taisregistpinger.exe. I performed about a half dozen factory restores which only seemed to make things worse until on 3/12/2011 after the last factory restore on the original factory hard drive, the desktop was now a blue screen with big bold red font that read: WARNING, your computer is now infected with malware/spyware (I can't remember). It had a couple more paragraphs that I did not read. After weeks of headaches and frustration I purchased a new hard rive.
On 3/8/11 I installed the new hard drive and ran the recovery media DVD's. All went well and I proceeded to download Avir Anti-Virus, SuperAntispyware, Advanced System Care, IOBit360, Malwarebytes, and CCleaner. Then I moved on to download the 67 Windows Updates. The first set downloaded and installed fine with a prompt to restart which I did. Then I went back to Windows Updates to check for additional updates which there was a single download. It was downloaded, installed and restarted with no problems. I went back to Windows Update again to check for more updates again and there was another individual update. I downloaded and installed it. This download did not have a restart prompt but I did anyway. Upon start up, an Internet Explorer Toshiba Registration window popped up indicating that it could connect to the internet.
Here's the problem with this window. This window is not the same as the real/original Toshiba Registration window as when I opened the brand new laptop and registered it for the first time in 2009. I located this "file" in Start; All Programs; My Toshiba; Toshiba Registration. When I open it, I see 3 Icons that do not seem to fit with the other legit Toshiba icons. I will get to the outcome of this in a minute.
After that window popped up, I left it there (didn't click anywhere on it), I ran a scan with IOBit360 which detected and removed: Trojan.Win32/BHO, Registry Key, HKEY_CLASSES_ROOT\kt_bho.KettleBho, 4-19974. I was still not comfortable that either of these issues were taken care of. So, last night I contacted Microsoft to get assistance with the window and the Trojan. At the beginning of the call I could not log into our home network to access the internet. He directed me to go Internet Properties, Connection, click LAN Settings, uncheck Automatic Detection settings, check Use Proxy server, Click OK, then to Advanced tab and Reset. I was then able to access the network and get the internet. The Microsoft representative did his thing with remote access, ran a scan which did not detect any viruses, spyware or malware but fixed 2 registry issues. Then he scanned my notebook again which came up clean. He confirmed that my system was free of viruses but I voiced my concern regarding the window. He had me work on the system while he watched remotely to see if the incidence would occur again. I proceeded to go to Start, All Programs, My Toshiba, and Toshiba Registration. When I clicked on Toshiba Registration nothing would happen. After several attempts I pointed this out to the Microsoft rep. He then took over my system and after a couple minutes he informed me that he would need to put me on hold for 2-3 minutes. When he returned he informed me that there is in fact an issue with the Toshiba Registration and instructed me to contact Toshiba Technical Support.
I called Tech. Support and spoke with a woman who informed me that the only way to fix this problem is to perform a Factory Restore. I expressed my concern with this and why (as stated above). She then told me she could refer me to Norton or McAffee. I declined the referral and again expressed my concern about the restore and the call ended. Needless to say, I doubt Toshiba will be helping me much.
Anyway, I performed the restore with the recovery DVD's. My system started up fine. I first downloaded AVG then continued to locate the Toshiba Registration issue which is still present. Then I proceeded to download the 69 or so Windows Updates. Not all were installed, some had failed and I had to recheck for updates and reinstall the rest. All updates were eventually installed with no incidence along with the Windows 7 SP1.
When this was all finished I downloaded AdvancedSystem Care and IOBit360. I ran IOBit360 which detected and removed:
Trojan.Win32/BHO, Registry Key, HKEY_CLASSES_ROOT\kt_bho.KettleBho, 4-19974.
I have cleaned my system with the IOBit PC Tuneup, CCleaner, and defragged with Windows. My system is running ok but I do not feel secure using it for anything sensitive. I want to make sure that all viruses are removed and get rid of this Toshiba Registration issue once and for all. I hope this information is useful and not overkill. There may be some details that I have not remembered but please keep in mind that I have been struggling with this for about 4 weeks now. I have logs from the scans performed on the new hard drive on 3/8/11 and 3/9/11.
Please let me know if you need anything else and I will answer any questions quickly.\
Thank you so much for your help!!
Edited by hamluis, 13 March 2011 - 04:11 PM.
Moved from Win 7 to Am I Infected.