Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware On Computer"mrregistrycleaner.com


  • Please log in to reply
3 replies to this topic

#1 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:01:11 PM

Posted 17 February 2006 - 01:25 PM

Does any one know of this malware?

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Mom1\recent\aawsepersonal.lnk
obj[1]=MRU FileReference : C:\Documents and Settings\Mom1\recent\avg71free_375a703.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\Mom1\recent\Desktop.ini
obj[3]=MRU FileReference : C:\Documents and Settings\Mom1\recent\Downloads.lnk
obj[4]=MRU RegReference : S-1-5-21-1214440339-854245398-1343024091-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[5]=MRU RegReference : S-1-5-21-1214440339-854245398-1343024091-1000\software\microsoft\windows\currentversion\explorer\recentdocs\.exe
obj[6]=MRU RegReference : S-1-5-21-1214440339-854245398-1343024091-1000\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[7]=MRU FileReference : C:\Documents and Settings\Mom1\recent\stng260.lnk
obj[8]=MRU FileReference : C:\Documents and Settings\Mom1\recent\WGAPluginInstall.lnk
obj[10]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[11]=MRU RegReference : S-1-5-21-1214440339-854245398-1343024091-1000\software\microsoft\internet explorer\typedurls
obj[12]=MRU RegReference : S-1-5-21-1214440339-854245398-1343024091-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

ALEXA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[6]=RegValue : S-1-5-21-1214440339-854245398-1343024091-1000\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"


I am still receving popups "www.MrRegistryCleaner.com" and "www.RegistryCleanerXPS.com"

Edited by acklan, 17 February 2006 - 01:25 PM.

"2007 & 2008 Windows Shell/User Award"

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:02:11 PM

Posted 17 February 2006 - 01:30 PM

Maybe you should post a HJT log.
John
Whereof one cannot speak, thereof one should be silent.

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:11 PM

Posted 17 February 2006 - 01:46 PM

Hi acklan.

I don't see anything bad in there apart from one possible entry. It's this one:

obj[6]=RegValue : S-1-5-21-1214440339-854245398-1343024091-1000\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"


Here is some info on it: here.

If you have HijackThis on your system if you run it you will probably find these two entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWS\webrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWS\webrelated.htm


Can you let me know if they are there - if so they are safe to remove.
David

EDIT - didn't see the pop-ups bit. You might like to post a HijackThis log, though i sometimes get those kind of pop-ups when i access certain certains even though i am not infected (i hope :thumbsup:)

Edited by D-Trojanator, 17 February 2006 - 01:48 PM.


#4 acklan

acklan

    Bleepin' cat's meow

  • Topic Starter

  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:01:11 PM

Posted 17 February 2006 - 03:45 PM

It is Mom's computer. When I get back over there I post a HJT. I had her a linux box and I guess I just need to put it back over there and give up on Windows.
"2007 & 2008 Windows Shell/User Award"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users