Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


How To Remove Trust Cleaner (removal Instructions)

  • Please log in to reply
1 reply to this topic

#1 Grinler


    Lawrence Abrams

  • Admin
  • 43,431 posts
  • Gender:Male
  • Location:USA
  • Local time:06:43 PM

Posted 04 June 2006 - 09:01 AM

How to remove Trust Cleaner (Removal Instructions)

Skip the introduction and take me to the fix! A more detailed analysis of this malware can be found at the Security blog. What this program does: Trust Cleaner is a rogue anti-spyware application that uses fake alerts to goad you into purchasing the full commercial version. When infected and you start Windows the Trust Cleaner program will start and scan your computer checking for Spyware and other malware. Some of the items it states it finds is true, others are not. The interesting thing is that it finds its own files and states they are spyware as shown in the image below (Trustin popups and TrustInBar)

Trust Cleaner Program
This infection will show show fake alerts stating that you are possibly infected with spyware as shown in the images below. These alerts are fake and are only used as a goad to coerce you into purchasing the full commercial version of Trust Cleaned. Needless to say, you should not purchase it.

Fake Desktop Popup

Fake Taskbar Alert
Last but not least, this infection will also do the following:
  • Block your access to any msn.com web page.

  • Change your home page to one that strikingly resembles Google but is in fact the site hxxp://www.mswindowssearch.com,.

  • Show popups with ads when you visit certain sites such as Google, Yahoo, and CNN among others.

  • Not allow you to restart your computer till you kill the trustinpopups.exe process.
  • Install a toolbar into your Internet Explorer web browser.
Tools Needed for this fix:
  • FixTC.reg (Only if you are doing the manual fix)
Symptoms in a HijackThis Log:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\local.html
O2 - BHO: tisa.MyBHO - {6BBD6756-F9BA-4A7E-8C94-A801F740A608} - C:\WINDOWS\system32\tisa.dll
O2 - BHO: TrustIn Bar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\Program Files\trustin bar\trustin.dll
O2 - BHO: ticont.MyBHO - {F365382D-CF21-45BA-80CF-B868C6ED9634} - C:\WINDOWS\system32\ticont.dll
O2 - BHO: SpoofBHO Class - {07A78AEA-4A54-4967-9A60-4B68592D30C7} - C:\WINDOWS\se_spoof.dll O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\inetloader.dll O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - C:\Program Files\TrustIn Contextual\trustincontext.dll O3 - Toolbar: TrustIn Bar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\Program Files\trustin bar\trustin.dll
O4 - HKCU\..\Run: [TrustIn Popups] "C:\Program Files\TrustIn Popups\TrustInPopups.exe"
O4 - HKCU\..\Run: [Trust Cleaner] "C:\Program Files\Trust Cleaner\Trust Cleaner.exe"

  1. Print out these instructions as we will need to close every window that is open later in the fix.

  2. Download FixTC.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.

    FixTC.reg Download Link

    Confirm that the file FixTC.reg now resides on your desktop as we will need it later.

  3. Click on the Start Menu

  4. Click on the Control Panel option.

  5. Double-click on the Add or Remove Programs icon.

  6. Find the following entries and double-click on each of them. Follow the prompts to uninstall the programs, but do not allow it to reboot the computer if it asks. If after you uninstall a particular entry below it still remains, double-click on the entry again to remove it.

    Trust Cleaner
    TrustIn Bar
    TrustIn Contextual Ads
    Trustin Popups
    TrustIn Search Assistant
    Trust Cleaner Promo

  7. When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.

  8. Next, please reboot your computer into Safe Mode by doing the following:

    1. Restart your computer

    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

    3. Instead of Windows loading as normal, a menu should appear

    4. Select the first option, to run Windows in Safe Mode.

    5. When you are at the logon prompt, log in as the user account you were logged on as when you extracted the SmitRem files.

  9. When your computer has started in safe mode and you see the desktop.

  10. Go to your desktop and double click on the FixTC.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.

  11. Delete the following files and folders (Do not be concerned if a folder or file does not exist):

    C:\Program Files\TrustIn Popups
    C:\Program Files\TrustIn Bar
    C:\Program Files\TrustIn Contextual
    C:\Program Files\TrustIn Popups
    C:\Program Files\TrustIn Search
    C:\WINDOWS\SYSTEM32\ttu.exe C:\WINDOWS\se_spoof.dll C:\WINDOWS\inetloader.dll C:\Windows\mxd.exe C:\Windows\tse.exe C:\Windows\trustinbar.exe C:\Windows\ads.js C:\WINDOWS\videoslots.ico
    Delete these icons from your Desktop: Online Shopping.url Remove Adware.url Sex Personals.url Video Slots.url
  12. Close all open Windows.

  13. Reboot your computer back to normal mode.

  14. Download the ATF-Cleaner to your desktop from the following link:


    When it is download to your desktop, double-click on the program to run it. Select the box labeled Select All and then press the Empty Select button. When it is done you can close the program.

  15. Perform an onlinescan with Panda: Panda Online

    1. Once you are on the Panda site click the Scan your PC button

    2. A new window will open...click the Check Now button

    3. Enter your Country

    4. Enter your State/Province

    5. Enter your e-mail address and click send

    6. Select either Home User or Company

    7. Click the big Scan Now button

    8. If it wants to install an ActiveX component allow it

    9. It will start downloading the files it requires for the scan (Note: It may take a few minutes)

    10. When download is complete, click on Local Disks to start the scan
Your computer should now be free of the Trust Cleaner infection. If you are still having problems with spyware after completing these instructions, then please follow the steps outlined in the topic linked below:
Preparation Guide For Use Before Posting A Hijackthis Log

This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.

BC AdBot (Login to Remove)



#2 Grinler


    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,431 posts
  • Gender:Male
  • Location:USA
  • Local time:06:43 PM

Posted 07 July 2006 - 11:03 PM

Updated to add these extra files:

%Desktop%\Online Shopping.url
%Desktop%\Remove Adware.url
%Desktop%\Sex Personals.url
%Desktop%\Video Slots.url

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users