Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware from download.com


  • Please log in to reply
3 replies to this topic

#1 Cynthia Moore

Cynthia Moore

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:54 AM

Posted 25 March 2015 - 01:06 AM

I tried to download a Taipei game from download.com. When I ran the install file, it put up several screens asking if I wanted other software like Reg Pro Cleaner and something like Desktop Manager. None of the screens had a cancel button and the X icon was greyed out. I got suspicious, so I tried to close it down. It wouldn't let me, so I forced it using Task Manager.

 

Then I opened the Add/Remove software applet. It showed that Reg Pro Cleaner was installed. I clicked the Remove butten, but that just restarted the program. It looked like it was trying to install more software, so I forced it again. I also noticed that the browser where I got the file was running something called trovi.com. And the install program kept restarting, so I forced a shutdown from the DOS box, rebooted in safe mode, and ran Malwarebytes. It ran for 2 hours and found something like 241 "non-malware" items. I saved the log and let it quarantine them all.

 

When it finished, I rebooted in safe mode, then opened the Add/Remove programs applet and found that Reg Pro Cleaner is still there.

 

On my other computer (where I am posting now), I searched for trovi.com and found that it is malware and that Malwearebytes should remove it. I checked the log and it says it was quarantined. The log also shows the that it qwuarantined Desktop%20Taipei.exe, which is the name of the install file mI downloaded, I think.

 

So now my questions are:

  • Have I done everything right so far?
  • Is there anything more I need to do?
  • What do I need to do to get rid of Reg Pro Cleaner? I am reluctant to run the Remove program from Add/Remove programs.

And finally, what can I do to punish download.com? But we can deal with that later.

 


Running Win 10 & Office 365.


BC AdBot (Login to Remove)

 


m

#2 Cynthia Moore

Cynthia Moore
  • Topic Starter

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:54 AM

Posted 25 March 2015 - 01:17 AM

I just ran a couple of searches on the C-drive.

 

 

I found 3 shortcuts for Reg Pro Cleaner. They all point to \Program Files\Reg Pro Cleaner, which contains several executables and other files and subfolders.

 

Should I delete the folder and the  shortcuts or run the uninstall? If I just delete the files, will there be junk in the registry?

 

 

I found a file named trovi.xml in \Firefox\Profiles.

 

Should I delete it?


Running Win 10 & Office 365.


#3 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:07:54 PM

Posted 25 March 2015 - 04:01 AM

You definitely don't want Reg Cleaner Pro, nor any other Registry cleaner for that matter.

 

Unfortunately, download.com is receiving quite a reputation for dodgy downloads - have a look here:

http://www.bleepingcomputer.com/forums/t/510527/cnet-and-malware/?hl=+downloadcom#&page=3

 

Pop along over here:

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

Read the guidelines and post for assistance there.  You could have other nasties on board that will take more than just malwarebytes to get rid of.  Worth getting a check-up at the very least.


Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#4 Cynthia Moore

Cynthia Moore
  • Topic Starter

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:54 AM

Posted 25 March 2015 - 07:40 AM

Is it safe for me to reboot in normal mode so I can do the downloads?

 

The guidelines call for me to download tools. I have the PC running in safe mode with no Internet access.

 

In particular, should I delete (or at least rename) the Reg Pro Cleaner folder and/or the trovi.xml file while i safe mode before rebooting in normal mode.

 

Honestly, it seems like you just referred me to the standard guidelines without even reading the details of my situation. I spend quite a lot of time gathering what I hoped would be as much information as I could. I would appreciate andwers to my specific questions before I go through standard disinfection routine.

 

Thanks


Edited by Cynthia Moore, 25 March 2015 - 07:55 AM.

Running Win 10 & Office 365.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users