Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 Regester Cleaner Pop Ups?


  • This topic is locked This topic is locked
9 replies to this topic

#1 jazco

jazco

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 05 January 2007 - 06:53 PM

HI,
I love your board, I can not think of anywhere elese to get help,
I keep getting POP UPS for regestry cleaners, like win32 and so on,
no one seem to know how to get rid of them, any advice????
Greatly appreciated....

Also, is anyone familier with "shoot the messenger"?
someone told me that may help, but it seems to take a very long time
to download and I give up.....

Thanks....(a lot!)
Jazco....

BC AdBot (Login to Remove)

 


#2 TheTerrorist_75

TheTerrorist_75

  • Members
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fulton, NY > Snow country.
  • Local time:12:26 AM

Posted 05 January 2007 - 07:01 PM

Go to Start > Run and type services.msc into the box and press the <Enter> key. In the Services list scroll down to Messenger and double click on it. Next to Startup type select disabled in the drop down box then click the Stop button. Click Apply > OK and close out of Services.
I am a transplant survivor.

Get Your Donor Card

#3 peteyg67

peteyg67

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Location:Ireland
  • Local time:11:26 PM

Posted 05 January 2007 - 07:06 PM

I would reckomend posting a log on the hi jack this forum and lets the experst find outt wat u r infected with
Heres how to get high jack this http://www.bleepingcomputer.com/forums/t/25912/unzip-hijackthismake-a-shortcut/ here is how to post a highjackthis log http://www.bleepingcomputer.com/tutorials/how-to-post-a-hijackthis-log/ and heres the link to the forum http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ They should be able to help u

Regards Peter
:thumbsup:

Edited by peteyg67, 05 January 2007 - 07:08 PM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,903 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:26 AM

Posted 06 January 2007 - 01:40 AM

Welcome to BC :thumbsup:

To flesh out what peteyg67 has said: I suggest you follow the directions in this guide. Then create an HJT log, you will find the directions in the guide. Also read through the link peteyg67 provided about getting HJT.

Create a new topic in this forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log.

After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 jazco

jazco
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 06 January 2007 - 08:25 AM

Thank you all, I did disable Messenger and I am still getting the messages, they are mostly from something called "WINFIX32" does anyone else have any suggestions, I am going to go to HJT forum, but I will also show you my HJT log here, as you can see, I don't have much in the log that is helpful, but maybe someone can recognize something that would be helpful, this has been going on for quite sometime, and I had a professional here and he could not find the problem source....
Thanks....
JLogfile of HijackThis v1.99.1
Scan saved at 20:20, on 07-01-05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by134fd.bay134.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

Any suggestions would be greatly appreciated, I am also looking for someone that may have had this problem?
Thanks....

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,903 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:26 AM

Posted 06 January 2007 - 08:13 PM

jazco's HJT thread is here: http://www.bleepingcomputer.com/forums/t/77155/win32/

jazco: Please tell Sam about this thread so he can get the full context including the fact that you disabled the messenger service :flowers: .

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 TheTerrorist_75

TheTerrorist_75

  • Members
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fulton, NY &gt; Snow country.
  • Local time:12:26 AM

Posted 06 January 2007 - 08:24 PM

This problem involves a worm. The HJT team will have to help you with this.
I am a transplant survivor.

Get Your Donor Card

#8 peteyg67

peteyg67

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Location:Ireland
  • Local time:11:26 PM

Posted 07 January 2007 - 07:31 AM

Well thats why i reccomended him to them

#9 jazco

jazco
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 07 January 2007 - 12:57 PM

Thank you to all that has replied,
I have done everything suggested on both boards
and so far the "messages" have stopped....(wheres the "fingers crossed" smiley, lol...)
anyway, you can mark this thread as "closed" (I don't think I can) and I thank you
all again.....
J

#10 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,828 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:09:26 PM

Posted 07 January 2007 - 01:57 PM

Closing this thread to avoid confusion since the original poster requested, and is/was working with someone in the HJT Forum.

Animal, Forum Moderator

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users