help ! message from registry

[Guest]

I keep getting a message from registry to cleaner. STOP registry reccomends
to fix error download..install..run..reboot When i download
(www.regisrtycleanerxp.com)
it will not let me run program. it says it is not a windows

 

[David H. Lipman]

From: "miss sylvi" <[email protected]>

| I keep getting a message from registry to cleaner. STOP registry reccomends
| to fix error download..install..run..reboot When i download
| (www.regisrtycleanerxp.com)
| it will not let me run program. it says it is not a windows
| --
| thankyou sylvi

It is a con job.

Does the Pop-Ip have the words "Messenger Service" in the border ?

 

[mareta]

I keep getting a message from registry to cleaner. STOP registry reccomends
to fix error download..install..run..reboot When i download
(www.regisrtycleanerxp.com)
it will not let me run program. it says it is not a windows

Don't download junk that is pushed on you. Its a scam.

By downloading and running that program, your system has been compromised.

That program (yes, it did actually run) probably infected you with trojans,
drive-by installers, trackers, and who knows what else.

Coming clean is going to take time. Start off by googling and downloading
"Lavasoft Adaware", "Hijackthis". Also download "Sysinternals Process
Explorer" and learn how to use it to scrutinize all running processes.
These are all legit programs.

Once you are clean again, download and install Firefox -- along with an
antivirus program. Avast! is good and free.

Good luck...

 

[Guest]

yes in blue. the message is in a grey box. i went to the site, tried to fix
errors and was asked for credit card details to pay first. (CRITICAL ERROR
MESSAGE REGISTRY DAMAGED AND CORRUPTED visit www... IMMEDIATLY! ) This
message pops up every few seconds now

 

[mareta]

This message pops up every few seconds now

That means something 'bad' has been installed, I hate to tell you.

See my other reply.

 

[David H. Lipman]

From: "mareta" <[email protected]>

|
| ||
| That means something 'bad' has been installed, I hate to tell you.
|
| See my other reply.
|

No. Messenger Service was noted and thus this is a NetBIOS Pop-Up and is NOT indicative of
malware installed on thye PC. This is a kind of spam scam via a NetBIOS message.

 

[David H. Lipman]

From: "miss sylvi" <[email protected]>

| yes in blue. the message is in a grey box. i went to the site, tried to fix
| errors and was asked for credit card details to pay first. (CRITICAL ERROR
| MESSAGE REGISTRY DAMAGED AND CORRUPTED visit www... IMMEDIATLY! ) This
| message pops up every few seconds now

It is a con job !

To disable the Windows Messenger Service, you can open a Command Prompt and type the
following commands...

sc stop Messenger
sc config Messenger start= disabled

A Router such as the Linksys BEFSR41 will also block this at the WAN/LAN interface and such
messages won't be seen on a LAN PC.

This also means you have NOT installed WinXP Service Pack 2 yet.

Service Pack 2 does two important things...
1. Enable and improved WinXP FireWall
2. Disable the NT Messenger Service.


If you are still worried that you PC is infected, please use the following Multi AV Scanning
Tool....

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

* * * Please report back your results * * *

 

[Guest]

thank you for taking the time to reply, you have all been very helpfull. I
just got internet acces today (broadband) and was told to install NTL
Netgaurd & broadband medic from my broadband supplier to protect my computer.
I have 2
different icons showing ( registeryclean) from 2 different sites now. how do
i delete them ? will this message keep poping up while i try to get this
sorted ?

 

[mareta]

No. Messenger Service was noted and thus this is a NetBIOS Pop-Up and is
NOT indicative of
malware installed on thye PC. This is a kind of spam scam via a NetBIOS
message.

She said she "tried to install" something.

Are you really optimistic enough to think nothing was installed to phone
home and tell the mothership to keep sending that NetBIOS message?
(Or her new IP, if it's dynamic and changes?)

No need to sugar coat; her system, security, and privacy has been
compromised. Only careful strutiny of running processes, files, net
traffic, etc can restore a clean bill of health.

 

[David H. Lipman]

From: "mareta" <[email protected]>

|
| She said she "tried to install" something.
|
| Are you really optimistic enough to think nothing was installed to phone
| home and tell the mothership to keep sending that NetBIOS message?
| (Or her new IP, if it's dynamic and changes?)
|
| No need to sugar coat; her system, security, and privacy has been
| compromised. Only careful strutiny of running processes, files, net
| traffic, etc can restore a clean bill of health.
|

Well after her last post where it was stated "I have 2 different icons showing (
registeryclean) from 2 different sites now" it looks like the OP has fallen for this Con Job
and has indeed installed malware !

 

[David H. Lipman]

From: "miss sylvi" <[email protected]>

| thank you for taking the time to reply, you have all been very helpfull. I
| just got internet acces today (broadband) and was told to install NTL
| Netgaurd & broadband medic from my broadband supplier to protect my computer.
| I have 2
| different icons showing ( registeryclean) from 2 different sites now. how do
| i delete them ? will this message keep poping up while i try to get this
| sorted ?

Read my other reply !



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[mareta]

thank you for taking the time to reply, you have all been very helpfull. I
just got internet acces today (broadband) and was told to install NTL
Netgaurd & broadband medic from my broadband supplier to protect my
computer.
I have 2
different icons showing ( registeryclean) from 2 different sites now. how
do
i delete them ? will this message keep poping up while i try to get this
sorted ?

Welcome to broadband. If you haven't had broadband before, you are going to
wonder how you lived without it!

Now that you have a broadband, security is more important than ever. There
is a lot of nastiness out there and with a fat pipe it can come in during
the blink of an eye. The entry point for much of it is through social
engineering (deceit), as you just unfortunetly found it.

Follow David H. Lipman's advice. He has taken the time to point you in the
direction of excellent resources.

Ultimately, just remember that security falls upon the user. No program
can keep you completetly invulnerable.

However, by reading and using the resources that David took the time to list
for you, you will quickly build up your knowledge.

All the best.

 

[Guest]

David and Mareta thank you for the advice. I have a copy of your instructions
and will try to put this right in the morning. I've had enough for one day.
will let you know how it went. Goodnight !
--
thankyou sylvi

From: "miss sylvi" <[email protected]>

| thank you for taking the time to reply, you have all been very helpfull. I
| just got internet acces today (broadband) and was told to install NTL
| Netgaurd & broadband medic from my broadband supplier to protect my computer.
| I have 2
| different icons showing ( registeryclean) from 2 different sites now. how do
| i delete them ? will this message keep poping up while i try to get this
| sorted ?

Read my other reply !



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[Guest]

Yes I will take that advice. It is a lot to get through and I am greatfull to
both of you
for being so helpfull.