Virus - downloaded Uniblue Registry Booster

[Sissy Sniffen]

I am running OS Win XP w/IE8. I recevied an email from WinZip (which I
recevied because i own a license) re: this Registry Booster 2009 program.
Thought I would try it--thought it was safe because it came from WinZip.
Downloaded free version and now have a virus that i can not find which seems
to live in every program I use. Spybot and AVG does not recognize it as a
virus. What the virus does is types in the doucment i have open or in the
search box if i am on the internet, opens a new menu, logs me off then back
on, etc. (it is actually a little scary -- like my computer has someone
living in side of it)

I created a back up of my registry BEFORE downloading the program. I
restored my computer 2x; 1st to this date then to another random one at least
a week ago and still no help.

Any ideas?

Thank you in advance for any information you can give me.

 

[David H. Lipman]

From: "Sissy Sniffen" <[email protected]>

| I am running OS Win XP w/IE8. I recevied an email from WinZip (which I
| recevied because i own a license) re: this Registry Booster 2009 program.
| Thought I would try it--thought it was safe because it came from WinZip.
| Downloaded free version and now have a virus that i can not find which seems
| to live in every program I use. Spybot and AVG does not recognize it as a
| virus. What the virus does is types in the doucment i have open or in the
| search box if i am on the internet, opens a new menu, logs me off then back
| on, etc. (it is actually a little scary -- like my computer has someone
| living in side of it)

| I created a back up of my registry BEFORE downloading the program. I
| restored my computer 2x; 1st to this date then to another random one at least
| a week ago and still no help.

| Any ideas?

| Thank you in advance for any information you can give me.



These Registry programs are snakeoil and it is not suggested that anyone use them and they
are not viruses but since some may be malicious they may be malware. All viruses are
malware but not all malware are viruses.

You said it; "...types in the doucment i have open or in the search box if i am on the
internet, opens a new menu, logs me off then back on, etc."

What exactly does it "type in the document" ?
What exactly does it place "in the search box" ?

Have you tried using Malwarebytes Anti-Malware ?
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

[Sissy Sniffen]

Thank you David for the prompt response.

When i am in any program that it can type, it does something like
"JOOOOM]2]2HOOOOO,],]" Once, when it was active (which doesn't seem to be
all the time), it changed my "ALT/TAB" to "CTRL/F". Weird stuff like that.

I am running "Malwarebytes' Anti-Malware" right now to see if that program
finds anything. Thought i did already, but want to be certain.

Is this fixable?

 

[Gerry]

Sissy

Have you tried the simple remedy of uninstalling Registry Booster 2009?

http://www.downloadatoz.com/registrybooster-download/uninstall-registry-booster.html

This type of programme is not good for your computer as David has said.


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Sissy Sniffen]

ABSOLUTELY! The first think i did was uninstall the program and then, like I
stated I restrored the computer to an earlier date to try to fix the
registry.

Any more "advanced" suggestions?

 

[Gerry]

Sissy

Was the restore point dated before installing Registry Booster 2009?

What errors, if any, are appearing in Event Viewer?

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

If you want to pursue Malware try malwarebytes.

Malwarebytes' Anti-Malware
1.32 -freeware (if you upgrade you pay).
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Run Malwarebytes' in safe mode and turn off your current anti-virus
before you do to avoid a conflict. Disregard the invitation on the web
site regarding the Registry Optimiser -a Registry Optimiser is not a
helpful utility.




--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[The Real Truth [MS MVP]]

Run my diagnostic tool called whatslivern. That file after a few seconds,
when complete, will generate a log file. That log file will be saved in the
same directory you ran the program from, using the email link at the bottom
of my page send me a copy of that log file. http://www.ms-mvp.org/


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

 

[Buffalo]

ABSOLUTELY! The first think i did was uninstall the program and
then, like I stated I restrored the computer to an earlier date to
try to fix the registry.

Any more "advanced" suggestions?

Another free program is SuperAntiSpyware (SAS). It detects malware and fixes
it and is often recommended by those in the spyware ng.
(MBAM) Malwarebytes Anti-Malware and SAS are the two most suggested free
anti-malware programs recommended.
Make sure you download the free version and not the trial version, install
it, update it and then run it.

Your problem might be a Registy problem, but the above programs could solve
the problem.
Delete the cookies you don't want to keep, your TIF (temporary internet
files) and empty your Recycle bin for best results.
Or, if there is something in the Recycle Bin you might want to keep, then
don't empty it.

Did you actually uninstall the suspected problem program, or did you just
delete it?
Buffalo

 

[Sissy Sniffen]

Yes, both restore points were done prior to the date of Installing the
Uniblue program.

I have Malywarebytes' Anti-Malware already, ran it and no problems were found.

Here is the first "warning" i found in the Event Log. Let me know what you
think. I will post more (if i find them) as i go along.

Event Type: Warning
Event Source: LoadPerf
Event Category: None
Event ID: 2006
Date: 4/19/2009
Time: 3:28:23 PM
User: N/A
Computer: XPSWORK
Description:
LastCounter and LastHelp values of performance registry is corrupted and
needs to be updated. The first and second DWORDs in Data Section are the
original values while the third and forth DWORDs in Data Section are the
updated new values.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 74 12 00 00 75 12 00 00 t...u...
0008: 7a 12 00 00 7b 12 00 00 z...{...

Thanks again.

 

[Sissy Sniffen]

Here is another "warning" in the event viewer under System:

Event Type: Warning
Event Source: Print
Event Category: None
Event ID: 20
Date: 4/19/2009
Time: 3:16:07 PM
User: NT AUTHORITY\SYSTEM
Computer: XPSWORK
Description:
Printer Driver Microsoft Office Document Image Writer Driver for Windows NT
x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll,
mdiui.dll.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

 

[Sissy Sniffen]

and another:

Event Type: Warning
Event Source: Dhcp
Event Category: None
Event ID: 1003
Date: 4/19/2009
Time: 7:10:26 AM
User: N/A
Computer: XPSWORK
Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00137221F1DF. The
following error occurred:
The operation was canceled by the user. . Your computer will continue to try
and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c7 04 00 00 Ç...

 

[Gerry]

Sissy

Ignore this post. The RealTruth is a notorious troll much like a Wild West
Medicine Man. He not an MS MVP. He's been challenged on this point many
times.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Sissy

I found this Article covering your Warning
http://technet.microsoft.com/en-us/library/dd315535.aspx


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Sissy

This link gives a number of explanations:
http://www.eventid.net/display.asp?eventid=20&eventno=42&source=Print&phase=1

Remember Event Viewer error reports are only worth following up if they
repeat before and after the computer is restarted.

What level of Security do you have in Internet Explorer? In Internet
Explorer select Tools, Internet Options, Security?

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Sissy Sniffen]

Gerry,

Level of security is "custom".

I forgot to mention that a new foler is created in MS Outlook called
"JYSW4DDDDDDDDDDDDDDDDFTR M9 KJF]DFRVCCDEDEJJJHUJGTFDM UETH"

Have you ever seen this before? I will look at the link you sent and did
ignore the post the RealTruth based on the way it was written. Thanks though.

 

[Sissy Sniffen]

Thanks Buffalo for the response.

Yes, I did uninstall the program from the control panel and did not just
delete it. i do have MBAM installed, have run it and nothing was found.

i believe the problem is in the registry, just don't know how to fix it.

 

[Buffalo]

Thanks Buffalo for the response.

Yes, I did uninstall the program from the control panel and did not
just delete it. i do have MBAM installed, have run it and nothing
was found.

i believe the problem is in the registry, just don't know how to fix
it.

I hope you get it figured out and post back the fix.
Best of Luck!!!
Buffalo

 

[Leonard Grey]

1. You too are a NON MVP.
2. If you knew how to solve the OP's problem - if you even had a clue -
you would have offered a solution.
3. Good luck with /your/ issues, including: theft of intellectual
property, pornography on your own web pages, and (unsuccessfully)
impersonating an MVP.

 

[The Real Truth [MS MVP]]

I am an MVP and I offered a solution but it was ignored. You don't know me
so why tell lies about me.
Leonard Grey is a troll who cannot fix your system. He is jealous of the
fact that I can. He can't prove what he says about me and my software
because it is not true. The guy is an idiot. If you tell him the sky is
purple he will believe it because he is too stupid to look up and see it for
himself.

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

 

[Sissy Sniffen]

Gerry,

Thanks, i found this warning as well, but can not execute what they are
telling me to do. I am not computer illiterate, but I can only do so much.

Looks like I might need to hire someone to come in and fix the problem.