registrycleanerxp.com

Hi,a friend of mine is being bombarded with pop up alerts,saying he has critical system errors,and his registry is corrupt.To fix the problem,simply visit the above web site and hand over some money.I’ve scanned with everything ( in safe mode ) still they come.One explanation I read late last night,was,this is a form of spam,which is exploiting messenger services ( nothing to do with IM) It said to press RUN type SERVICES.MSC double click on messenger and in startup type choose disable.http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspxIf this is the case,how is it possible to be getting these pop ups offline.I’m not 100% sure,but I thought he was still getting them after I unplugged him from the internet.Any advice would be much advised.Hopefully I might get to see him again over the weekend,to have another look.I cannot even find messenger on one of my computers, yet I can, on another.Cheers


It would help to know what the OS of the computer is but I will assume it is XP and if not, the second suggestion should help. You have already tried the first one so you can skip it.

You have 3 choices to end the problem.

  1. You can disable and stop Messenger Service by typing “services msc.” (without the(""s) into your Run Box and disabling and stopping Messenger Service.

OR

  1. You can use the free utility called Shoot The Messenger to automatically disable this unnecessary service.
    http://www.grc.com/stm/shootthemessenger

Please note that Windows Messenger Service is not the same as any Instant Messenger program that you may have on your computer. Disabling it will not cause you to lose any IM functionality that you may have.

OR (Best Solution)

  1. Update or upgrade your operating system to at least Windows XP Service Pack 2 (SP2)

I hope this helps.


Sounds more like a scam Trojan, maybe Vundo.

If the usual anti-spyware programs haven’t picked it up, try some specialist tools.

AVG Anti-Spyware Free (Requires Win2k/XP)
Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free

http://siri.geekstogo.com/SmitfraudFix.php

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks for the advice and links guys.I haven’t tried disabling messenger yet,I will try that first,if I get chance.I did try Superantispyware,it found tons of adware,so I thought it was gone.( turned of system restore)Will try again later,if I get an invite.Cheers

Hi,a friend of mine is being bombarded with pop up alerts,saying he has critical system errors,and his registry is corrupt.To fix the problem,simply visit the above web site and hand over some money.

Does sound more like scamware/scumware like Frank mentions another tool if it is still around is RogueRemover, available here http://www.malwarebytes.org/rogueremover.php

Maybe these both programs are the same…

Just to let you know,I finally got round to visting my friend.I disabled the messenger service ( the pop ups,had messenger service,at the top ) and the pop ups have ceased.He has SP1, which is why the M.S isn’t automatically disabled.Thanks for your advice.

Well… this is cure the symptom but not the disease itself…
Did you run a full scanning with avast? Did you use other on-line scanners?

I did a few scans,I do not think there is anything malicious on board.Its just a hole in SP1 thats being exploited.Updating to SP2 automatically disables the messenger service.

I’ve forgotten this. Thanks for explaining.

I’m experiencing the same problems, I’ve tried blocking this site but it still keeps popping up all the time. I’m a comlete idiot so please can you explain in very simple terms what I have to do to stop it. I use XP and Internet Explorer and utlook Express. Please help, it’s driving me nuts!!! Julia.

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure. I’ll try to make is in steps… ask for further help if you need.

  1. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. For system files choose ‘Ignore’ and for other infected files choose ‘Send to Chest’.
    Other option is scanning in SafeMode (repeatedly press F8 while booting).

  2. It will be good if you download, install, update and run SUPERantispyware or Spyware Terminator.
    If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

  3. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

If this is the same problem,the pop ups have messenger service at the top.If they don’t you have a completely different problem.If they do have messenger service on them,then do the following.
1 press start
2 click on run
3 type “services.msc” ( without the " "s ) then OK
4 Double click on messenger
5 In start up type choose Disabled
6 Click STOP then OK

Or see the link I posted in the first post of this thread


Welcome to the forums, Julia. :slight_smile:

Have you followed the steps given by Micky77 above?

If so, have these steps fixed your problem?

If not, please post again so we can try to find a solution.


Yes - followed Micky’s easy instructions about lunch-time to-day and so far no more registry pop-ups. Yipeeeeeeeeeeeeeeeee. I had already done a full scan yesterday which showed no viruses etc. Thank you all for your help and advice. One more question - will whatever I did affect anything else on my connections with other websites? Julia

It doesn’t ‘affect’… you’re get a clean computer and it should work…


A little information about Windows Messanger Service:

This was intended for use on corporate or other networks where an IT or other person would need to “communicate” with several computers at the same time. So, Windows Messanger Service was/is active by default on any Windows OS before XP SP2. Unfortunately, many years ago malcreates learned how to use this service to send spam and other crap to personal computers that are not on such networks.

Julia, you really should upgrade to SP2 since you are using XP as there are also other security issues that SP2 addresses.


Thank you all for your replies & help, will probably upgrade to SP2 as you suggest. Can I just say it’s a great comfort for a nincompoop like me to have such trustworthy help online, I wish I’d found you all a couple of years ago. But, better late than never, and I will certainly sung your praises to everyone I know. A specially nice thank you 'cos to-day is my birthday and without the awful registrycleaner pop-up it’s been a luverly day. :wink: Thank you all again - Julia xxx


Glad we could help you, Julia. :slight_smile:

Hope you had a Happy Birthday! :smiley:

Please come back often, learn more, and maybe help others. :slight_smile:


Will do - I’ve already told other people about this lovely website :smiley: Julia