Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Rigistry Cleaner Spyware? 2

Status
Not open for further replies.
JohnVogel

JohnVogel

Programmer
Apr 19, 1999
117
0
0
US
I couple of weeks ago I started getting a little shield down at the bottom (by the clock) that says "Your Computer is Infected!". When I click on this, it brings up a box that says "Would you like to update your security software and download Registry Cleaner?"

I don't want the "Registry Cleaner" program but don't see any way of making this message go away, I've checked my startup programs (using MSCONFIG) and could not find anything.

After researching this on the internet, I found several cases of this, but yet no answer to the problem. It doesn't seem to be causing any problems other then having an icon I don't want and a "pop" sounds every few minutes.

If anyone has any information on this problem PLEASE help! Thanks :)


-+{John Vogel}+-


 
Sort by date Sort by votes
JohnVogel,

You have a form of malware or adware. Download and run Adaware, Spybot S&D, & Ccleaner (google each). I also like Spyware Blaster, all free programs.

Remember to download latest definition updates before scanning. You usually can safely delete anything they find. If that doesn't work the targeted removal tool is here:


But if you have one dash of spyware you probably have many many more. Firefox is less prone to infection and highly recommended. Best of luck!

Tony
 
Upvote 0 Downvote
Download hijack this from the link below.Please do this. Click here:


to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.


Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
After Running HiJackThis, I found the following suspicious entries:

Running processes:
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\ctpmon.exe
(Two Instances?)

and found this:

O4 - HKCU\..\Run: [ctpmon] ctpmon.exe

I am thinking this may be the spyware. I have run Spybot S&D, Adaware and SpyBlaster, but they didn't remove this... I am going to go ahead and take out the ctpmon.exe entry, and see if it goes away... thanks for reminding me of HiJackthis... been out of touch with computers for too long lol

-+{John Vogel}+-


 
Upvote 0 Downvote
Thank you for pointing me in the right direction, the problem was with ctpmon.exe, which actually doesn't exist on the system, per se. It appears to be loaded from a prefetch file (CTPMON.EXE-2BFDCA17.pf) in the "C:/Windows/Prefetch" folder. I unchecked the entry using msconfig (i know I could have done in from HiJackThis, but I just feel safer in msconfig)... it appears to have gone away. I wonder if the reason the spysweepers couldn't catch it was because of the way it was calling it from the prefetch somehow?

Anyway, problem seems to have been fixed (at least for the moment) but I think I will do more research on this ctpmon.exe and the above mentioned prefetch file, just to see what it was (or is) I am dealing with.

Lotsa Love :)
John

-+{John Vogel}+-


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
66
2ffat
2ffat
jlockley
  • Locked
  • Helpful tip
The Crawler/Spyware terminator issue
Replies
5
Views
56
jlockley
jlockley
mKeller10
  • Locked
  • Question
Very Nasty Virus/Spyware 3
Replies
6
Views
82
IPGuru
IPGuru
mot98
  • Locked
  • Question
Virus/Spyware
Replies
8
Views
69
TerryTurn
TerryTurn
ahti90
  • Locked
  • Question
Spyware? 1
Replies
9
Views
93
BadBigBen
BadBigBen

Part and Inventory Search

Sponsor

Back
Top