PDA

View Full Version : Getting Flooded By Registry Ads



Lunactic Inferno
2006-09-05, 21:10
Ok, this is getting heavily excessive. Each time that I log onto the net now I get anywhere from 8-? popups in my windows saying that I have errors in my registry. I have no problems whatsoever with my registry at all, and all that they are trying to do is market their product with false information saying that your computer is infected. These popups show up every 1-2 minutes, 8-? at a time, all saying different things within them and all of them taking you to different sites. The sites are as follows that I have tracked.

helpfixpc.com
pcregistryfix.com
wincleaner32.com
regrinsepro.com
regscans.com
win32fix.com
regfixit.com
regfix2k.com
xpsysfix.com
fixregnow.net
patchupdate.info
tocleanpc.com
fixthereg.net
criticalregistryfix.com
cleanthepc.net
wfix32.com
fixwin32.com

There may be others I have not yet tracked or paid attention to.
Also, these are some of the ads/bots that the program is detecting that I do not know if anyone else is getting swamped with that are not in the imunization database or detection files:

Alexa related items
MyWebSearch
FunWeb
FunWebProducts
SpyFalcon
MyWay.MyWebSearch
Advertisement.com

I know there were more that were detected, but I forgot them now.

Thanks,
~Luna

tashi
2006-09-05, 21:44
Hello.

Someone should take a look at the system. :)

Please follow the instructions in this sticky topic:
"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the malware forum:
Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Once you have posted a helper will advise you as soon as available.

Cheers.

moldybagel23
2006-09-10, 06:23
I tested most of the sites listed. The ones I tested seemed legit, I even downloaded some of the programs, nothing unusual. Looks like you just got some other bug on your system that takes you to those sites. The sites themselves seem harmless.

tashi
2006-09-10, 18:44
I tested most of the sites listed. The ones I tested seemed legit, I even downloaded some of the programs, nothing unusual. Looks like you just got some other bug on your system that takes you to those sites. The sites themselves seem harmless.

Hi there.

If you went to SpyFalcon//etal sites and downloaded a program, you too should have someone take a look at your PC. :p:

By the description, Lunactic Inferno has a desktop HiJack, which is why I said; "Someone should take a look at the system"

FYI: Smitfraud:SpyAxe, SpywareFalcon, and other desktop type hijacks (http://forums.spybot.info/showthread.php?t=4015)

Buglip
2007-04-16, 05:51
Lunatic,
I have had this problem, too. It starts for me after I go to the Microsoft Update site. There, during the process of installing the necessary software to use the update functions, you are infected. By simply finishing the updates to the current ver. of XP, svc. pak 2, etc. you will stop getting the popups, but I'm not sure this addresses the issue of existant infection. After I finish updating I'm going to write Microsoft a very nasty letter about insuring their customers security while you're at their security updating site! Just finish your install, then find a good spyware scanner and thoroughly inspect your computer.
Good Luck,
Buglip

tashi
2007-04-16, 06:01
Lunatic,
I have had this problem, too. It starts for me after I go to the Microsoft Update site. There, during the process of installing the necessary software to use the update functions, you are infected.

Hello, how are you getting to Microsoft updates, typing in an url or?


Edit:

I posted quickly because you were on site at the time, however... ;)

The authentic Microsoft site does not download malware.

I recommend you post a log for analysis, which you would do by following the procedure in this link: "BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288)

Then starting your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Regards.

HomeConsultant
2007-05-30, 04:53
Is it coincidence in mid-2007 to be suffering from the same problem? My little pop-up monsters are malware messages with the following URLs contained within them: patchupdate.info helpfixpc.com & regfixit.com. Their messages are very scary (even for the savy the first few times!) in a commanding gray window.

The problem (I think infection is more appropriate) began after I had reinstalled XP Pro and was at "Windows Update" website adding updates. The messages began then.

I plan to reformat and start over in the near future but these darn things are so annoying. I would never thought that I’d pick something on a Microsoft site but I’d bet money that is where I got it.

I got to this forum on a Yahoo search for the above URL names. I do use Spybot, but not yet against this critter. Wonder if it would help?

At any rate Luna, if you see this – know you are not alone! And, what did you eventually do? Did getting all the updates resolve the problem? MS can’t be doing this to everyone or I’d have heard about it from my clients. Perhaps we are the chosen few.

I find it all very strange.

HomeConsultant
2007-05-30, 05:02
This link:

http://www.viruspool.net/blacklist.cms

identifies the above URLs as malware. The page does not say how this problem is transmitted to the host PC but I found the following quote intresting:

"Make sure to read Disabling Messenger Service in Windows XP from the Microsoft website if you run XP and get popup messages"

Cheers

tashi
2007-05-30, 07:45
Hi there.


The page does not say how this problem is transmitted to the host PC but I found the following quote intresting:

"Make sure to read Disabling Messenger Service in Windows XP from the Microsoft website if you run XP and get popup messages"


That warning is because:

If advertisements are opening on your computer in a window titled Messenger Service, it may indicate that your system is not secure. You should enable the Internet Connection Firewall and disable the Messenger Service in Windows XP to help protect your computer from unwanted spam and other potential threats. Disabling Messenger Service in Windows XP.
http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

http://www.grc.com/stm/shootthemessenger.htm

After you reformatted, did you install a firewall and anti virus program before doing anything else. It can take a very short time to get infected.

As far as I know, there's no evidence to suspect that Windows Update can or has been, compromised. Only theories, which is a whole another story in itself.

Cheers.