Fixthereg.com... and my hijackthis logfile

Discussion in 'Malware Help (A Specialist Will Reply)' started by Isabela, Oct 16, 2005.

  1. Isabela

    Isabela Private E-2

    Hi Guys,

    I am getting a pop up telling me that my registry is corrupted and to go immediately to fixthereg.com for a scan.

    Sistema mensageiro
    STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION
    Windows has found CRITICAL SYSTEM ERRORS
    To fix the errors please do the following
    1. Download Registry Repair from: http://www.pcregistryhelp.com
    2. Install Registry Repair
    3. Run Registry Repair
    4. Reboot your computer
    FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION"""

    there are various other messages that come up but each have a different website such as FixRegNow.com and FixTheReg.com.

    I was told to download hijackthis and this is my logfile:

    Edit by chaslang: Cleaning steps not run! Inline log removed.

    What should I do? Thanks so much...

    Isabela
     
    Last edited by a moderator: Oct 16, 2005
    Isabela, Oct 16, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No one here requested that you post a HJT this log. This is your first (and you posted a second message) so what are you referring to. In additon you must run the cleaning procedures in are sticky thread and HJT logs must not be posted until this has been done. Then HJT logs must be attachments to your messages. They must not be posted inline.

    DO NOT click on the links in the popups or download any tools from them.

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis

    .
     
    chaslang, Oct 16, 2005
    #2
  3. Isabela

    Isabela Private E-2

    Sorry for posting the wrong threads, I didn't realize I was doing it all wrong...

    Ok... I did all the steps in the READ AND RUN ME FIRST, in normal mode and safe mode; some of the programs found and deletd some files (alexa, kazza related, etc); The bit defender found several suspected files and deleted them, but found one virus which it was not able to delete ( I have the report but didn't know if you need me to send it). This virus was later identified when I ran the Panda active scan as:

    Virus:W32/Godog Renamed C:\CONGWIN\CongZip.exe

    I don't know if I'm supposed to run hijackthis next; I believe now I must concentrate on removing this virus (I'm not sure how to do it, I found several webpages related to it but decided to wait for your opinion...).

    Thank you very much for your help,

    Isabela
     
    Isabela, Oct 21, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    My previous message said:

    .
     
    chaslang, Oct 21, 2005
    #4
  5. Isabela

    Isabela Private E-2

    Hello... here is my hijackthis log file... What to do next? Thanks, Isabela
     

    Attached Files:

    Isabela, Oct 22, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your OS and IE versions are way out of date and represents a major security risk to you. After we fix any current problems, you must get updated. We will discuss this later.

    Do you know what these next two programs are for:
    O4 - HKLM\..\Run: [cploader.exe] C:\WINDOWS\System32\cploader.exe
    O4 - HKLM\..\Run: [revisorsystray.exe] C:\WINDOWS\System32\revisorsystray.exe

    I see no malware issues in your log. But I do question what the above are for.

    However, I would recommend you run the below to disable or uninstall Windows Messenger which may be the cause of this popup message you were getting:


    Disable/Remove Windows Messenger


    Are you still seeing the popup?

    The next step will be to get your PC better protected as covered in the below:

    How to Protect yourself from malware!
     
    Last edited: Oct 22, 2005
    chaslang, Oct 22, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds