TechSpot

Messenger pop-up...???

By gotcrx
Jan 2, 2008
  1. I had a terrible malware infection so I erased my harddrive and just installed Windows xp again. (I used system suite 7 to erase the hard drive) Anyhow I keep getting this popup....

    Messenger Service

    Message from local system to user on 1/2/2009...
    Critical Error message! - Registry Damaged and Corrupted
    To fix this problem:
    Open internet explorer and type: www.registrycleanerxp.com
    Once you load the web page, close this message window

    After you install the cleaner program you will not receive any more reminders or pup ups like this.

    Visit registycleanerxp.com IMMEDIATELY!

    .......................................................

    I have a feeling that this is not an actual windows popup...anyone have any suggestions for me? I erased MSN messenger thinking that would fix this...but it hasnt....

    Any input would greatly be appreciated.
     
  2. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    I'm not familiar with system suite or how u did your reinstall/where the install source was from and what you've been doing on your computer since .. but, yes, your infected. There's a number of people on this board who will review a Hijack This log after you've run it. Help you get rid of the infections.
     
  3. Mekaonija

    Mekaonija TS Enthusiast Posts: 114

    Hello,

    I'm sure posting a highjackthis log could help us find a solution to your problem, please go here. This Is for Viruses/Spyware/Malware, preliminary removal instructions and if you scroll down to step #4 you can download HighJackThis, follow the steps #4 and #5 then run highjackthis and save a log, let it finish then do not do anything else, just close it afterward and post your log. Its usualy saved in the C:\Program Files\TrendMicro\HijackThis folder.

    You could also go and do all the steps in that topic if you want to see if it helps while you wait ;d
     
  4. gotcrx

    gotcrx TS Rookie Topic Starter

    Heres my hijck this log. Thanks a ton for the advise... I just dont understand how it can already be infected... i completely erased and have not added any of my old files back....
     
  5. Mekaonija

    Mekaonija TS Enthusiast Posts: 114

    Ehe, well I'm not really a pro at this stuff yet but the only thing I see that would cause pop ups is wpabaln.exe but thats from microsoft about registering windows XP buahaha.

    By any chance did you not rename highjackthis correctly?
    your log is showing that this is the name C:\Program Files\HijackThis\HijackThis.exe

    HijackThis.exe should be renamed to "Crusty.exe" because some malware can hide from HijackThis.exe.

    So make sure its installed like this ;D

    C:\Program Files\Trend Micro\HijackThis\Crusty.exe

    Not like this

    C:\Program Files\HijackThis\HijackThis.exe
     
  6. gotcrx

    gotcrx TS Rookie Topic Starter

    I did change the name...but after I ran a scan. So I ran another one...heres another log.

    Thanks!!!!
     
  7. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    i'm not a hijack this expert.. but just looking at the startup i'm leery of HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background.

    I'd install Mike Lin's Startup Control Panel (just google it), install then open in your control panel, then disable the run entry. though a hijack person may have a different answer...
     
  8. gotcrx

    gotcrx TS Rookie Topic Starter

    alright..ill do that.. any other suggestions out there?
     
  9. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

  10. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    And, in fact, just do the disable using the method in the MS link i gave you.

    Mike Lins Startup Control Panel is still worth installing/being familiar with as can be helpful.
     
  11. gotcrx

    gotcrx TS Rookie Topic Starter

    ok I disabled messenger service... anymore suggestions?
     
  12. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    Actually, i went and took a second look at the message you posted... it;s a pretty much 100% match to the spam problem in the bulletin.

    Almost certain that was your problem. Do you run a firewall? If not, you should start doing that as well.
     
  13. gotcrx

    gotcrx TS Rookie Topic Starter

    Well i restarted and the popup seems to be gone! I cant thank you enough. I really appreciate that people are willing to help on this web site!
     
  14. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    well, stay an active member.. and sometime in the future when you see a post where you think you can help.. jump right in!
     
  15. gotcrx

    gotcrx TS Rookie Topic Starter

    Ill do that...any suggestions on a good firewall to use and where to get it? I have Norton that I can install...but Ive been told its worthless....
     
  16. Mekaonija

    Mekaonija TS Enthusiast Posts: 114

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...