login123 Posted June 17, 2015 Share Posted June 17, 2015 Anybody recognize this popup? It appears at startup on a win 7 64 bit laptop. No telling what the owner has installed on it in the past, but the computer is apparently malware free now. Avast & MBAM find nothing. ADWcleaner, Junkware Removal Tool, and ZHP Cleaner found & deleted some PUPS. It looks very McAfee-ish, so I manually deleted all references to McAfee from the registry. But it still pops up. Edit: If you "Click to Renew" nothing happens. I have googled, ixquicked, and duckducked, for both info and images. No luck. It is not malware, so you could offer advice without getting in trouble (I think). Thanks for any suggestions. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted June 17, 2015 Moderators Share Posted June 17, 2015 Open CCleaner--tools--startup, look in scheduled tasks and see if anything jumps out at you. Also try Control Panel, Admin tools and look in Task Scheduler. Also open control panel --notification area and see if it gives anymore info there for it. When you know what it is (was) then just use Ccleaner tray notification cache tickbox to clean it, reboot and you should be done. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Guest MrK Posted June 17, 2015 Share Posted June 17, 2015 If the above doesn't work please let us know. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 17, 2015 Moderators Share Posted June 17, 2015 (edited) If CCleaner doesn't find it, here's all the "run" places I know of in the registry: Run: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run RunOnce: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce RunServices: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Although depending upon what it is it could be started from elsewhere such as system files that start with the system, i.e.; *.NT, *.INI If it's actually antivirus related I've seen some of them modify for whatever reason: autoexec.NT, boot.ini, system.ini, win.ini Edited June 17, 2015 by Andavari typo Link to comment Share on other sites More sharing options...
login123 Posted June 18, 2015 Author Share Posted June 18, 2015 All good ideas. I'll be back at the computer soon and try them. It belongs to a family member, and I know it had McAfee on it for a while. I'll post back whatever happens. Thanks very much. I forgot to say, CCleaner found a few leftover items and deleted them. Ran it twice, after everything else, to errr, well, clean up. I just didn't think about checking the startup list or the task items. Duhh. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators mta Posted June 18, 2015 Moderators Share Posted June 18, 2015 found this from 3yrs ago; http://www.bleepingcomputer.com/forums/t/455070/pc-power-speed-system-optimizer-infection/?p=2717234 seemed to be resolved by the OP following the malware removal advice. Backup now & backup often.It's your digital life - protect it with a backup.Three things are certain; Birth, Death and loss of data. You control the last. Link to comment Share on other sites More sharing options...
login123 Posted June 18, 2015 Author Share Posted June 18, 2015 @ mta: Oh dear. That seems right on target, especially looking at post #17 even though my problem is on win 7. If it is that complicated I probably will just go over to Bleeping and let them guide me thru it. I'll be back at the computer today, will try everything starting with the easiest stuff and report back. Thank you again. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted June 19, 2015 Share Posted June 19, 2015 If you're suspicious it's a file (and not a task or registry) and have some clue as to the name, Search Everything: http://www.voidtools.com/ indexes all the files on a computer and will sort through them in real time winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
login123 Posted June 19, 2015 Author Share Posted June 19, 2015 OK. Thanks, winapp. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
login123 Posted June 23, 2015 Author Share Posted June 23, 2015 No luck yet. Ran ADW, JRT, ZHP, HitmanPro, MBAM, Avast scan & Avast boot scan. All found bits & pieces but eventually came clean. Manually removed old Norton & Symantec entries. I fear this is more invasive than I thought, and will eventually get into genuine malware removal, so will not pursue it here. I suppose I'll go over to Bleeping and ask them to have a look, or just do a reinstall. Thanks to all for the help and suggestions, it's very nice to have friends who will help. All your suggestions helped, made the computer a bit faster, but the popup still pops. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
eL_PuSHeR Posted June 23, 2015 Share Posted June 23, 2015 Try doing the manual route. Boot with any external liveCD and check the file structure yourself for suspicious executables. Check the Documents and settings folder contents (users folder if you are running Vista and onwards). You could even try running an AV check from there. Some AV companies provide you with a "rescue" bootcd which enables you running their av from a livecd (commonly any Linux flavour). EDIT. Just to be safe, run a FULL SCAN (scan all files). it will take a lot of time more though. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted June 23, 2015 Moderators Share Posted June 23, 2015 I'm starting to get uncomfortable with the direction of this thread, it's verging on Malware advice. If you are unsure the source of the pop-up you really need to seek out professionals via the forum's rule #10 ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
login123 Posted June 23, 2015 Author Share Posted June 23, 2015 I fear this is more invasive than I thought, and will eventually get into genuine malware removal, so will not pursue it here. Done. I am still going after it with a "surgical" approach, but may show up on bleeping any minute if that fails. But no more here, don't want to cause discomfort. Actually I fear that some gentle reader might try some of the steps suggested here and gum up his computer. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted June 23, 2015 Moderators Share Posted June 23, 2015 Actually I fear that some gentle reader might try some of the steps suggested here and gum up his computer. Yup that's why we rule 10 ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now