Jump to content
CCleaner Community Forums
login123

Odd Popup

Recommended Posts

Anybody recognize this popup?  It appears at startup on a win 7 64 bit laptop. 

No telling what the owner has installed on it in the past, but the computer is apparently malware free now. 

Avast & MBAM find nothing.  ADWcleaner, Junkware Removal Tool, and ZHP Cleaner found & deleted some PUPS.

It looks very McAfee-ish, so I manually deleted all references to McAfee from the registry.

But it still pops up.

 

Edit:  If you "Click to Renew" nothing happens. 

 

I have googled, ixquicked, and duckducked, for both info and images.  No luck. 

It is not malware, so you could offer advice without getting in trouble (I think).  ;)

 

 

 

Thanks for any suggestions. 

Share this post


Link to post
Share on other sites

Open CCleaner--tools--startup, look in scheduled tasks and see if anything jumps out at you.

 

Also try Control Panel,  Admin tools and look in Task Scheduler.

 

Also open control panel --notification area and see if it gives anymore info there for it.

 

When you know what it is (was) then just use Ccleaner tray notification cache tickbox to clean it, reboot and you should be done.

Share this post


Link to post
Share on other sites

If CCleaner doesn't find it, here's all the "run" places I know of in the registry:

Run:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

RunOnce:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

RunServices:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Although depending upon what it is it could be started from elsewhere such as system files that start with the system, i.e.;

*.NT, *.INI

 

If it's actually antivirus related I've seen some of them modify for whatever reason:

autoexec.NT, boot.ini, system.ini, win.ini

Edited by Andavari
typo

Share this post


Link to post
Share on other sites

All good ideas. 

I'll be back at the computer soon and try them. 

It belongs to a family member, and I know it had McAfee on it for a while. 

I'll post back whatever happens. 

Thanks very much. 

 

I forgot to say, CCleaner found a few leftover items and deleted them. 

Ran it twice, after everything else, to errr, well, clean up. 

I just didn't think about checking the startup list or the task items.  Duhh. 

Share this post


Link to post
Share on other sites

@ mta:  Oh dear.  :o 

That seems right on target, especially looking at post #17 even though my problem is on win 7. 

If it is that complicated I probably will just go over to Bleeping and let them guide me thru it. 

I'll be back at the computer today, will try everything starting with the easiest stuff and report back. 

Thank you again. 

Share this post


Link to post
Share on other sites

If you're suspicious it's a file (and not a task or registry) and have some clue as to the name, Search Everything: http://www.voidtools.com/

 

indexes all the files on a computer and will sort through them in real time

Share this post


Link to post
Share on other sites

No luck yet.

Ran ADW, JRT, ZHP, HitmanPro, MBAM, Avast scan & Avast boot scan. 

All found bits & pieces but eventually came clean.

Manually removed old Norton & Symantec entries. 

 

I fear this is more invasive than I thought, and will eventually get into genuine malware removal, so will not pursue it here.

I suppose I'll go over to Bleeping and ask them to have a look, or just do a reinstall. 

 

Thanks to all for the help and suggestions, it's very nice to have friends who will help. 

All your suggestions helped, made the computer a bit faster, but the popup still pops. 

Share this post


Link to post
Share on other sites

Try doing the manual route. Boot with any external liveCD and check the file structure yourself for suspicious executables. Check the Documents and settings folder contents (users folder if you are running Vista and onwards). You could even try running an AV check from there. Some AV companies provide you with a "rescue" bootcd which enables you running their av from a livecd (commonly any Linux flavour).

 

EDIT. Just to be safe, run a FULL SCAN (scan all files). it will take a lot of time more though.

Share this post


Link to post
Share on other sites

I'm starting to get uncomfortable with the direction of this thread, it's verging on Malware advice. If you are unsure the source of the pop-up you really need to seek out professionals via the forum's rule #10

Share this post


Link to post
Share on other sites

I fear this is more invasive than I thought, and will eventually get into genuine malware removal, so will not pursue it here.

 

Done.  :) 

I am still going after it with a "surgical" approach, but may show up on bleeping any minute if that fails. 

But no more here, don't want to cause discomfort. 

Actually I fear that some gentle reader might try some of the steps suggested here and gum up his computer. 

Share this post


Link to post
Share on other sites

 

 Actually I fear that some gentle reader might try some of the steps suggested here and gum up his computer. 
Yup that's why we rule 10

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×