Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malware - PC Registry Shield?


08 Sep 2013   #1

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Malware - PC Registry Shield?

During my regular check on start up progs I noticed two new ones "pcreg" and "VProtect App" as here:
Name:  VM1.PNG
Views: 11
Size:  62.9 KB
I can't find anything on VProtect App but in my Program Files I found "PC Registry Shield" which I think is Malware. Ihave rum Malwarebytes and found nothing report as follows:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
John :: Windows 7 [administrator]

08/09/2013 09:46:49
mbam-log-2013-09-08 (09-46-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270782
Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Would appreciate some guidance now as to what program to run next.



My System SpecsSystem Spec
.

08 Sep 2013   #2

Microsoft Windows 7 Pro 64-bit SP1
 
 

I'm no expert at this, but it could also be a virus. Have you tried running a virus scan too? Just to be safe. Just a suggestion though cause this is something that I'm not the best at lol.
My System SpecsSystem Spec
08 Sep 2013   #3

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by HonorGamer View Post
I'm no expert at this, but it could also be a virus. Have you tried running a virus scan too? Just to be safe. Just a suggestion though cause this is something that I'm not the best at lol.
Yes that's all clear. I did run it first so should have mentioned that but I run a daily scan. I Googled the "PC Registry Shield" and found it to be malware.
My System SpecsSystem Spec
.


08 Sep 2013   #4

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 

PC Registry Shield appears to be one of those questionable "all-in-one-speed-up-your-computer-and-fix-everything-registry-cleaner-and-more." CNET has it on their download site.

PC Registry Shield - Free download and software reviews - CNET Download.com

From their FAQ page, how to uninstall:

In the unlikely event you wish to remove our application, you can easily uninstall just as you would any other software on your computer:
  • Click Start in the lower left corner of your screen
  • From the Programs menu, select PC Registry Shield.
  • Select Uninstall.
  • Follow the on-screen prompts until finished.
PC Registry Shield – FAQ | ShieldApps

This might be one of those times to get the free 30 day trial version of Revo Uninstaller Pro for a deep removal process. It may also get rid of that vprotect app.

Revo Uninstaller Pro - Uninstall Software, Remove Programs easily, Forced Uninstall, Leftovers Uninstaller
My System SpecsSystem Spec
08 Sep 2013   #5

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Thank you Lee. Problem is PC Registry Shield does not appear in the list of programs so i am unable un install. As I said i Googled it and found this
Quote:
It is a Malware (Virus, Worm, Trojan, etc.) , that pretends to be legitimate program but it doesn't do anything and will ask you to pay to resolve issue in your PC.
You could run a full system scan with:
Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free
To remove it.
My System SpecsSystem Spec
08 Sep 2013   #6

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Seem to have got rid of PC registry Shield with the MS software. Have found this on pcreg which is still in the Start up list in system config. Any ideas on my next step please?
Malware - PC Registry Shield?-vm2.png


My System SpecsSystem Spec
08 Sep 2013   #7

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

have now found the registry entry here:
Name:  VM3.PNG
Views: 7
Size:  12.0 KB
Looks normal to me so i wonder why it suddenly appeared in the Sys Config Start up list. Should i keep it enabled in that list of is it safe to disable?


My System SpecsSystem Spec
08 Sep 2013   #8

Windows 7 Pro. 64/SP-1
 
 

This looks like one of those IOBit (using another name) sneak in the back door programs.
If it was my computer I would also run Eset Online Scan and AdwCleaner.
You can bet that it also left cookies that call home. I would also run Super Anti Spyware.

Check in msconfig/StartUp and Services and see if it has a auto updater.
My System SpecsSystem Spec
08 Sep 2013   #9

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Many thanks Jack.
I had already run ADW Cleaner earlier and have now run Eset Online Scan and Super Anti Spyware and it was clear apart from a few Tracking Cookies which are now removed. There is no update in System Config. "Services". have also run Ccleaner.
However, before i started scanning I opened the path shown to pcreg and found this "services.exe". This appears to be a virus, trojan or similar as the services.exe legit file should be in C:\Windows\system32, which it is, so I have two files "services.exe". The following two screenshots explain:

Malware - PC Registry Shield?-vm4.png

Malware - PC Registry Shield?-vm5.png
I found a number of references to this on the net and all said that if the services.exe file was anywhere other than in the System32 folder then it was probably a virus or similar. Interested to hear any comments! I would like to clear his!


My System SpecsSystem Spec
08 Sep 2013   #10

Win 7 Pro x64 SP1, Win 7 Ult x86 SP1
 
 

You could upload the questionable file to VirusTotal for scanning.

Do you have a system backup image from before the problem started you can restore?
My System SpecsSystem Spec
Reply

 Malware - PC Registry Shield?




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:03 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33