Spyware problem: Firefox opens up random tabs

A

AssaultRifle

Banned
Local time
8:43 PM
Messages
80
I'm getting random pop-up advertisements for a program called "Registry Defender" which I know for sure is a virus, and several other programs.

I have already scanned my computer with Avast and Malwarebytes and they don't detect any malware. How can I get rid of this virus?
 

My Computer

Computer Manufacturer/Model Number
iBuyPower 551D3
OS
Windows 7 Home Premium 64-Bit
CPU
AMD Phenom II X4 965(3.4GHz)
Motherboard
AMD 770
Memory
4GB DDR3
Graphics Card(s)
ATI Radeon HD 5770
Sound Card
Integrated - 8 Channels
Monitor(s) Displays
ASUS VH242H - 23.6" LCD Monitor
Screen Resolution
1920x1080
Hard Drives
500GB SATAII
PSU
700W
Case
NZXT Apollo Gaming Tower
Keyboard
Deltaco - Swedish Gaming Keyboard
Mouse
GIGABYTE GM-M6800 Noble Black
Depending of what your configuration is, the choices may vary, but I would recommend booting up with a LiveCD (i.e. not with your native OS), then scan your hard drive with a few of the online scanners - nowadays most major antivirus vendors offer free online scans. If your LiveCD contains some antivirus software, use that as well.

After that, you could go manually through your Program Files, with the LiveCD nothing will be hidden (or at least you can easily show hidden stuff) and find any file that may have a reference to the "Registry Defender" or any other program that bothers you. Just make sure to erase all instances of them, including from prefetch folders.

If everything fails and you have no earlier restore point to fall back to, there is always an option to re-install the OS, although personally I've never done that in a situation like that - it seems to drastic a move to me.
 

My Computer

Computer Manufacturer/Model Number
Dell Inspiron 530
OS
Windows 7 Ultimate (x64)
CPU
Q6600
Memory
8 GB
Graphics Card(s)
ATI Radeon HD 2600 XT
Monitor(s) Displays
Samsung Syncmaster P2450
Screen Resolution
1920x1080
Hard Drives
Samsung HD103UJ
Samsung HD501LJ
Internet Speed
25 Mb/s
AssaultRifle said:
I'm getting random pop-up advertisements for a program called "Registry Defender" which I know for sure is a virus, How can I get rid of this virus?
Click to expand...
What makes you think Registry Defender is a virus?
Can you post a screenshot of one of the pop-ups please?
 

My Computer

Computer type
PC/Desktop
OS
Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Motherboard
ASUSTeK COMPUTER INC. P8H77-M
Memory
8.00 GB
Graphics Card(s)
Intel(R) HD Graphics 4000
Sound Card
On Board
Monitor(s) Displays
Dell 24"
Screen Resolution
1920 x 1080
Hard Drives
(1) INTEL SSDSC2CT180A3 ATA Device (2) ST500DM002-1BD142 ATA Device (3) WDC WD3200AAKS-75L9A0 ATA Device (4) Generic- Compact Flash USB Device (5) Generic- MS/MS-Pro USB Device (6) Generic- SD/MMC USB Device (7) Generic- SM/xD-Picture USB
PSU
500w Corsair
Case
Cooler Master
Cooling
3 Fans
Keyboard
Logitech MK300
Mouse
Logitech WOM
Internet Speed
75Mb
Antivirus
Norton 360
Browser
Firefox, Opera, IE
Registry Defender 'purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results.0' It's a rogue security program, which I believe should be removed.
Click to expand...


source
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
LENOVO K450 @3.0GHZ
OS
64-bit Windows 8.1 Pro
CPU
Core(TM) i5 CPU 4330 Haswell @ 3.20GHz
Motherboard
LENOVO
Memory
12.00 GB
Graphics Card(s)
Intel(R) HD Graphics
Sound Card
Intel HD integtrated
Monitor(s) Displays
HP 25' ISP Monitor
Screen Resolution
1900/1020
Hard Drives
(1) ST1000DM003-1CH162 (2) Generic STORAGE DEVICE USB Device (3) Generic STORAGE DEVICE USB Device
Internet Speed
100mb down/10mb up
here try superantispyware it's great at getting rid of of rouge programs

heres link to the portable version (virus wont stop it from running)

SUPERAntiSpyware.com - SUPERAntiSpyware Portable Scanner

update it and run a full scan and post back the results

hope this helps

-Andrew
 

My Computer

Computer Manufacturer/Model Number
HP Pavilion p6795a
OS
windows 7 64 bit
CPU
intel core i5 3.30GHz Quad Core
Motherboard
HP
Memory
6gb
Graphics Card(s)
AMD RADEON HD 6450 1GB Dedicated
Sound Card
ATI HIGH DEFINITION SOUND
Monitor(s) Displays
LG
Screen Resolution
16:9 Hd
Hard Drives
1TB
Cooling
Fan
Keyboard
Wireless
Mouse
HP wireless keyboard and mouse
Internet Speed
fast enough
Other Info
Beast Of A Machine!
thathagat said:
What makes you think Registry Defender is a virus?
Click to expand...
it seems to be a rogue/adware....

Registry Defender bleepingcomputer.com
Click to expand...

Also note that Registry Defender is generally via the Vundo Trojan. This is most often a result from outdated, vulnerable Java software installed on the computer.

Please do the following:

Go to add/remove programs and uninstall any item listing J2SE or Java Runtime Environment in the name other than the most recent update, which is Java SE JRE 6u21, IF old versions are found, please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.
Then download and install Java SE Runtime Environment (JRE) 6 Update 21.

Download Link: Java SE Runtime Environment 6u21

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Next, please download Malwarebytes' Anti-Malware to your desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    MBAM_SR.png
  • Click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here on Windows XP: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt and C:\Users\UserName\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt on Windows Vista and Windows 7.
If you are still having problems, post a copy of the MBAM log in your next reply.
 

My Computer

OS
Windows 7 & Windows Vista Ultimate
You must log in or register to reply here.
Back
Top