Jump to content

Odd Popup


login123

Recommended Posts

Anybody recognize this popup?  It appears at startup on a win 7 64 bit laptop. 

No telling what the owner has installed on it in the past, but the computer is apparently malware free now. 

Avast & MBAM find nothing.  ADWcleaner, Junkware Removal Tool, and ZHP Cleaner found & deleted some PUPS.

It looks very McAfee-ish, so I manually deleted all references to McAfee from the registry.

But it still pops up.

 

Edit:  If you "Click to Renew" nothing happens. 

 

I have googled, ixquicked, and duckducked, for both info and images.  No luck. 

It is not malware, so you could offer advice without getting in trouble (I think).  ;)

 

 

 

Thanks for any suggestions. 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

Open CCleaner--tools--startup, look in scheduled tasks and see if anything jumps out at you.

 

Also try Control Panel,  Admin tools and look in Task Scheduler.

 

Also open control panel --notification area and see if it gives anymore info there for it.

 

When you know what it is (was) then just use Ccleaner tray notification cache tickbox to clean it, reboot and you should be done.

 

Support contact

https://support.piriform.com/hc/en-us/requests/new

support@ccleaner.com

 

Link to comment
Share on other sites

  • Moderators

If CCleaner doesn't find it, here's all the "run" places I know of in the registry:

Run:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

RunOnce:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

RunServices:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Although depending upon what it is it could be started from elsewhere such as system files that start with the system, i.e.;

*.NT, *.INI

 

If it's actually antivirus related I've seen some of them modify for whatever reason:

autoexec.NT, boot.ini, system.ini, win.ini

Edited by Andavari
typo
Link to comment
Share on other sites

All good ideas. 

I'll be back at the computer soon and try them. 

It belongs to a family member, and I know it had McAfee on it for a while. 

I'll post back whatever happens. 

Thanks very much. 

 

I forgot to say, CCleaner found a few leftover items and deleted them. 

Ran it twice, after everything else, to errr, well, clean up. 

I just didn't think about checking the startup list or the task items.  Duhh. 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

found this from 3yrs ago; http://www.bleepingcomputer.com/forums/t/455070/pc-power-speed-system-optimizer-infection/?p=2717234

seemed to be resolved by the OP following the malware removal advice.

Backup now & backup often.
It's your digital life - protect it with a backup.
Three things are certain; Birth, Death and loss of data. You control the last.

Link to comment
Share on other sites

@ mta:  Oh dear.  :o 

That seems right on target, especially looking at post #17 even though my problem is on win 7. 

If it is that complicated I probably will just go over to Bleeping and let them guide me thru it. 

I'll be back at the computer today, will try everything starting with the easiest stuff and report back. 

Thank you again. 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

No luck yet.

Ran ADW, JRT, ZHP, HitmanPro, MBAM, Avast scan & Avast boot scan. 

All found bits & pieces but eventually came clean.

Manually removed old Norton & Symantec entries. 

 

I fear this is more invasive than I thought, and will eventually get into genuine malware removal, so will not pursue it here.

I suppose I'll go over to Bleeping and ask them to have a look, or just do a reinstall. 

 

Thanks to all for the help and suggestions, it's very nice to have friends who will help. 

All your suggestions helped, made the computer a bit faster, but the popup still pops. 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

Try doing the manual route. Boot with any external liveCD and check the file structure yourself for suspicious executables. Check the Documents and settings folder contents (users folder if you are running Vista and onwards). You could even try running an AV check from there. Some AV companies provide you with a "rescue" bootcd which enables you running their av from a livecd (commonly any Linux flavour).

 

EDIT. Just to be safe, run a FULL SCAN (scan all files). it will take a lot of time more though.

Link to comment
Share on other sites

  • Moderators

I'm starting to get uncomfortable with the direction of this thread, it's verging on Malware advice. If you are unsure the source of the pop-up you really need to seek out professionals via the forum's rule #10

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

I fear this is more invasive than I thought, and will eventually get into genuine malware removal, so will not pursue it here.

 

Done.  :) 

I am still going after it with a "surgical" approach, but may show up on bleeping any minute if that fails. 

But no more here, don't want to cause discomfort. 

Actually I fear that some gentle reader might try some of the steps suggested here and gum up his computer. 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

  • Moderators

 

 Actually I fear that some gentle reader might try some of the steps suggested here and gum up his computer. 
Yup that's why we rule 10

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.