SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows 7

(Solved) - Huh? Sales Pitch or actual problem?

(27 posts)
  • Started 4 years ago by NYCaribou
  • Latest reply from LH
  • Topic Viewed 2360 times

NYCaribou
Posts: 98

I came home from a doctor's appointment and found a second browser window opened in Firefox claiming that it had detected errors and literally DEMANDING that I drop every single thing I am doing and rush to download a program called RegCure (the window claims it is Microsoft Certified) to "clean" my system. In the 'More Information' section I found the following, very very light text as to be barely visible until highlighted:

Technical Information:
Could not initialize: HKEY_CLASSES_ROOT\CLSID\{H2BKL0-7548-11CF-A520-0080N99LF58A}
Could not initialize: HKEY_SYS_CORE\VAR\{WL43320-7677-GFH4334K}
Corrupt entry: HD_SYSTEM\ID\{HF49480-7JF77-SD33H49}

I downloaded RegCure and ran a scan and it claimed to find a whopping 801 errors on my system. Then it suddenly announces that failure to provide PAYMENT for a registered version within 1 minute would literally create a 100000% absolute guarantee that the entire universe would burn to ash and collapse into a black hole and every living thing that ever lived would be thrust into untold suffering of inconceivable proportions.

*sighs* Okay not literally but you get the idea :p

Now I'm wondering if this was some kind of phishing script or sales-pitch script pop-up created by one of the websites that my browser was connected to. I'm wondering if this RegCure is really a Microsoft certified program or a bunch of con artists out to get a buck.

Does anyone have any input to offer?

I am using the Home version of Windows 7.

Posted 4 years ago
Top
 
ProstheticHead
ProstheticHead
Posts: 3281

NOOOO!!! Don't do it.
Look at this. You should find all you need there :-)

Posted 4 years ago
Top
 
edmenje
edmenje
Posts: 279

You have just loaded the actual virus on your system. This is one of those fake anti-virus viruses that have been running rampant of late. They use different names, but they all do basically the same thing and follow the same path to get you to infect your own system. Another term for this is scareware, they scare you into complicity in infecting your machine. From the link Prosthetichead gave you have a look at this one in particular for info on rogue/fake antivirus removal The other links on the page Prosthetic gave you are also certainly important ones to learn about and improve your computer's security and antivirus needs.

If this ever pops up on you again, the only way to not have the malware get on your system is to right-click the browsers button in the taskbar and close the browser or kill the process in Task Manager. Clicking even the close button on the purported antivirus' window will deliver the payload. Good luck in removing it, I've had to remove similar virus infections on other people's computers twice in the last month. SuperAntiMalware and Malwarebytes are able to get at it, but other antivirus programs are rendered impotent as there are literally hundreds of registry entries created to block any attempt at using or downloading any other antivirus program.

Posted 4 years ago
Top
 
BobJam
BobJam
Posts: 1052

RegCure = rogue = dupe unsuspecting user into buying full version.

BTW, if something ever says you have 801 errors (unless they're extremely trivial . . . and a rogue always says they are "serious"), you would likely not even be able to boot your machine.

Messing up your machine may be the least of your problems (and you can always do a clean install if the removal procedure doesn't work or gets too tedious . . . actually I recommend a clean install right away anyway . . . can post my reasons here if you're curious).

IF YOU DID AN ON LINE PURCHASE, USING EITHER YOUR CHECKING ACCOUNT, CREDIT CARD, OR PAYPAL, THESE CRIMINALS ARE LIKELY TO SELL YOUR ACCOUNT NUMBER.

CALL YOUR BANK, CREDIT CARD COMPANY, OR CONTACT PAYPAL, AND HAVE YOUR ACCOUNT NUMBER CHANGED!!!!! AND ALERT THEM THAT YOU SUSPECT THERE MAY BE SOME FRAUDULENT PURCHASES.

Fixing your computer may be the least of your worries.

And you'll probably want to closely scrutinize your statements for the next coupla' months.

Posted 4 years ago
Top
 
ian2
ian2
Posts: 632

Excellent Advice Bob and unless I am mistaken "YOUR BACK " have not seen you online for sometime.

Posted 4 years ago
Top
 
BobJam
BobJam
Posts: 1052

@ian2,

Have been lurking now and then, but have been "digging" into sites to rate for WOT most of the time. Spend a lot of time in robtex, whois, a sandbox and a VM, visiting suspicious sites, tracking down IP's, and "outing" these morons. IMO, there's a special place in Hell for these . . . people. Especially the rogue criminals that prey primarily on noobs. You can see my latest piece at http://www.techjaws.com/trophy.....-of-shame/

And thanks for the kind words and "noticeing".

@NYCaribou,

Forgot to mention in my previous post . . . my compliments to your humor while everything is crumbling and falling down around you. Your description of the consequences of the rogue detections was hilarious.

Posted 4 years ago
Top
 
germ-x
germ-x
Posts: 5310

BobJam is correct about regcure being the "rogue" pitch sales jerks. I get this one occasionally. The world ending errors on your system are mostly history enrties. You can clean then up today and next week you will have another 801. Your world will not end over this at least I hope not.Just remember the leeches are always open 24/7. HTG recommends a program called Ccleaner which is free and will destroy those gremlins including the regcure infomercial you received. Some advice is when leaving your system on and unattended for long periods of time is disconnect from the internet.

g-x

Posted 4 years ago
Top
 
NYCaribou
Posts: 98

I didn't give RegCure one red dime, I didn't visit their page. I do check my bank statement online every day (sometimes more than once) and call at the first thing I don't recognize -- I have since long ago. I deleted it from my system and installed SpyBot S&D.

A number of sites I visited from time to time will no longer be visited.

I'm going to mark this solved but anyone's free to add further input for the benefit of others or just for the sake of conversation.

Posted 4 years ago
Top
 
BobJam
BobJam
Posts: 1052

@NYCaribou,

Take a look at this. I tested it in my VM. Interesting results. Stay away from ParetoLogic!!!

(Actually, scroll through the whole 2 pages of the thread I linked to. You will see that ParetoLogic made a response on page 2, and I did another "test" in response to that. They "failed" even on their own protocol!)

Posted 4 years ago
Top
 
LH
LH
Posts: 20002

BJ. You have image problem in that link.

Posted 4 years ago
Top
 
BobJam
BobJam
Posts: 1052

@LH,

If you're talking about clicking the images and it taking you to tinypc, your right (I didn't bother to adjust the tags correctly on that one). But if you're using FF, just right click the image and select "View Image" (and that will even allow you to zoom it).

If you're using IE . . . I think I would have to go back in and edit the tags for the image to open up in its own screen on clicking it.

Posted 4 years ago
Top
 
LH
LH
Posts: 20002

Using FF. And that still doesn't work !

Posted 4 years ago
Top
 
BobJam
BobJam
Posts: 1052

@LH,

This really has me baffled. Do you mean you can't even see the images . . . I mean are you getting that "red X"?

Has me baffled because everything is fine in mine . . . FF3.5.7, Ubuntu 9.10.

What specifically are you seeing?

Posted 4 years ago
Top
 
LH
LH
Posts: 20002

I can see the first 3 images. The others say they have been moved or deleted ?

Posted 4 years ago
Top
 
BobJam
BobJam
Posts: 1052

@LH,

This is really weird. There are a total of 6 images, and I can see them all. Any ideas?

I'm going to try Chrome, and Opera, and Sea Monkey, and IE (in my VM) and see if I can see them in those browsers, I think I tried them all before and the images came through, but I'll try them again.

Posted 4 years ago
Top
 
LH
LH
Posts: 20002

What with this, and InDiSents router, I think it's the full moon :)

Posted 4 years ago
Top
 
BobJam
BobJam
Posts: 1052

@LH,

It gets even weirder!

All the images show up just fine in Opera (10) and FF. But in IE(8), Chrome (5), and SM I get the same as you . . . the last three are either "moved" or deleted.

IE uses the Trident engine, but SM uses the Gecko engine just like FF, so I would have expected SM to display the images the same as FF.

Plus, I haven't moved or deleted those images from tinypic.

Very weired . . . you're right, maybe it is the full moon.

Anyway, this is one of those things that really isn't that important, but I'm gonna' mess with it (and waste a lot of time . . . but then I'm retired, so what else do I have to do . . . watch TV?) 'till I figure out what's doing it. This is going to drive me nuts 'till I figure it out!! Was going to go to bed . . . now I can't because I'll be obsessing over this.

Such is the life of a student geek . . .

Posted 4 years ago
Top
 
LH
LH
Posts: 20002

Sorry about that mate :)

Posted 4 years ago
Top
 
BobJam
BobJam
Posts: 1052

Nothing that a little "Therapy" couldn't cure. Maybe I'll watch "Analyze This" on TV instead of trying to figure out this nonsense.

BTW, here's another link to essentially the same thing (edited a little for a security blog). . . and the images on this should show up.

Posted 4 years ago
Top
 
LH
LH
Posts: 20002

Yep. That one is fine.

Posted 4 years ago
Top
 



Topic Closed

This topic has been closed to new replies.

Enter Your Email Here to Get Access for Free:

Go check your email!