PC Confidential

[trilobyte]

I downloaded some add-ons as part of something else and then deleted them but one of them which is variously called PC Confidential Winferno or registry cleaner keeps appearing when I turn on the PC as prompts to buy the product, listing sites I've visited etc, which is a bit worrying. The other things deleted easily like toolbars for the internet but this wont go away. Ive tried searching the names in a search box and deleting the file locations but the messages wont stop coming up. Any help?

[Dalo Harkin]

Remove it from the MSCONFIG startup items and run the malware procedure from here.

Your computer appears to be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

It is in your best interest to note the following:

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:

   [*]Click the Close button to leave the control center screen.

   [*]On the main screen, under Scan for Harmful Software click Scan your computer.

   [*]On the left, make sure you check mark C:\Fixed Drive.

   [*]On the right, under Complete Scan, choose Perform Complete Scan.

   [*]Click Next to start the scan. Please be patient while it scans your computer.

   [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*]Make sure every entry has a check mark next to it and click Next.

   [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*]Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

    

   Note: Please don't use it on a regular basis as this will clear all previous restore points. The feature might be very useful to revert your computer to working condition if something goes wrong.

    

   Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[trilobyte]

Thanks...

 

...I'll give it a go.

[trilobyte]

Hello..

 

...I managed to do four of the 5 but the online-scan wouldnt work as it wouldnt let me download active x and also the 'run as admin' option wasnt on the internet explorer right-click options list... Thanks for replying, I didnt realise how much crap was on the computer.

[RandyL]

What is the health of your PC now? Are you still getting the PC Confidential Winferno or registry cleaner prompt?

[BeeCeeBee]

Run as administrator is a Vista requirement. In XP you need only be logged on using an account that has been set for computer administrator. Check your status in Control Panel>Users and make sure it hasn't been changed.

Did you get an activeX warning (yellow bar across the top ot the eset IE window) when you tried to run the scan? If so, did you allow the activex?)

[trilobyte]

It seems to be better but those things only seemed to come up intermittently (every few days) so we shall see

[trilobyte]

It says I am logged in as the administrator so that should be fine, I may try the scan again and see if it works, the active X thing doesnt seem to be a problem now...Thanks

[trilobyte]

Hey, the PC confidential and Winferno messages have come up again so I dont think the scans caught them...Ive tried the online scan again but it now is coming up with the active x prompt again....

[Dalo Harkin]

Have you looked in MSCONFIG under the startup options?

can you post a screen shot of them with the windows expanded

[trilobyte]

Ive done a screen shot of the pages but wouldnt be sure how to upload them to this site.

[Dalo Harkin]

click on the paperclip and add the files/images

[trilobyte]

Thanks, this is them, the screens wouldnt let me expand so I did it in two parts...

[trilobyte]

So, can any one help by looking at this...

[RandyL]

Hi again trilobyte;

It seems that you must have had at one time PC Confidential from winferno installed. It was probably the trial version. Is it listed in add/remove programs?

 

It seems that the uninstall for that program does not always go well. I don't see it in your startups so I'm guessing that is what happened.

 

Try Revo Uninstaller to see if it can remove the program in it's entirety.

 

Note that you may have to reinstall the trial version of PC Confidential first.

 

If that does not work you may have to resort to manually deleteing files and folders as well as searching for obscure entries in the registry for it.

 

WARNING: Do not use a registry cleaner under any circumstance or edit the registry without guidance.

 

This can be extremely dangerous to your OS if you are not carefull and may result in even worse problems.

 

Try Revo first. Hopefully nothing will go wrong.

[Tootech]

Could you also have a look at the msconfig entries

 

1) A2Y

2) Toolbar EULA

 

I don't recognise them, and it would be good to rule them out as safe entries.

 

The easiest way is to enlarge the Command column and look at where the entry points to, and post the info, or screenshots if thats easier.

[trilobyte]

thanks guys, Ill give it a try