General discussion

Stung by the Registry Booster 2011 (AKA Uniblue) Scam

Yes, I failed to do my homework and made the mistake of trusting downloads offered by cnet and now am stuck with this boat anchor. It has now shut down my "Add/Remove Programs" function and will not allow me to remove it via Program Files either. Scans for me constantly - presumably until I pay the ransom - and has all but left my computer at a crawl.

Any assistance or suggestions on how to rid myself of this "safe and trusted solution" would be much appreciated. And please be aware that I need to be handled with kid gloves!

Discussion is locked
Follow
Reply to: Stung by the Registry Booster 2011 (AKA Uniblue) Scam
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Stung by the Registry Booster 2011 (AKA Uniblue) Scam
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Please Try This.......

First, attempt to uninstall it using the FREE version of the Revo Uninstaller from the link below:

http://www.revouninstaller.com/revo_uninstaller_free_download.html

___________________

If that doesn't get it done, then try malware removal instructions below:

If you can download the tools below on your current computer, and get them to work, then fine, but frequently the problem malware prevents the programs from running correctly. If that's the case, then download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

____________________________

First, after transferring it to the problem machine, run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 3 different versions. If one of them won't run then try to run the other one. Be patient.... as a black window should open, then close after finding all the background programs.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill.com
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.scr

_____________________

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://data.mbamupdates.com/tools/mbam-rules.exe

Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html
____________

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
_____________________

And after that, if everything's fine by you can't connect to the internet, then follow the procedures below to check your network "proxy" settings.

Open Internet Explorer and go to Tools-Internet Options-Connection Tab. Click on the LAN settings button. IF there is a check mark next to "Use a proxy server for your LAN", uncheck it. Click OK. Then OK, again.
__________________

Hope this helps.......

Gri

- Collapse -
PC Viruses_Windows XP "Choose the File you want to use..."

OMG!!!!! I never used a PC before- now am inundated with Viruses & insane LIES about Viruses.
I am definitely saving to upgrade my MAC instead!!!!

Malicious!
I thought I deleted all the Bad Files from some Malware virus....
Still get the "Choose the program you want to use.." box whenever opening a program -
Also the VOLUME Control is not Functioning...***??

This is Terrible & an insane waste of precious time...
...so then I tried the "Registry Booster" download...well 1/2 into it checked on here to make sure it was not yet ANOTHER SCAM...Which it apparently is...I was able to delete some of it's files, not all (at this point).

It seems that (since I 1st got the MalWare Virus) I have issues with .exe files??
...............Any HONEST Advice is appreciated.
(is CNET also Infected w. People recommending virus-laden files? I don't get it at all, if so, they should all be removed...)

- Collapse -
SIte Where I found the Files
http://www.dougknox.com/xp/file_assoc.htm

This is what I was Loading when I noticed it may be more Bad Files..
"
EXE File Association Fix
(Restore default association for EXE files)" (Registry Booster) ..

Shouldn't these people be thrown in Jail...?
- Collapse -
You found "bad files" at Doug Knox?

Cindy..

==>> Site where I found the files. This is what I was Loading when I noticed it may be more Bad Files.. <<==

I'm having some problems understanding what you wrote. My understanding is, you feel the site (Doug Knox) included in your post, was where you found 'more bad files'.

IF that is the case, I can assure you there's absolutely nothing wrong with the site. It's helped many people. You wrote in a prior post, you were having issues with exe files. Following the below directions may (or may not) help, depending on what your problems are. And also IF I understood your post correctly.

• At the site below, click on "EXE File Association Fix".
• Download the zip file (which contains a registry file) to your desktop.
• Unzip the file and double-click on the "xp_exe_fix.reg" file.
• When asked, "Are you sure", select "OK/Yes".
• Reboot and see if it helps.

If done correctly and it doesn't help, see the "NOTE:" (in red) just below the instructions at the top of the page.

http://www.dougknox.com/xp/file_assoc.htm

Best of luck..
Carol

- Collapse -
I wonder..

Hope you don't mind me intruding Carol.

I just wonder if Cindy's installed security apps flagged this as 'possibly dangerous'. It attempts to change the registry and some apps may warn about that.

I can also attest to Doug Knox's site. We recommend it all the time in these forums to help users out of difficult situations.

Mark

- Collapse -
Interesting observation..

I never went that far. Sad

My thoughts were, Cindy (who never used a PC before) at some point felt the reg file (in name only) was somehow related to Registry Booster.

I like your "wonderings" MUCH better!! Happy

Time will tell - or not.

Your intrusions (as you choose to call them) are always welcome..

Carol

- Collapse -
'HONEST Advice is appreciated' ..

Cindy..

I see you noted you never used a PC before, and now you're inundated with viruses. I can't help but ask, which security software you have in place? Much more importantly, if you're aware that "what we do and where we go" on the internet, is what gets us into trouble. We are the systems first line of defense. The software is secondary.

You asked for honest advice. Most (if not all) at these forums, suggest against any type of registry boosters or optimizers. We've found they create more problems than they solve. Avoid them.

If you have any question/s, as to what software to install (and where from) you only need ask.

If you don't have Malwarebyes' Anti-Malware installed, I would highly recommend it. The free (and paid) versions can be downloaded from here:

http://www.malwarebytes.org/products/malwarebytes_free

As far as the problems you're having with your exe files, see my post below titled, "You found "bad files" at Doug Knox?". If the only problem is restoring the EXE file association, it may help.

Best of luck..
Carol

- Collapse -
When you went to Program Files..

Comotoes..

You stated you weren't able to remove it 'via Program Files'. Did you go to C:\Program Files\Uniblue\Registry Booster\unins000.exe? And did you then try using their uninstaller? (It may be a variation of "unins000.exe". Such as "unins0009.exe", or the like.)

The reason I ask is, a member posted last month, with the same problem. He was able to uninstall it using the above method.

That said, if the application you installed, no longer enables you to use the Add/Remove utility, and you already tried the above, I will bow out gracefully and suggest you continue with what Grif has suggested.

Best of luck..
Carol

- Collapse -
Been Burned Before!

No, I must say, I didn't go farther than trying to delete "Uniblue" and then "Registry Booster" - that, after having lost my "Install/Uninstall Programs" application.

It seemed to me that the two were related and that I had infected myself but perhaps I overreacted. I was, after all, dumb enough to try "FinallyFast" which is a scam that actually infects you while doing its "Free Analysis" - probably like all the other "seen on TV" solutions.

When I tried to simply delete the folder from Program Files, I got the ol' "Not Authorized" message and that really frosted me.

Now (before I read your post) I have deleted it using RevoUninstaller and my "Add/Delete Programs is still a blank page that id perpetually being populated. I'm thinking I may have to reload or repair Windows at this point but I'll try Grif's anti-malware list above before I go there.

Thanks all so much for the quick response - you're restored my faith in cnet.

PS - in the meantime, I've managed to lose my audio driver. Before I go and reload the motherboard and do something else stupid I thought I'd better check in. Suggestions?

- Collapse -
Considering you've been 'burned before'..

It's more reason to (first) scan with the tools Grif suggested. In all likelihood, you will be able to restore Add/Remove and your audio driver. Making sure there is no "malware" present is the "first order of business", as far as I'm concerned.

When you do respond to Grif's post, please include which operating system you're using.

No need to read the thread I referenced, if you removed Registry Booster using the Revo Uninstaller. Originally I suggest he use Revo, but he removed the application using Uniblue's uninstaller.

Best of luck..
Carol

- Collapse -
Malwarebytes Stalled - why?

Whelp, Rkill did it's work but now when I try to run Malwarebytes, it runs for 13 hours and then stalls. Will try again today.

- Collapse -
ESET Online Scanner

Detects Uniblue's Registry Booster and Speedup My PC as threats and should be able to remove them,

http://www.eset.eu/eset-online-scanner

You must have Administrator privileges. Follow Grifs instructions aggain except try to accesss ESET Online Scanner after running RKill and checking your Lan/Proxy settings. Last scan I ran on an older XP machine with Registry Booster on it(just the installer remained)ran for about an hour. If successful then run MBAM.

CNET Forums