I Downloaded a Trojan Then a red shield showed up in my tray and when i click it it it puts Registry Cleaner 2.5 and tries to make me buy it I've tried everything to remove it.

[URL=http://img1.imagefuse.com/my.php?image=11694534502.jpg][IMG]http://img1.imagefuse.com/anon/11694534502_tmb.jpg[/IMG][/URL]

Other people have had this problem
http://www.ripoffreport.com/reports...
http://www.ripoffreport.com/reports...

http://img1.imagefuse.com/anon/1169...
Photos

Download ATF Cleaner and Super AntiSpyware and install these programs
Boot into safe mode, (F8 while booting up) then ,
Go to start /control panel /add&remove programs and delete/remove the Registry cleaner 2.5
Then run the ATF Cleaner, then the Super AntiSpyware and also your AntiVirus
Then reboot to normal mode.

I use either Reg Scrub XP or Reg Cleaner Both are safe and free

" If at first you don't succeed, Please Post Back "

I cant seem to download Super AntiSpyware anywhere I go but I Tried "Spybot Search & Destroy" and Ad-ware in safe mode.
btw it didn't work

Patrick, SAS is here www.superantispyware.com.

"it didn't work" is an often used phrase but leaves things open to interpretation.

Did Ad-Aware & SpyBot not run, ran but found nothing, ran and found something they couldn't remove, ran and removed something but the symptoms remained, etc etc?

DerekW

Hi, not the same person, but with the same problem. Thank you for the help, but it also 'didn't work' in that I ran ATF Cleaner and Super AntiSpyware, which got rid of a list of spyware, but when I rebooted normally, there's still that lil' red shield in the corner, popping up and trying to get me to install and buy. Also of note is that I had nothing to uninstall, as I recognized the whole 'registry cleaner' (registry cleaner 32?) thing the first time it popped up and didn't agree to the setup and all that.

Thanks again

badgerlock99

I've found that rarely are two problems "exactly" the same. Post a new thread of your own by choosing your Windows System on left then you'll get personal attention to your own variant of this problem.

In the meantime, sure, keep monitoring this thread too just in case anything comes up that helps you.

DerekW

Hi guys, im a third person woth the same problem. i did exactly what badgerlock99 said and got the same results. onlt thing i used Trendmicro anti spyware instead of the super anti spyware. my results were the same as his. wonder where the file is thet loads the little red shield. its not in the startup folder, but when i start in safe mode it doesnt load.
hope that helps. might be a new spyware or something thats not listed yet as spyware on spyware scanner databases.

Thanks for the tip, I've been searching around yahoo and I came across this link

http://blogs.guardian.co.uk/askjack...

that also makes some mention of the problem. Think I'll try some of the other free anti-spyware programs they mention.

well i got same problem i posted my own message though....and i scanned with

Ad-aware....i get results...and i delete them..

SpyBot ..i get results i delete also..but if i restart computer....

and run the scan again...

i get the same results...from the previous scan..so it keeps coming back....if there is anything i can do to help with more skilled people on this subject tell me..ill post screen shot of the results...or anything..to help fix this problem

I just posted my own message in the Windows XP OS forum, as advised, but I thought y'all should know, in case you don't see it there, I did a search of the c:\ for the word 'registry' and I found a file in C:\Windows\Prefetch called REGISTRYCLEANERSETUP.EXE-1FE49650.pf which I think is the problem, but I wanted another opinion before I went and deleted it, so...

If anyone knows anything more about the Prefetch folder and what the stuff in there does, maybe they can confirm?

Thanks.

This may not be updated yet for you
infection, but worth a try.

http://www.malwarebytes.org/roguere...

yo i deleted that file and a few others..around it...that started with Regi. and then reformatted into safe mode...and ran my scanners... ad aware and spy bot....and it found same results..from last time..deleted then restarted to normal mode...still got same problem...so dunno.

Also tried the deletion of files in Prefetch, didn't work. Also tried the software at http://www.malwarebytes.org/roguere... which also didn't work.

In the Windows XP forum, someone replied with a list of things to try, if anyone else is still having problems.

Don't think removal tools are updated to
remove this infection.

This is one file that you all may have.

ctpmon.exe

http://research.sunbelt-software.co...

wqow dude i think it is ctpmon.exe shiz..i cant delete it..but i did task mananger and there is like 2-3 on there..i try to close it doesnt work..then my comp lagged a bit...when i looked down to the right...had ahole bunch of those mini red circles with the white X lol...imma try to find a way to delete it

wow i think i deleted it...

go to

start > search and put in

ctpmon.exe

w/e comes up delete it...if u cant delete it...do ur task manager...

alt+ctrl+delete....now u should have the process ctpmon running either once or a few times...try to end them...if they dont end...right click on them and go to end process tree....after u ended all of those...go and delete the ctpmon from your search result...and the little icon at the bottom right should be gone....then run ur scanners to make sure..and put up a firewalll ;]

well it worked for me..dont got that annoying s--- anymore...but for sum reason..my firefox doesnt let me go to

www.gmail.com
says unable to connnect..then the browser addy becomes..

https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl<mpl=m_wsad<mplcache=2

dunno any help on that 1?

YEA! Yes, deleting the cptmon file worked for me as well, though I had to do so in safe mode as any time I tried to shut it down running normally, it just sprouted more. Thanks, everyone, for the help.

thank god it worked...but for sum reason my gmail.com doesnt wanna load...does anyone else this problem ?

i fixed it i think...sry for so many post..jus keeping u updated....it was my synamtic firewall...was blocking me from going on gmail.com not sure why..i change the security level to low instead of medium

Sorry, I goofed #7. What I meant was for new posters
to start a NEW thread in "Security & Virus" forum (this one), which means we would know which Windows System you are using if other than XP.

You can still monitor what is happening on here.

DerekW

Perfect! That took care of it! Just go into safe mode and delete ctpmon.exe also take not of what time ctpmon.exe was created and you will discover a few other mystery files, those I just renamed. But it seems to be gone now.

In order to help the search engines I would like to post that this software seems to have a website www.sysregistry.com and is known as 'Registry Cleaner 2.5' and can be installed from the file 'RCSammsoftTrial.exe'

Even after uninstalling and following countless other suggestions it still prevailed. Huge thanks to this board for figuring it out. It displays in the task menu a red shield with a white cross, which is lifted from Microsofts sypware app btw, very deceiving.

I just recently found this forum and fixed my red shield problem (thank god). I am now having trouble because I still cannot access google.com or several other webstites. I have tried lowering the levels of security on my firewall and everything but I still cannot get on google.com. Does anyone know how to fix this?

I've been able to remove ctpmon.exe and the little red shield next to the clock, but i'm not able to go on Google.... Want can I do ?

Those still having problems, due to
other infections need to start your own
thread.

http://computing.net/security/wwwbo...

i see everybody fix the computer with this way, having trouble to conect in google.com,

could have anyone to help me , to conect in google.com .....ow send me other link that have another forum about this...
please help me...

I have the same problem: was infected and I cannot access gmail.com and orkut.com I need help, please

What they did, was edit something called the HOSTS file, which is used to identify the IP address of things connected to you're computer. They basically told the computer to go to the IP address 127.0.0.1 when you type "www.google.com" instead of using a DNS server to look up google's actual IP address. Simply go to "C:\WINDOWS\system32\drivers\etc" and open "hosts" with notepad, and delete all of the entries with the IP address 127.0.0.1 in front of them, save, and you should be able to access those sites.

ahhhhh finally i could access www.gmail.com
very tks....

I used spy hunter 2.8, with windows XP,in the
Safe mode, to locate the infected files in the registry.
Then manually removed the ones put in by registry cleaner including CTPMON.EXE.
Reboot and that did it.

NEW UPDATE
I ran into the same problem. Rec'd a red sheild with a prompt for me to download registry cleaner at systemregistry.com. I did download and couldn't fix without purchasing software. I was about to purchase then I found this site. The virus was "allegidly" included on my dial up start up cd I rec'd from my ISP provider. I know this because after reading this site I did go to taskmanger and did not find ctpmon.exe. It seems as though it is now TCPIPMON.EXE instead. I did right click and "delete tree" as told and then went to run "regedit" then typed find "TCPIPMON.EXE" and once found I deleted it and it seems to be gone. Thanks for all the help and I hope this helps others with the new info.

... and the moral is, never respond to any pop-ups that claim to fix things unless you are sure what they are and where they came from (check Google first). Mostly they are scumware.

DerekW

Removal tool and donation site.
http://siri.urz.free.fr/Fix/Smitfra...

TCPIPMON.EXE was added
Version 2.145 (February 28, 2007)

%SYSTEM%\tcpipmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tcpipmon"=-

Red shield white cross. Thanks to this forum it is no longer a problem for me but it sure has been. As of 01 April it is still TCPIPMON.EXE and the method I used to get rid of this nasty from my XP Home Edition is as follows:
1) Open Task Manager. Click on TCPIPMON.EXE (I had two of them). Right click, then click on Close Process Tree. That removed it for me and it didn’t hurt anything else.
2) Go to Search, select files/folders, enter tcpipmon.exe, and bring up the entries.
3) Still on search page, right click each entry and send to Desk Top.
4) On Desk Top send each one to Recycle Bin and then empty bin.
5) Close any open programs, say bye to the red shield icon, and Restart your computer.
Hopefully it will be gone for you too. I picked mine up when browsing for registry cleaners on Google one evening and got swamped by registry cleaner pop-ups.
Anyway, once again, thanks a meg for all your help – Great site !

Ken…