How to remove fake registry cleaner malware
Some viruses masquerade as helpful utilities
By Chris Byers | PC Advisor | Published: 10:13, 24 March 2010
QUESTION
I installed RegTool on my PC. Startup and running speeds were greatly improved and I was initially impressed. Fastforward a few months and RegTool is pestering me to update it at every startup. My internet security software Kaspersky blocks the download, stating that it carries a known virus. What should I do?
Robert Ford
Related Articles on Techworld
HELPROOM ANSWER
The bad news, Robert, is that RegTool has been widely reported as a fake Registry optimisation application. The good news is that Kaspersky is doing its job.
Now we have to get your system cleaned up. First, grab a copy of our old stalwart CCleaner. This is a reputable system and Registry cleaning utility.
Run CCleaner and have it delete all your temporary files - particularly the temporary internet files. Now go to Start, Search, type msconfig and press Enter. Click the Startup tab and deselect any programs labelled RegTool or those you don't recognise (you can turn them back on if you later find you need them).
Next, go to Start, right click Computer, Properties, Advanced, System Settings, then System Protection. Click System Restore and, in the next window, tick the box next to 'Turn off system protection'. This will turn off System Restore and prevent you later rolling back the machine to find yourself in the same RegTool situation.
Now uninstall RegTool from Start, Control Panel, Programs and Features. Reboot.
Run CCleaner's Registry cleaning utility to check for any files that have been left behind. Also launch Kaspersky and get it to run a full system scan.
Finally, turn System Restore back on and create a new restore point. You should now be free of RegTool and any installation files it has left behind.
Comments