Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts

    RegServo: Is it malware?

    My wife was trying to book flights with British Airways, reached the verification of her debit card stage, and the circle went round and round for a long time, until an Error 404 message appeared.

    Googling Error 404, several possible causes were listed. It recommended installing Regservo, allowing it to scan the PC and then click Fix It.

    During the download a pop up from Emsisoft said it had detected and quarantined a worm. The download completed, I allowed the scan, which claimed to have found 561 errors, at which point I was convinced itís a scam and closed the browser. Unable to remove Regservo via Control Panel, told it may have already been uninstalled, but making another attempt a few minutes later it was no longer listed.

    Unless someone can give assurance that it is genuine, a series of scans with external scanners would seem to be advisable.

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,629
    Thanks
    147
    Thanked 882 Times in 844 Posts
    I tried RegServo yesterday from a recommended Google link for another problem and it found 690 errors on mine and when I went to the fix button, that's where it asks you to register it - no doubt pay for it - I also uninstalled it using IOBit Uninstaller, but I'd created a restore point before downloading it just in case.

    My thoughts on this, while Norton said the download was safe, was that if there were that many errors on my machine then I would be better off doing a factory reset.

    Has your wife tried the same op since, as the problem may have been with their servers.

  3. #3
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    The server may well have been busy, as it occurred during the lunch hour - I never phone anyone between 12 and 2.30, and rarely try booking online at that time, expecting a long wait.

    I have experience of free scans which find 500+ errors, most of which probably are non existent, just to frighten people into buying. It's the worm quarantined by Emsisoft that makes me fear it may be more malicous than a simple sales ploy.

    My wife is preparing lunch at the moment, will try later.
    Last edited by georgelee; 2015-02-23 at 10:01. Reason: Added last sentence

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,629
    Thanks
    147
    Thanked 882 Times in 844 Posts
    Sometimes a site can be hijacked but give the computer a scan with the free version of MBAM - unchecking the box for the Premium Trial version https://www.malwarebytes.org/ and then with AdwCleaner should any PuPs have found their way in. http://www.bleepingcomputer.com/download/adwcleaner/

    If AdwCleaner finds anything to remove in its Report, then follow that up with a Junkware Removal Tool scan - its download link is lower down the AdwCleaner page.

    For AdwCleaner click on Scan and if that lists anything in the lower pane that should be kept, then uncheck their boxes.

    When the scan has completed, click on Report and that will show you if it's found anything untoward and will delete when you close the Report and hit the Clean button.

    It will produce another report after the reboot to show what it has deleted.

    It can still remove small tool type programs that it considers to be adware, but these can easily be reinstalled if you still want them back on.

  5. #5
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by georgelee View Post
    My wife was trying to book flights with British Airways, reached the verification of her debit card stage, and the circle went round and round for a long time, until an Error 404 message appeared.

    Googling Error 404, several possible causes were listed. It recommended installing Regservo, allowing it to scan the PC and then click Fix It.

    During the download a pop up from Emsisoft said it had detected and quarantined a worm. The download completed, I allowed the scan, which claimed to have found 561 errors, at which point I was convinced it’s a scam and closed the browser. Unable to remove Regservo via Control Panel, told it may have already been uninstalled, but making another attempt a few minutes later it was no longer listed.

    Unless someone can give assurance that it is genuine, a series of scans with external scanners would seem to be advisable.
    George,

    Never, I really mean never, accept the download of anything that promises to fix something on your computer.

    A 404 error means a page cannot be found. This can hardly ever be due to your computer. Even if it was, downloading fixers will never fix it. No security software can protect against actions like this by the person behind the keyboard.
    Rui
    -------
    R4

  6. #6
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by ruirib View Post
    George,
    Never, I really mean never, accept the download of anything that promises to fix something on your computer.
    Many thanks Rui, that's something really worth knowing. The fact that it came up in response to a google search half convinced me it was genuine.
    George

  7. #7
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    UPDATE.
    This afternoon a message from Emsisoft said that a rescan had shown that the item quarantined was not a worm, did we wish to restore it. The offer was declined, as I thought Regservo had been removed.

    My wife made another attempt to book the flights after 5p.m. Gave up after c. 20 minutes of watching the wheel revolve, and accepted the suggestion of trying on my PC, with the same result. She finally submitted to my nagging and used the phone: the reservation was quickly completed, and she was not charged the £15 fee for phone bookings she wished to avoid. Some women are naturally mean.

    Accessing her PC later for the scans, there was a Regservo icon on the desktop, which I deleted, no sign of it in CP, but it was in Start/Programs and the OS was unable to find it to uninstall.

    Malwarebytes found nothing, but Bleepingcomputer, which is new to me, is a problem. The scan started, but when I returned some time later it had stopped, with a message

    ĎWaiting for action. Please uncheck elements you wish to keepí.

    Then there is only some headings that were there from the start:
    Services, Folders, Files, Short cuts, Registry, IE, followed by Full Name, Service Name.

    Presumably, I want to keep all of them, but the screen hasnít changed during the taken to write these last two posts. Not knowing what action is required, Iíll probably close it and scan again.

  8. #8
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,629
    Thanks
    147
    Thanked 882 Times in 844 Posts
    The desktop icon shouldn't have been there after its uninstall.

    Reinstall RegServo and download IOBit Uninstaller and uninstall it with that and run the Deep scan after the standard uninstall..

    If it finds any remnants, check the box to Shred files.

    When you download IOBit Uninstaller, to the right of a small already checked EULA box there's one for Drive Booster which is a driver updater program - if you miss it and you end up with it, it's easily uninstalled using IOBit.

    Remnants of RegServo could be responsible for those items in AdwCleaner, so close it and see what it finds after dealing with RegServo.

    As for the CC check, contact your bank tomorrow and see if they had any problems.
    Last edited by Sudo15; 2015-02-23 at 17:17.

  9. #9
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,751
    Thanks
    171
    Thanked 650 Times in 573 Posts
    Google serves up misleading ads marked "(Recommended)" above real results:

    Google404.PNG

    ... and this Error-Toolkit leads to a RegServo download.
    Last edited by BruceR; 2015-02-24 at 00:16.

  10. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by BruceR View Post
    Google serves up misleading ads marked "(Recommended)" above real results:

    Google404.PNG

    ... and this Error-Toolkit leads to a RegServo download.
    "Do No Evil", they used to say...
    Rui
    -------
    R4

  11. #11
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by BruceR View Post

    ... and this Error-Toolkit leads to a RegServo download.
    Yes, that's the link I clicked on.

  12. #12
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,629
    Thanks
    147
    Thanked 882 Times in 844 Posts
    Have you reinstalled/uninstalled RegServo yet to run AdwCleaner again.

    I ran AdwCleaner following my escapade with RegServo and it found and removed something called Driver Toolkit.

    Wherever that came from, it must have been hidden as I always read before hitting Next or Install.

  13. #13
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    703
    Thanks
    256
    Thanked 4 Times in 4 Posts
    Sudo, reinstalled Regservo, then deleted it with IOBIT, which found lots of remnants. I forgot your instruction to shred the remnants – in fact I considered the option, but decided against in case something essential had been deleted in error (why else would it create a restore point?). Hopefully all traces are now gone. Unfortunately the advice to scan and then use advanced scan WAS remembered, but I confused it with Advanced System Care on offer and downloaded that as well. Hopefully that will be easy to remove.

    Have lost all confidence in AdwCleaner. Used it after the foregoing, it started updating the database, and this time I was only away for a few minutes, but when I returned it was just like yesterday, still at the starting page as described in # 7 and the ‘Awaiting Action’ message. It could not have made a thorough scan in 2-3 minutes, and there’s no indication of the action required. However, I used Trend Micro, but nothing was detected. Will assume for now that the PC is clean, but do a clean install at some point.

    George

  14. #14
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,629
    Thanks
    147
    Thanked 882 Times in 844 Posts
    I didn't have any problems when I used AdwCleaner.

    See what ESET Free Online Scanner finds - it's pretty good at finding PuPs and PuAs, although it can take a while to complete.

    Boot up into Safe Mode with Networking and download/run http://www.eset.com/int/home/products/online-scanner/

    Click on Advanced and check all of the boxes except the lower Proxy one - check the auto uninstall box then disable your AV program immediately before clicking the Scan button.

    In Safe Mode with Networking your AV program is isolated anyway, but disabling it is standard practice when running ESET's Online scanner.

    Did you contact the bank to see if they had any problems ?

    I must admit that it would have grieved me if I had to shell out 15 quid when I didn't need to because of an Internet or computer glitch.
    Last edited by Sudo15; 2015-02-24 at 20:03.

  15. #15
    Silver Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,378
    Thanks
    235
    Thanked 147 Times in 136 Posts
    And maybe stay away forom online transaction w/ credit cards until you get this all straightened out. And then wait another week.
    MHO

    David

    Just because you don't know where you are going doesn't mean any road will get you there.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •