View Full Version : OT: Help, Another computer problem. SpeedUpMyPC by uniblue
04-20-2013, 11:54 AM
I am having a computer problem that I can't seem to fix by myself. A few weeks ago my laptop started acting up and it had the symptoms of having spyware. I use McAfee anti virus and it still let something in. So, I remembered reading something in the kim komando comumn about the registry being compromised. I went to the kim komando site and found a link to a "free" registry cleanup site. The site was "SPEEDUPMYPC.COM by uniblue.
Went to the site and ran a scan of the puter and it said that there were over 100 bad files in the registry and would I like to remove the bad files. I say OK and it comes back and says that it will fix the first 15 files for free, but if I want them all removed there is a charge for that. I figured why not get rid of 15 for free. Ever since my puter gets hijacked when I use google search or yahoo search. The search works fine but when I click on a search result, it redirects me to some other search results.
I tried going to programs in the control panel and deleting the speedupmypc files but that didn't fix it. Then I did a system restore to before the speedupmypc was there and it just won't go away.
Needless to say, I have put kim komando's site on my $hit list. Never again will I take anything she has to say at face value.
Do I have to re-format the hard drive to get rid of this? Any ideas? There have got to be others that have been bitten by this bug.
04-20-2013, 12:09 PM
It's probably what they call a rootkit virus. Sometimes they can be hard for scan software to find. I had something similar a while, did redirects like you're describing. I had to try a few scan programs until I found one that would locate it and clean it. I think it was ultimately Kaspersky that cleaned it. Look up rootkit and redirect to learn more.
04-20-2013, 12:15 PM
Try Microsoft safety scan. It is free from Microsoft and it is updated every week.
It takes quite a long time to scan the whole computer, then gives you a report and tells you where the bugs are.
You were bit by scamware. Download CCleaner and run a registry scan. It is almost foolproof and I use it. It will also scan many other parts and it backs up everything before it scans. It's free too. They have been around for at least a decade and can be trusted. http://www.piriform.com/ccleaner
As for so called "root kits" there is a scanner for that too from a little known part of Microsoft, SysInternals. http://technet.microsoft.com/en-US/sysinternals Look on the left side for "RootKit Revealer", download it and use it. Read the readme file included. The SysInternals utilities are all excellent but most require considerable knowledge of the system. Then download the Microsoft Malicious Software Removal tool and run it. http://www.microsoft.com/security/pc-security/malware-removal.aspx
You can also restore the registry by running a System Restore to a date before you ran the crapware. You will not lose any work but anything installed after the restore image time will be uninstalled. You still need to run the other tools I mentioned even after a Restore. Run the tools first so you don't have anything left to contaminate the restored system and then run them again to clean up anything that might have been present before.
04-20-2013, 04:03 PM
Another resource for virus-infested computers:
(despite the cheesy name, it's a legit site)
for root-kit detection and removal see:
I've used their tools four or five times over the past few years (each time successfully).
04-20-2013, 04:53 PM
Scamware. I had a problem with my computer last year. Two level #1 Microsoft techs spent a week trying to repair the problem. A trip to the "Geek Squad" at Staples ended up costing me $400, and the day after I got it back, the problem not only came back, but it brought a few friends along, to make things interesting....The "Geek Squad" insisted that there was no warranty and offered to fix my computer for another $400. Now it was down to buying another computer or spending as much in an attempt to fix the old one.
Then, by chance, I happened to be talking with my brother's wife about the problem, and she told me that the programs like Uniblue seldom fix anything, and if you don't buy their software package ($300+) the initial program (yeah, the "free" one) installs a few rootkit viruses and goes away. After describing all of the steps I took to attempt to repair the problem, she mentioned that it was entirely possible that my hard disk might be "delaminating" and losing data in the process. AH, HA! said I, a viable failure, and virtually undetectable to troubleshooting software.
I scampered down to our local "Staples" office supply store, and bought the largest hard drive they had. When I got home, I booted up my wounded computer, and with the install disk, had the thing erase and re-write the BIOS. Then, I unplugged the hard drive and installed the new one. Once installed, I downloaded my files from my provider's "cloud" (online storage) and reloaded several compromised programs. It's April now, and my computer has been working just fine, in fact, it's a little faster, since the new hard drive is a 7200 RPM drive instead of the 5400 RPM drive it replaced. The faulty hard drive was treated to a 7/16" hole bored right through it on my mill-drill.
Erase and rewrite the BIOS? That isn't on the hard drive. It is kept on a flash rom entirely independent of the storage system.
04-20-2013, 09:34 PM
400$ damn bucks?
For that amount of money i would rather buy a new hard drive and toss the old one out.
There is a great resource online called virustotal.com basically you can send it your suspect file and they check it against around 50 different antivirus programs.
But theese days none gets infected via installing a software it seems.
Most of infections come from online via securuty holes in IE.
Firefox in this case is much better. Over the years i only once managed to get a virus in FF because of buggy Flash addon.
I dont know how good is chrome compared to FF.
Someone with info on this might be helpful.
Edit maybe: by rewriting BIOS he meant reloading saved settings from the HDD file, or updating Firmware?
04-20-2013, 09:46 PM
Erase and re-write the BIOS, Evan. That's what I was told. Some of the nastier viruses around today (especially the ones written by the people who want to sell you protection from them) actually write a copy of themselves into the existing BIOS. Then, when you boot up after making repairs or replacing parts, the virus is already there, lurking in your BIOS.
I have a friend who works on computers for a living and he was fooled into contaminating four brand new hard drives before he discovered this. Unfortunately, most computers require access to the motherboard in order to initiate the "ERASE BIOS" jumpers. Once the BIOS is erased, startup with the new hard drive DVD usually installs the latest, uncontaminated BIOS, automatically. I should have mentioned it in correct order to avoid confusion. You remove the bad drive, erase the BIOS, and then install the new drive, along with it's appropriate install DVD.
04-20-2013, 11:28 PM
Not a hijack but I just downloaded and ran Evans suggestion piriform and cleaned my registry and all I can say is works. I didn't relalize how much crap was in there.
bborr01 try it ,it works.
04-20-2013, 11:41 PM
Another dittos to using CCleaner regularly... and to at least see where you are scam/mal-ware-wise:
Kaspersky Security Scan
It will only inform you of what it finds but not fix as it's free.
04-21-2013, 12:01 AM
Thanks for all the help guys. I will post more tomorrow on where I am at on this problem.
04-21-2013, 01:40 PM
Here is where my puter is at this stage. I ran MS safety scan and it said my machine had 5 bad files. When it finished it just said that the files had been removed, but didn't say what they were.
After re-starting it still had the same two error messages pop up on the screen. "the specified module could not be found" "Local Library (pythondll) failed. The other message was "C:/Program Files (x86)/Uniblue/WpeedUpMy PC/PYTHON27.DLL. To get rid of them I have to click on the x twice each. So that issue appears to be to do with the uniblue scamware.
My google is also still being hijacked. I think next step is to try Evans suggestion ccleaner. I will keep you posted. Thanks for the help so far.
Anything to do with Python is absolutely not a part of the Windows system. Python is a programming language not used by Windows in any way. Removing the Python bits will disable whatever needs them without screwing up the computer.