Over 1 million tech questions and answers.

Infected With "system Alert!" In System Icon Tray

Q: Infected With "system Alert!" In System Icon Tray

I got infected with one of the fake "System Alert!" icons that keeps popping a message up every few minutes. I've run Ad-Aware, Spybot, and McAfee Anti-Virus multiple times both in regular Windows mode and in Safe Mode. I've also run the McAfee Stinger application. None of these have solved the problem. Here's my HT log, thanks for any help!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:14 PM, on 2/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\Program Files\Dell\QuickSet\Quickset.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Wallpaper Master\Wallpaper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\AOL\Loader\aolload.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Stardock\ObjectDock\ObjectDock.exeC:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exeC:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exeC:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exeC:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exeC:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\GEARSec.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exeC:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exeC:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exeC:\Program Files\UGS\UGSLicensing\lmgrd.exeC:\Program Files\UGS\UGSLicensing\lmgrd.exeC:\Program Files\Viewpoint\Common\ViewpointService.exec:\WINDOWS\system32\ZuneBusEnum.exeC:\Program Files\UGS\UGSLicensing\ugslmd.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: e404 helper - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - (no file)O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dllO3 - Toolbar: (no name) - {81705D67-3F73-4983-859B-97D0922E5ABE} - (no file)O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,StartO4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /trayO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,[email protected] - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exeO4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /RO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exeO4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgets.exeO4 - Global Startup: Bluetooth.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://*.mcafee.comO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO18 - Protocol: bw+0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {479DECFE-B981-4CAC-8142-A599ED364764} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - C:\WINDOWS\system32\txdkfh.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exeO23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exeO23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm--End of file - 26707 bytes

RELEVANCY SCORE 200
Preferred Solution: Infected With "system Alert!" In System Icon Tray

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected With "system Alert!" In System Icon Tray

Hello Donnie M.,Welcome to Bleeping Computer Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Thanks,tea

Read other 14 answers
RELEVANCY SCORE 106

Yes, this virus is still out there and somehow it got to me, and on my day off to..
Anyways, I have Webroot spy sweeper and AVG:Free Edition control center. The AVG is always turned on but my WebRoot wasn't. I scanned with both and the Virus icon is still there. Its the one that keeps popping up with a message saying that my computer is infected. Critical System Error! System detected virus activites, they may cause critical system faiulre ect.. My Web Root has not got rid of it after sweeping my system twice. I got a message earlier to install Spysweeper Quake? But I did not. Anyone have any info on how to get rid of this thing? I have no idea how to access my hijack logs. Any easy instructions on how to get rid of this annoying virus icon would be appreciated.
Thanks in advance!
 

A:Virus Alert!! Flashing icon in system icon tray

Read other 15 answers
RELEVANCY SCORE 104.4

My computer was infected by Spylocked. I have removed everthing to do with it except this icon which constantly switches from a DirectX icon to a warning triangle. Every so often a popup appears. It says that System Alert has detected harmful malwares etc on my computer. If clicked on either right or left click this site is brought up http://www.spylocked.com/?aff=334where they try to sell you a product called Spylocked. I seemed to have removed all except this icon/popup; I have searched the computer several times and can't find it. I'm in the middle of writing a major report which must be finished by the end of the month and I have lost 3 days to this already. Help!Logfile of HijackThis v1.99.1Scan saved at 13:57:13, on 26/05/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spool... Read more

A:System Alert Popup From An Icon In The Sys Tray

Download SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.exeDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Post back with the smitfraudfix log and a new HijackThis log

Read other 1 answers
RELEVANCY SCORE 103.2

I am currently using Zone Alarm's Firewall, I have Norton AntiVirus installed, and Ewido is installed with active-guard. Furthermore, I've run Stinger, AdAware, Spybot, ATF-Cleaner, RogueScan, and SmitRem.... I've tried numerous fixes, and I've also fixed several problems in HJT. I've done all of this in Safe Mode as well, and even turned off the system restore while rebooting, so that the problem wouldn't come back.. No fix I know of seems to eliminate this problem...Fortunately the problem is a little bit better than before...I now can control my web browser's startup page and it seems I've eliminated the spyware quake. I used to have uncontrollable pop-ups but those are gone. I've gotten rid of a trojan dropper and dialer. There was a triangular yellow caution sign in my system tray, associated with the popups and the Internet Explorer hijack, but that is gone now. The only thing that I can't get rid of is a little symbol in the system tray that flashes back and forth between what looks like a green handicap symbol (I honestly don't know what it's supposed to be) and a red "ban" symbol. When I hold my cursor over it it says "Virus Alert!" Every now and then red boxed messages appear telling me I am infected with spyware, trying to get me to go to a site and buy softare. In fact, it takes me to SpywareQuake.com...Any help you can give me is greatly appreciated.Here is my HJT log:Logfile of HijackThis v1.99.1Scan saved at 2:25:59 AM, on 4/15/... Read more

A:"virus Alert!" Icon Flashing In System Tray

Hello Harry83,Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. ______________________________ Please download the trial version of Ewido anti-malware 3.5 from here: http://www.ewido.net/en/download/ Install Ewido anti-malware. When installing, under Additional Options uncheck Install background guard and Install scan via context menu. When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok. The program will prompt you to update. Click the Ok button. The program will now go to the main screen.You will need to update Ewido to the latest definition files. On the left-hand side of the main screen click the Update Button. Click on Start.The update will start and a progress bar will show the updates being installed. Once finished updating, close Ewido. ______________________________ Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your ne... Read more

Read other 37 answers
RELEVANCY SCORE 103.2

Three days ago I detected a virus/worm in my computer - [email protected] Since then I've read forums and downloaded anti-spyware programs that would remove it, and partially it did, but an icon still remains....which means that some spyware can be still in my computer.... The icon is a red circle with a red line across and it changes to a green handicapped symbol every second, which says "Your computer is infected! Critical System Error! System detected virus activities..." and I can't get rid of it.... So, I need your help... Thanks for your assistance.Susana MarinhoPortugalHere is my HijackThis log file Logfile of HijackThis v1.99.1Scan saved at 12:01:29, on 25-04-2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\crypserv.exeC:\Programas\ewido anti-malware\ewidoc... Read more

A:"virus Alert" Icon In My System Tray - [email protected]

Hello there, *It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! * Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs as a "RiskTool"; it is not a virus, but a program used to stop system processes.David

Read other 11 answers
RELEVANCY SCORE 103.2

Hi All,I have a "System Alert!" tray icon that brings up fake alerts. Here is the full text of the message:"System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution."I researched a number of topics like "How to Remove VirusHeat" or "How to Remover VirusProtect", but I cannot find any specified .dll files in system32 folder that would indicate a problem. Just as described, I, due to my stupidity, opened a "codec" that installed this crap on my computer. In particular, in Program Files I had "Web Technologies" folder that I managed to delete in the safe mode, however, the tray icon is still there. I also deleted all registries that had "Web Technologies" mentioned, but the damned tray icon is still there. It is the first thing that loads, even in the safe mode. It does not show up in Processes in Task Manager. When I click on the "alert" balloon, it launches Internet Explorer, but it does not load any pages with the fake spyware soft. It seems that I somehow killed most of this malware, but I still cannot get rid of the icon. Avast! and SpyBot do not find any problems.Here is the log if HijackThis. I will appreciate any advice on how to finish this malware off. Thank you!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:02:07, on 7/1... Read more

A:System Alert! Tray Icon, (virusprotect?, Virusheat? Don't Know)

Okay, it may have been Antivirus 2009 Hijack featured on the main page on today's bleepingcomputer.com and here:http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009. I did not find any .dll files specified there, but just in case, I downloaded and ran Malwarebytes that found some registry entries that remained and needed to be deleted. So, after Malwarebytes I restarted, and voila - the evil icon has gone. Thanks to www.bleepingcomputer.com!!

Read other 3 answers
RELEVANCY SCORE 102

Hi,

There is a virus in my machine( I guess), as there is a flashing icon in my system tray which flashes green and red. On mouse over of the icon says "Virus Alert!". On clicking on the icon gives the message -
Your computer is infected!

Critical System Error! This may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available softwares.

On Clicking on the message, takes you to http://www.spywarequake.com/?aff=247.

Please advise on how this icon and the associated program can be removed from the system.

Thanks,
 

A:Flashing Icon in system tray with Virus Alert message

Read other 9 answers
RELEVANCY SCORE 100.8

Hi All --Last weekend I caught what I believe was a case of mssearchnet + nvctrl and perhaps spyfalcon. Using the advice of this site (awesome, thanks!) and some others, I've managed to be back to normal with one really annoying exception: the "Virus Alert!" flashing icon and occassional message ("Your computer is infected! Critical system error! blah blah blah"). The icon is the green wheelchair icon flashing over to the "ban" icon - red circle, single red line running through it. Interesting to note that no link appears to be functioning in the pop-up box. It's just flashing and popping up every so often. I've gone through many other posts on this and have run the following (in safe mode as well as normal boot mode): ad-aware, spybot, ewido, panda, mcafee, stinger. After every re-boot, I'm still greeted by the unwelcome flashing icon. I disabled system restore early in the process as well. Can someone take a look at my HiJack and SmitFraud logs? Much thanks in advance!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of HijackThis v1.99.1Scan saved at 9:43:50 PM, on 4/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\W... Read more

A:"virus Alert!" Icon Flashing In System Tray - Other Issues Solved

...I did a bit more research and looks like the line from the SmitFraud log held the key:

C:\WINDOWS\system32\suprox.dll FOUND !

Sooooo.....

Booted into safe mode, renamed it, deleted it, and now all seems to be fine.
Even though I didn't have any direct contact with the mods on here, I did learn a whole lot scrolling through these posts. I think this site really provides a great service (especially for the price)! Thanks.

Read other 3 answers
RELEVANCY SCORE 100.8

Ive tried smitfraud and everything. I have webroot spysweeper but nothing seems to work. I tried the going into safe mode and smitfraud procedure but nothing seemed to work. Im posting my HJT Log below...Please someone help.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:49 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\dllcache\win32\winlogon.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\windows\system32\dllcache\win32\csrss.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
D:\Program Files\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Secretmaker\secretmaker.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\... Read more

A:Solved: Virus Alert Flashing Icon in system tray....need help desperatly..Pls

Read other 16 answers
RELEVANCY SCORE 99.2

I have a flashing icon in the system tray that looks like a green wheelchair alternating with a slashed circle.Every so often a red box pops up saying "Your computer is infected!", etc etc.Did some research but all the solutions I found referred to files I cannot find in the system32 folder. I don't have any entries for SpywareQuake on add/remove programs. The screenshots of other people's infections all seemed to have a green box but were otherwise the same.Here is my HT log:Logfile of HijackThis v1.99.1Scan saved at 2:14:58 PM, on 4/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\dcomcfg.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Mozilla Firefox\firefox.exeC:... Read more

A:Infected With System Tray Virus Alert

Hello and Welcome to the Forum.Download Killbox by Option^Explicit. Save it to your desktop.Restart your computer into safe mode now. Perform the following steps in safe mode:Double click the KillBox program to launch it Click on Tools>Delete Temp FilesSelect "Replace on Reboot" and "Use Dummy" from the left hand column. Next copy/paste the following into the "Full Path to Delete" box:

C:\WINDOWS\SYSTEM32\winowl32.dll
Click the Red Button with the White x on it. Click the "Delete File" button Reboot your computer==================================Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the you.

Read other 9 answers
RELEVANCY SCORE 98

I am havig some system tray icon problems after installing anti-virus and spyware software. Looking for a fix for the disappearing system tray icons at initial start-up. Quick fix--log off and on again--icons reappear where they should. I am told that this disappearing activity is due to a Windows XP "BUG". What a problem! Any ideas for a secure, lasting fix out there? After the spyware and antivirus software installation, the computer star-up time is now really SLOW too. The software launches seems to be in conflict with each other, or something. Have emachine--T3406, Windows XP Home 2002, Service Pack 2. 1.23 GB RAM.

Thanks, ComputerMaven
 

Read other answers
RELEVANCY SCORE 91.6

Hello,
I somehow got a Spydawn system alert popup virus after downloading codecs from the 'net thinking it was safe, i was wrong. I knew i shouldn't have trusted the download but did it anyways.
I managed to get rid of some items that were sent to my desktop plus the system alert that was in my control panel-add/remove programs. I ran ewido, adware,spybot and smitfraud, it doesn't say smitfraud fix..? I even did all of this in safe mode too, but the system alert popup is still flashing in the bottom right corner but now i can not access internet explorer...can't make a connection to the internet.

I don't see anything referring to spydawn in the log.


My Hijackthis log displayed these files that appear to be part of my problem.
I have no internet connection so i can't show you the complete log unless i copy all of it word for word...which i did for just these particular ones that seem suspicious.


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

RO-HKLM\Software\Microsoft\Internet Explorer\Main,start_page_URL =
about:blank

RO-HKCU-same with local_page=about:blank

RO-HKLM.."same"local_page=about:blank

R3-Default url search hook is missing

O3-toolbar:(no name)-{bdad1dad-c946-4a17-adc1-64b5b4ff55do}-(no file)

018-Protocol:msnim-{828030a1-22c1-4009-854f-8e305202313f}-"C:\progra~1\msnmes~1\msgrapp.dll"(file missing)

021-SSODL:prxsvc-{c27eccbf-adea-48c8-842c-a4d699dbae9a}-(no file)

016-dpf{... Read more

A:Flashing system Alert at bottom right system tray, no connection,Spydawn,blank page?

Hi and Welcome to TSF

Look over the First Steps at Removing Malware , then post a HJT log in the HiJackThisLog Help Forum

Cant you copy the complete HJT Log onto a floppy/thumb drive/cd and then paste it in the HiJackThisLog Help Forum? this is the only way we can possibly start helping you

Read other 5 answers
RELEVANCY SCORE 91.2

I would appreciate some help please, with cleaning a desktop computer of a "ContraVirus' program installation. This is for a Windows 98se desktop computer - not currently connected to the internet (but this can be arranged later, if necessary. I am currently using a separate computer for Internet access and research - WinXp notebook computer).
The affected system (Win98se) appears to have installed "ContraVirus 2.0" program, 12 months ago and due to a recent change of owner and internet connection on dial-up is now becoming unuseable. Some symptoms are: Unable to enter Safe Mode, have an icon in system tray showing 'Virus Alert' with white cross in red circle. Left or right mouse clicks on the cross gets no response. Dial up connection periodically tries to connect (This maybe AVG antivirus, though). Recent add/remove program uninstalls have been done for 'ContraVirus 2.0' and 'Sierra - planner.exe'. AVG 6.0 Anti-Virus will not download updates, reporting that a file is missing?. AVG scan shows clean, but registry still has ContraVirus entries.

Log File follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:48 PM, on 13/12/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.E... Read more

A:ContraVirus 2.0 on Win98se system and Virus Alert! in system tray

No takers yet? - who loves a challenge?.
The Hijackthis log above is still current. I will hold off doing anything for awhile longer. Would really appreciate some experienced step by step removal instructions or link to a solution. Even a first step would be great - Thanks
 

Read other 2 answers
RELEVANCY SCORE 91.2

Hey everyone, firstly thanks for reading this and trying to helpBasically I got infected this morning and its a program that has a flashing accesibility icon / cross that from time to time says my computer is infected and click on it to go where and get what to fix it. I've tried running in safe mode and even then this malware opens up. This is my hijack log:Logfile of HijackThis v1.99.1Scan saved at 8:22:31 PM, on 4/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\UAService7.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Logitech\MouseWare\system\em_exec.ex... Read more

A:Infected With "virus Alert! Tray Icon Would Appreciate Help

Hi there and welcome to Bleeping Computer ! As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!Thanks very much David

Read other 3 answers
RELEVANCY SCORE 88.8

Hi,

I am having major problems with my computer!
I have an Icon in my system tray that has a pop up window saying 'Critical System Error' - When I click the ballon it takes me to software down loads!
Whwn I use IE I get load and loads of pop ups, and self installing files. My computer is running very slowly also!

I have run Norton Antivirus and Spybot Search & Destroy, removed all nasty files etc - but I am still getting the same problems.

My Hijackthis log is pastes below:

Logfile of HijackThis v1.99.1
Scan saved at 17:38:34, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\cc... Read more

A:'Critical System Errors' Ballon/Icon in System Tray - Browser Pop Ups etc!!

have had this many times, if possible try to ignore it till u get a response from security tech,there are many suggestions on web, best way i have found before i knew how to remove it was to open task manager when the programe was open as in the large sign u get saying your computer is infected etcetc to see the process then identify which process it is by closing all others right click on the process in task manager and click jump to process,it will highlight then click end process
 

Read other 1 answers
RELEVANCY SCORE 88.8

Hello to whomever responds to this thread. This is the first time I've used one of these help forums and my knowledge of computer lingo is limited, but I'd be greatful if you could help me with this problem.

A little while ago I downloaded an application which turned out to be a 'trojan', or so I believe. Upon opening it I received an error report, and my antivirus program (Symantec) informed me that several items with .trojan in their name had been detected and deleted. I was also advised to reboot my computer, and after doing so I became aware of a little red shield icon in my system tray. Clicking it brings up a question which reads:

"Would you like to update your security software and download System Live Protect?"

I have not clicked yes because I believe this may be a problem. Furthermore, whenever I open Internet Explorer, there is an error report: "Internet Explorer has encountered a problem and needs to close."

I am unsure as to whether these two problems are related, but that is my suspicion. Is there anything that can be done?

Thanks for reading

A:System Live Protect Icon In System Tray And Internet Explorer Error Report

I just looked around on the web and there are a lot of folks with this problem but no answer. Use the programs below and let's see what they find. It is definitely something you don't want.Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------How To start Windows in Safe Modehttp://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Read other 5 answers
RELEVANCY SCORE 88.8

I picked up a nasty bug this morning and have been battling it all day long. I've been down a similar road before and have thrown everything I can at it, spybot, ad-aware, AVG, stinger, you name it, I tried it. One thing that came up a lot was downloader.zlob, not sure if that means anything.Now I think I'm ready for a pro to take a look at the situation. If anyone can help, I would greatly appreciate it.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:52:05 PM, on 10/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\ups.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Window... Read more

A:windiwsfsearch, "System Alert!" in system tray

Hey there. Since I haven't received a reply in over five days, I thought I'd take the opportunity to add a couple of pieces of information to the puzzle. I guess I should have mentioned that I am using XP SP3 and IE 7.I don't have that weird "system alert" symbol in the system tray anymore. I just ignored it and it went away. Wish that worked for cancer. It was probably more of a symptom than a cause.I tried to roll back using system restore with no luck, it wouldn't allow me to restore to an earlier restore point. System restore is currently off. I turned on tea timer and it blocked some registry changes.I'm having a lot of trouble with Hijack This. When it runs it slows way down while scaning 015 Trusted Zone Enumeration. I will try to unistall and re-install it.Now my HJT log looks different than it originally did.Here's my topic with the old log.Here's a current log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:40 AM, on 10/18/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\System32\svchost.exeC:... Read more

Read other 8 answers
RELEVANCY SCORE 88.4

Hi,

I've been having some very slow system issues today and have checked that system resources seem to be at normal levels - CPU usage at around 20% and Memory usage at around 50% during normal operating.

However I have noticed a new icon in my system tray which I can't identify, can't click on, and has no text when I hover over it. Can anyone recognise it? It looks like a grey/silver square or box with something green on it - no idea what it's trying to represent

Does anyone know what it represents?

Cheers, Smootus

A:Unknown icon in system tray - slow system - pic attached

try clicking customize and find it in the list that opens, it may have some details there,

Read other 2 answers
RELEVANCY SCORE 87.6

Ok, Thank you guys in advanced before I start.
 
So for some odd reason today on one of my laptops my wifi seems to not be working. Usually I like to go and look at my wifi signal to see what Im connected to as soon as I boot m computer. Well this time I started it up and the wifi system icon will not show up. Of course I go to customize to see if its disabled and if I can enable it. Well the option doesn't even show up. I restarted the computer and even used system restore nothing seems to work. I ran a wireless network troubleshoot and it says the problem cant be resolved. Im on one of my other laptops because I cant access the internet on the laptop.
 
So can anyone help me at all? Im new to this forum I think but I do have FRST so if anybody has an idea please let me know. I will provide all the information I can if you tell me what i need to get.

A:Wifi system icon not showing up in system tray.

Have you checked Device Manager?  Are there any problems noted with the wifi connection there?
Have you tried:
- downloading a fresh copy of the wifi driver from the manufacturer's website
- uninstalling the current wifi software/drivers
- installing the freshly downloaded drivers?
 
Have you tried to reset tcp, ip, and winsock?
From an elevated Command Prompt run (and press Enter after each command.  Reboot when done):
netsh int tcp reset
netsh int ip reset
netsh winsock reset

Read other 7 answers
RELEVANCY SCORE 87.6

Like some others on this forum, I have an icon in my system tray that keeps alternating between a yellow triangle and a land mine icon. Periodically a pop up appears "Critical System Errors" that is attempting to send me to some website for Spyware removal software. I run SpySweeper and MacAfee and have completed scans with both of those products but the icon remains. Here is my HiJack This log. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:42:30 PM, on 12/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\HP\HP Software Update\HPWuS... Read more

A:Critical System Errors Icon in System Tray

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may... Read more

Read other 3 answers
RELEVANCY SCORE 85.6

it seems a lot of people have been having a problem with this evil spyware. i googled how to remove "system alert pop up" and this came up....http://www.bleepingcomputer.com/forums/t/81721/system-alert-popup/i read but its a bit confusing, i dont know what "hijack this" is or "SmitfraudFix" these are firsts for me, i need some guidance.there was other spyware cus some idiot in my house fell for those pop up scams and downloaded the spyware programs, but i removed the rest with a combo of programs, but this system alert thing is stingy. i removed it before but forgot how, when you click on this thing it takes you to spydawn website, and i know people are having problems with that too, but i dont think anyone in my house downloaded that. this system alert popup also shows up in in the remove/ add programs list too and says its like 60 MB and every time you try to remove it does nothing. i tried to go into safe mode and scan with some programs but it wasnt working it was taking too long with an avg antispyware scan and i just quit.i need help what do i do ?

A:System Alert Pop Up Me Too ! In System Tray

Please download HijackThis:http://www.thespykiller.co.uk/files/HJTsetup.exe to download HJTsetup.exe Save HJTsetup.exe to the Desktop Double-click on HJTsetup.exe By default the program installs to C:\Program Files\HijackThis Click Next in the setup dialogue until you get to: Select Additional Tasks Check: Create a Desktop icon Click Next and continue to follow the rest of the prompts. Click Finish to launch HijackThis.Then, close all windows and browsers, and double click HijackThis icon on the Desktop to open the program.Press the Scan button, and when the scan is done, press: Save LogSave the HijackThis log file, and post it right here.

Read other 10 answers
RELEVANCY SCORE 85.6

i hav a similar problem... i also hav a small 'security alert' icon in the system tray.
i tried the soln. but it was not removed.
plz help.....

SmitFraudFix v2.130

Scan done at 0:54:05.14, Wed 12/27/2006
Run from D:\Mozilla Downloads\smitfraudfix_v2.130\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"
Killing process
Generic Renos Fix

GenericRenosFix by S!Ri
Deleting infected files
Deleting Temp Files
Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows N... Read more

A:system alert in system tray:

Read other 10 answers
RELEVANCY SCORE 85.2

Have an issue on Windows XP.

The DDS.txt file is attached below.

Upon system startup there was a popup referencing worm.win32.netsky. (I don't want to start the system up again until hearing back.) I ran the Symantec removal tool here:

http://www.symantec.com/security_res...021816-1759-99

and it said that it wasn't found on the system.

Task Manager has been disabled somehow. We did not disable it manually.

The background wallpaper picture we had was replaced with a black box with red lettering saying

"YOUR SYSTEM IS INFECTED!"

In white text there is

"System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommeded [sic] to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed [sic]"

(I've inserted [sic] to indicate spelling/grammar are entered verbatim.)

There is a tray icon that is a red circle with a white "X" in it. Every few minutes there is a balloon that pops up and says:

"Click here to protect your computer from apyware. Your computer is infected! Windows has detected an infection of spyware. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you."

We have not clicked on this balloon to download anything.

ark.txt and attach.txt are uploaded and zipped as requested.

We do not have access to a Window... Read more

A:"YOUR SYSTEM IS INFECTED!" wallpaper + red circle X tray icon

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

Read other 2 answers
RELEVANCY SCORE 84

In my tray apears this mesagge flashing saying system alert and when i click on it this page pops up hxxp://spydawn.com/?aff=334, i already run ad-aware, spybot, trend micro pc cillin and hijackthis as it said on the tutorial...Please some help on it....ThxLogfile of HijackThis v1.99.1Scan saved at 12:10:26 AM, on 2/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\WINDOWS\system32\SearchIndexer.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS�... Read more

A:System Alert On Tray

Welcome to BC jugalo Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Read other 7 answers
RELEVANCY SCORE 84

Can someone help me with this? I have this system tray icon blinking with "System Alert!" info bubbles telling me I have spyware. If I try to do anything with it it sends me to "antivermins.com." I ran Adaware and Spyware and picked up a few things but I'm still getting pop ups.

Copied this from another thread since I have the exact same problems. However, when I did the Smitfraud thing, it didn't get rid of the problem.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:10 AM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared... Read more

A:System Alert in Tray

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 3 answers
RELEVANCY SCORE 83.6

Good morning experts,

Please help me since I dont know what to do to solve this. This mornig I started my laptop, after a few minutes the wifi disconnected and the yellow dot showed on the wifi icon. I tried to click on the icon but nothing happened. Tried to click click clik and nothing happens. Tried to click on the sound icon and nothing happens. Like if they were disabled. All the other icons are working normally. I tried ending the explorer.exe and run it again from the systems administrator, after doing that when I click on the wifi it works but now shows the " x" and no connections available.

This whole thing happens every time I restart the laptop, wifi ok for a few minutes, then suddendly yellow dot and it wont let me even click on the icon.

I scanned with panda global anrivirus, malwarebytes, spybot search and destroy, everything clean.

Please help

System info: lenovo b570 core i3. Windows 7 x64 ultimate

A:wlan icon and sound icon on system tray not working

Hi Welcome to Seven Forums ... From the task bar click on customize .. Then turn system Icons on off and make sure the boxes are checked .. If that does not work try the Link below ...

System icons do not appear in the notification area in Windows Vista or in Windows 7 until you restart the computer

Read other 2 answers
RELEVANCY SCORE 83.2

I cannot get rid of System Alert in tray. I have used AVG spyware, Adaware,and spybot, done in Safe Mode and regular. Have McAfee Subscription, and also scanned with Panda. Turned off system restore. Followed instructions on which items to check in Hijack. Have used ATF Cleaner. Used smitfraud fix and smitren fix. Still have all of these programs saved. Picked up this bug downloading a video which appeared to be windows media player.Panda Scan results follow Hijack Log belowPlease Help...Logfile of HijackThis v1.99.1Scan saved at 2:08:23 PM, on 4/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\CTsvcCDA.EXEc:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\svchost.exeC... Read more

A:System Alert In Tray/malware

Welcome to BC

Open Hijackthis, Click Open the Misc tools section Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Read other 1 answers
RELEVANCY SCORE 83.2

I thought I removed the Trojan Downloader: win32/zlob but I have a new icon in my system tray. It is a question mark in a blue circle that flashes. It identifies it self as a ?System Alert!? but when clicked it launches my internet browser and takes me to a web site to down load SpyDawn. How can I get rid of this? (I use XP)

A:System Alert In Sytem Tray

BC has a Self-help Removal Guide for Spydawn. Follow the instructions and you should be able to remove it quickly:http://www.bleepingcomputer.com/forums/t/81275/how-to-remove-spydawn-removal-instructions/If you have any problems during the removal process, be sure to let us know so our Members can help you.Cheers,John

Read other 1 answers
RELEVANCY SCORE 83.2

HELP! VIRUS ALERT! in system tray!? no longer administrator
Hi I am having a problem with my computer. It happened yesterday. Every now and then I get "Virus Alert!" in system tray as well as white X with a red circled background. Also there are 3 links or programs on my desktop (Error Cleaner, Privacy Protector and Spyware&Protection). However that is only half of it. I initially had my C and D drives missing in My Computer as well as when I go to "Start" the All Programs tab is sometimes missing and most of the icons on the right hand side are gone. As well as the ability to "Run". I have just got a pop-up with the heading Windows Security Alert, which states:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Another pop-up saying:
Security Warning!

Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and EXE and Active-X objects. The Worm has its own SMTP which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP,... Read more

A:Virus Alert in system tray

To get Expert Help with malware removal:

I recommend that you read this article… ( Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? First steps;
IMPORTANT - Read This Before Posting For Malware Removal Help

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the
HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum;
not back here in this one.

When carrying out The 5 Steps,
IMPORTANT - Read This Before Posting For Malware Removal Help

if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Read other 1 answers
RELEVANCY SCORE 83.2

Here is my HighJackThis log:Logfile of HijackThis v1.99.1Scan saved at 6:56:07 PM, on 3/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\Program Files\D-Link\Air Utility\AirCFG.exeC:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exeC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\Intel\Intel® Active Monitor\imontray.exeC:\WINDOWS\Logi_MwX.ExeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\... Read more

A:System Alert In Task Tray

Hello,Some remarks first..I notice that you have Weatherbug installed on your computer ? This is very much an ad-enabled application which in addition to providing current outdoor temperature information in the System Tray together with real-time weather alerts can also draw unwanted ads and popups to your computer.Our recommendation would be to uninstall it using the Add or Remove Programs feature in Control Panel.If you want a program which provides weather information there is an ad-free alternative to Weatherbug called WeatherWatcher which is available free from http://www.snapfiles.com/get/weatherwatcher.html.Of course this remains entirely your choice, but please be aware that if you decide to continue using Weatherbug, your computer will be at an increased risk of infection from malware.I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer during HijackThis CleanupThen, Download ResetTeaTimer.bat.Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the compute... Read more

Read other 6 answers
RELEVANCY SCORE 83.2

My browser seems to be hijacked and when on the internet I get unwanted pop ups and when surfing the web random pages open up without me doing anything. To the right of my clock on the bottom right it reads VIRUS ALERT!. Here is my main log from Deckerd Scanner System. Spybot keeps finding "virtumonde.dll virus".


Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-06-18 13:57:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
107: 2008-06-18 20:58:54 UTC - RP908 - Deckard's System Scanner Restore Point
106: 2008-06-17 15:55:54 UTC - RP907 - Windows Defender Checkpoint
105: 2008-06-17 00:10:45 UTC - RP906 - Last known good configuration
104: 2008-06-17 00:10:34 UTC - RP905 - Installed Adobe Reader 8.1.2
103: 2008-06-17 00:10:34 UTC - RP904 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-17 00:09:49 UTC - RP802 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-18 14:02:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: In... Read more

A:Virus Alert in System Tray!

Hi, welcome to tsf!

Please visit this webpage for download links, and instructions for running combofixl:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
__________

You're using an older version of Hijackthis. Please uninstall the older version via control panel > add/remove programs

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon tha... Read more

Read other 9 answers
RELEVANCY SCORE 83.2

I've been using smitfraud, sb search and destroy, ad aware se and various amounts of spyware/malware removal programs and i can't get this (*#&%(& system alert button on my tray to go away! I've been trying to get the #(*%& thing off for 2 days. I'm going insane. Can somebody please help me? Smitfraud is supposed to go through a step where, "you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot." It doesn't do that and my notepad thing opens up in safe mode. Is there anyone that can solve this problem? Oh yeah, also when I click the balloon where it says there's viruses or whatever on my computer that's slowing me down, it takes me to the stupid antivermin site. Could somebody give me steps on that "Avenger" program thing? I'd like to try that since pretty much everything else hasn't worked.

Logfile of HijackThis v1.99.1
Scan saved at 5:32:45 PM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Syst... Read more

A:System Alert Tray Is Pissing Me Off!!

Read other 16 answers
RELEVANCY SCORE 83.2

Found answer but can't find a way to delete the question!!!

A:System Tray Alert Time

I'll mark it as solved. In the futrue click on the icon upper right and then type solved in the box.

Read other 4 answers
RELEVANCY SCORE 83.2

Can't get rid of "System Alert!" icon in tray... It flashes between a white question mark inside a blue circle and what looks like a 'no smoking' sign...but with no cigarette in the middle...basically a red circle with a red line through the middle of it...What I've tried so far..Spybot scanAd aware scanAVG scanBooting in safe mode and running ATF-Cleaner and straight after that I ran SUPERAntiSpyware Free Edition.. It seemed to find it, told me it fixed it...but it still comes up when I get to windows..Here is my log ... Please help..Logfile of HijackThis v1.99.1Scan saved at 6:24:45 PM, on 11/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\... Read more

A:System Alert! In Taskbar Tray

Welcome to BleepingComputer CullyCullen Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.*********************************Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply,along with a new Hijackthis log.

Read other 7 answers
RELEVANCY SCORE 82.8

Normal fraudulent stuff about hidden spyware activity on the system encourages me to click and download arepair program. It will not delete or go away.

Thanks in advance for your help Tim
 

A:"System Alert" appears in system tray area

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 82.4

i have SuperAntiSpyware, MalwareBytes, and Avira installed trying to remove the virus to no avail.they do not find anything.the PC that im running is an XP SP3 machine with AMD athlon 1800+ @ 1.53GHz , 256 MB DDR ramI also have an HJT log saved if neededDDS LOGDDS (Ver_09-12-01.01) - NTFSx86 Run by TomlinJ at 2:50:36.34 on Thu 03/04/2010Internet Explorer: 7.0.5730.11============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2uSearch Page = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uWindow Title = Microsoft Internet Explorer provided by CompaquSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uDefault_Page_URL = hxxp://start.earthlink.netuDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.htmluSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7uSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=mSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\com... Read more

A:VIRUS ALERT! in system tray clock

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the to... Read more

Read other 6 answers
RELEVANCY SCORE 82.4

Here is my main.txt and extra.txt. Thank you so very much ahead of time for any and all assistance.

MAIN.TXT-

Deckard's System Scanner v20071014.68
Run by Steve on 2008-05-25 18:13:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2008-05-25 22:13:51 UTC - RP164 - Deckard's System Scanner Restore Point
24: 2008-05-25 21:07:06 UTC - RP163 - Installed McAfee VirusScan Enterprise
23: 2008-05-25 20:58:45 UTC - RP162 - Removed CodeZulu Bind Maker
22: 2008-05-25 16:43:48 UTC - RP161 - Software Distribution Service 3.0
21: 2008-05-25 15:39:31 UTC - RP160 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-23 23:15:09 UTC - RP140 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Steve.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14: VIRUS ALERT!, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system3... Read more

A:VIRUS ALERT! message in system tray...

Hi, welcome to TSF!

1.) You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

2.) Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

3.) Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove y... Read more

Read other 5 answers
RELEVANCY SCORE 82.4

I am getting periodic appearances of a 'Windows Security Alert' icon in my system tray, telling me to go somewhere and download something. I assume this is a virus.I am running the latest version of Avira, with updates, and have scanned my sytem. It has not reported any viruses. I also went to the online scanner - Symantec Security Check - it didn't find any either.The 'Windows Security Alert' problem icon comes and goes.Here are the results of my scans, as per the instructions in the sticky thread:I see there is an entry -mRunServices: [TrojanShield Protector] c:\program files\trojanshield\Port.exe, but when I browse my drive, I do not see a trojanshield directory. could it be hidden?Also, it lists -STS: c:\windows\system32\cq16ea6yh.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\cq16ea6yh.dll, but I cannot find the cq16ea6yh.dll anywhere. I see that cq16ea6yh.dll is one of the files listed by Avira as being in quarantine (it is listed as the TR/PCK.Krap.AH.4 trojan). Could this DDS entry be a remnant of a previously detected and quarantined virus? or is it part of my current problem?DDS log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Ian at 21:22:44.29 on Sun 12/27/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.238 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}===========... Read more

A:Windows Security Alert - in system tray

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 82.4

There is a system tray alert (yellow triangle with an ! in the middle) flashing, stating there are different malware threats, viruses, worms, etc. Also, it will constantly bring up various websites every 2 minutes while connected to the internet.

The HiJackThis log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:21 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm... Read more

Read other answers
RELEVANCY SCORE 82.4

Hi,I've had an infection. I researched and performed the combofix/recovery tool programs and seem to be back to normal. Can you please check these logs and make sure there are no traces? Thank you in advance**EDIT**I also seem to not be able to establish an internet connection. I can do so with other laptops(the one I'm on) on the same wireless network, but cannot with the infected one, still.HIJACKTHIS LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:55, on 8/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Common Files�... Read more

A:Virus Alert In System Tray By The Clock

I've ran everything I know of to run.

It says I am connected to my wireless router. But Firefox or IE won't connect to anything.

Any ideas. I'm desperate

Thanks

Read other 3 answers
RELEVANCY SCORE 82.4

howdy all,

i'm sick of xp's wireless status constantly reminding me (via alert windows) of the signals in the area. if i lived in africa, this might not matter, but i live in PDX, and we have signals everywhere.

i also use flashgot, and i don't want the "finished" alert from it either.

i know i can remove the flashgot icon from the tray, but i can't seem to keep the wifi icon off.

help?

thanks

b
 

Read other answers
RELEVANCY SCORE 82.4

Hi, although using bit defender, have had a virus pop up on my PC which I can't get rid of. I've looked at what I thought are the files causing the issue and removed with Hijack this but still can't remove this annoying pop-up from my tool bar which display that my PC is affected with a virus. Also, have a spyware toolbar added to Internet Explorer I can't get rid of (assume they are related). The pop up states to please use antimalware software to clean and protect my PC. Please if you have any advice to identify the files causing this would be a great help.

PC is running on Windows XP.

Many Thanks!

A:can't remove virus alert pop-up in system tray

Please follow the 5 Step process outlined here

Then download Hijackthis:
* Click here to download HJTsetup.exeSave HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Read other 8 answers
RELEVANCY SCORE 81.6

Picked up this virus. Followed instructions and advice from other users and threads and used ComboFix. Seems to have worked. Greatful if someone could look at the attached log file and let me know if there is anything still there. Can't seem to connect to the internet though.

A:VIRUS ALERT! in System Tray and Missing Drives

Hello, bk_james
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on your syst... Read more

Read other 2 answers
RELEVANCY SCORE 81.6

Hi I am having a problem with my computer. It happened yesterday. Every now and then I get "Virus Alert!" in system tray as well as white X with a red circled background. Also there are 3 links or programs on my desktop (Error Cleaner, Privacy Protector and Spyware&Protection). However that is only half of it. I initially had my C and D drives missing in My Computer as well as when I go to "Start" the All Programs tab is sometimes missing and most of the icons on the right hand side are gone. As well as the ability to "Run". I have just got a pop-up with the heading Windows Security Alert, which states:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Another pop-up saying:
Security Warning!

Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and EXE and Active-X objects. The Worm has its own SMTP which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista
Security Risk (0-5): 5
Recommendations: Click yes t... Read more

Read other answers
RELEVANCY SCORE 81.6

Okay, I went to download some missing 'activeX slot' to view a movie online. I was decieved and ended up downloading something else. Now, a new icon has appeared on my system tray. It poses as an alert and says something along the lines of, "warning backdoor trojan has infected your pc click here for help with removal." however even if I click on the 'X' in the pop-up bubble or try to right click on the icon itself to try to close it out, a website loads in a new browser. The site is called 'spylocked' at url, http://www.spylocked.com/?aff=334. It is a pretty elaborate fake company that offers anti-virus protection programs for various styles of the windows os. the average preson thinks "ok free I'll click." If you do it downloads a executable file to your desktop that is a setup for another program. If you try to install this program some sort of infection is unleashed on your system. Luckily my norton protection caught this and stopped it before it was too late. This systray icon is accompanied by other ones that pop up a little more periodically but display similar alert messages, "system alert, malware threats", and take you to other elaborately fake 'help' websites. These sites download infections as well. Finally, I get pop-ups now saying, "get the latest virus protection here" while I never got a single pop-up before this whole thing started. If you follow the pop-ups you get yet more fake help sites with free software available.... Read more

A:Annoying Alert Bubbles, Constantly From My System Tray

Hello antles,Welcome to Bleeping Computer. The codec you downloaded is a trojan. Do this.You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Download SmitfraudFixExtract the content (a folder named SmitfraudFix) to your Desktop.Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run Ewido and update the definition files. On the main screen select the icon Update then select the Update now link. Next select the Start Update button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab. Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this Under Reports Select Automatically generate report after every scan Un-Select Only if threats were found Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet. Boot your computer into Safemode Go to Start> Shut Off your Computer> Restart As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly. This will bring up a menu. Use the Up and Down Arrow Keys to scroll up to SAFEMODE Then press the Enter on you... Read more

Read other 8 answers
RELEVANCY SCORE 81.6

I acquired the fake XP Security Center "scareware," used Malwarebytes, SpyDoctor, and SmitFraudFix, to try and remove the virus. Everything seems to be okay except that the fake "Windows Security Alerts" icon is still in my system tray (it's a red shield with a white x in the middle). Also, when I click the icon, it opens up a fake XP Security Center window that shows my Automatic Updates as "Turned Off." I know this window is phony because when I check the Automatic Updates through the Control Panel, it is on. (ADDED 3/28/11) The next time I turned on my computer, after the GMER scan, my cursor worked for a couple minutes, and then it became invisible; however, it was still functional, but I had to navigate carefully using highlighted text as reference points. It is now the next day, and I'm still having this problem.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kevin at 17:40:18.12 on Sun 03/27/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.253 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoo... Read more

A:Fake "Windows Security Alert" in System Tray

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 27 answers