Over 1 million tech questions and answers.

Help! Red Circle/White Cross Icon Virus! HijackThis included!

Q: Help! Red Circle/White Cross Icon Virus! HijackThis included!

I have a new quick launch icon on the taskbar. It is a red circle with a white cross. There are also pop-up dialog boxes associated with this new icon. These include, "Click here to protect your computer from spyware!" and "Attention! system detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. You private information and and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software. Click OK to download official intrusion detection system (IDS software)".

I am running the following:
Windows XP Media Center Edition Version 2002 Service Pack 2 on a Dell XPS DXP051. Intel Pentium D CPU 3.00 GHz, 2.00 GB of RAM

At this point, I have disconnected my computer from the internet and have tried to do a "repair" on the OS using the Windows installation CD. Then, I restarted and the red circle/white cross icon was still there. Next, I performed a Trend Micro HijackThis-v2.0.2, and saved the log file. I am currently working off my laptop to troubleshoot this virus/malware. Please help me solve this problem. Thank you.

Here is the HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:21 PM, on 1/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\kwqwfzym.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\winupdate86.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\smss.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Jzokxiob] C:\WINDOWS\system32\kwqwfzym.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\Run: [oaurxpiv] C:\Documents and Settings\Chris\Local Settings\Application Data\asqpei\cqvvsysguard.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Chris\LOCALS~1\Temp\u8ffu.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Chris\LOCALS~1\Temp\smss.exe
O4 - HKCU\..\Run: [oaurxpiv] C:\Documents and Settings\Chris\Local Settings\Application Data\asqpei\cqvvsysguard.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\chris\LOCALS~1\temp\TEMPOR~1\Content.IE5\G9SFKD29.SH! c:\DOCUME~1\chris\LOCALS~1\temp\TEMPOR~1\Content.IE5\8VA3QLQP.SH! c:\DOCUME~1\chris\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\chris\LOCALS~1\temp\TEMPOR~1.SH!
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; Windows-Media-Player/10.00.00.3990)" -"http://media.pearsoncmg.com/bc/bc_c...edia/activities_c6e/H16/H1602/st03/media.html"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {47489CC3-B1AB-4414-A7D9-4A6380D819D8} (ConfigManager Control) - file://C:\Program Files\Onssi\NetGuard Remote Client\ConfigManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {817444B5-4D12-4EEB-8E78-C547E84F80B6} (EngineManager Control) - file://C:\Program Files\Onssi\NetGuard Remote Client\EngineManager.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (NOXLATE) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E7B12A6B-341F-4765-A9EA-29A745916878} (ImageViewer Control) - file://C:\Program Files\Onssi\NetGuard Remote Client\ImageViewer.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Tgfapibm - Unknown owner - C:\WINDOWS\system32\kwqwfzym.exe
--
End of file - 18133 bytes

Please help me to solve this problem. Thank you!

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Help! Red Circle/White Cross Icon Virus! HijackThis included!

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 106.8

an icon has appeared its a red circle with a white cross, and it keeps popping up, i do not no how it has appeared on there, but it disabled my task manager and has changed my background and has cleared my systum restore points. please help me with this problem, here is the hijack log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:39, on 11/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\DOCUME~1... Read more

Read other answers
RELEVANCY SCORE 92.8

Hi,
I've got the same problem as rachgr and goukoy below. I've run panda activescan and attach the log of that. I've also run rsit, and attached both logs. I've downloaded sdfix and combofix in preparation.
Also, how can I delete norton? It doesn't work properly and it's just a nuisance, and the add/remove progs doesn't work on it!
Thanks,
Kun.

A:Same red circle with white cross problem.

bump, please.
Also, since I posted above, the XP Antispyware 2009 has installed itself and is causing more havoc. :-(

And here is a log file in text format, if you want it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:34, on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\~user~\Desktop\dsdf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Expl... Read more

Read other 3 answers
RELEVANCY SCORE 92.8

Hello all,
I am trying to help a friend with her computer. Tried to remove the red circle with the white cross from her tray for 2 hours today. Used Smitfraud Fix and RougeRemover. Said it took it out, but came back again after trying to log back on the internet. Spybot S&D found 'Pest Trap' and removed it (several times) but the pest keep coming back. Turned off System Restore so old points would be removed and then turned it back on but it keeps reinstalling. Found winstall.exe and removed it, opened msconfig and unmarked winstall.exe, rebooted the computer and upon connection it came back and was back in the starup items (still with system restore turned off). Her red dot seems to be a dead link. If you click on it, nothing happens at all... or so it seems. Just the annoying popup every few seconds.

Also each time we attempt to connect (dialup connection) to the internet, something wants to hijack her homepage... We have used SpywareGuard to prevent this.

Here's a copy of her hijackthis log. Thanks for trying to sort it out. I will have to take the results for at least this first round over there tomorrow (or whenever you can start help) and do this first part. Then perhaps we can work from her computer.

Thank you in advance..........

Logfile of HijackThis v1.99.1
Scan saved at 4:59:05 PM, on 1/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDO... Read more

A:Solved: Red Circle White Cross

Read other 16 answers
RELEVANCY SCORE 92.8

Hey,

I have a very annoying virus on my housemates' computer. I have attempted to enter safe mode, I ran adaware, spybot S&D, Malwarebytes' Anti-malware, SUPERAntiSpyware - all of which picked up virii, all of which were deleted, all of which re-spawned next time I entered normal mode in my computer.

I have deleted all *.tmp files from my computer. I have turned system restore off, then on, then off again. Then I re-tried the above. And it still hasn't worked. I have deleted some previously incompletely deleted virii, inc registry entries.

But yea - I'm at a loss. I am currently on my computer, using a USB to deliver data to this website (having no access to websites on the other comp).

Here is the DDS log, anyway. Hope you can be of assistance!
DDS (Ver_09-01-18.01) - NTFSx86 MINIMAL
Run by Gitanjali at 12:27:01.17 on 20/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1014.799 [GMT 0:00]

AV: AVG 7.5.519 *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
E:\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Gitanjali\Desktop\dds.scr

============== Pseudo HJT R... Read more

A:Vundo? Red Circle, White cross.

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.Download and Run ComboFixIf you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).Download Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.Download and Run Scan with GME... Read more

Read other 2 answers
RELEVANCY SCORE 92

Hi,

from the past couple of weeks I've been having a problem. Out of the blue, an icon of a red circle with a white cross inside appeared near to my computer's clock. Every couple of minutes a window (like those that show comments in comic books) appears saying:

"Your computer is infected!

Windows has detected spyware infection!

It is recomended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you.

Click here to protect your computer from spyware!"

The only way to get rid of it is to click the cross on the top right of the window. But in a couple of minutes it appears again. If, by error, I click milimeters away from the cross, something starts to be installed. It's a programme called "XP Security Center". It says it's going to help me not to have spyware, etc. When I click on analize my PC it does it and at the end, it tells me that I have to register. That finally means that a website appears pushing me to buy the product.

But not only that, everytime I want to open a website, a message appears saying that I might get a virus, and that if I want to get protection. If I say I do, it directs me to the same website where they sell the product. If I say no, I can see the website I wanted to see, but the message appears everytime I move on to another screen.

And a third thing happens. My anti virus (McAfee) tells me that I have a virus called "daily.nd... Read more

A:Red circle with a white cross: Your computer is infexted!

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless you are advised to do so.


========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

=========

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registr... Read more

Read other 9 answers
RELEVANCY SCORE 92

Hi, I was using Google Chrome (I usually use Firefox but I was mixing it up a little) and all of a sudden my McAfee virus scan located a bunch of trojans on my computer and removed them. Then, Chrome proceeded to close and the little red circle with a white cross appeared, saying how my computer has been infected, yada yada, seems like a pretty common problem after searching "red circle...". A warning box pops up every few minutes saying:"Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. You (*sic*) private information and PC safety is at rick. To get rid of unwanted spyware and keep your computer safe you need (*sic*) update your current security software. Click OK to download official intrusion detection system (*sic*) (IDS software)"I close this window rather than hitting OK. Anyway, similar to others who had this problem, I can't open task manager, nor can I open Chrome anymore, because it says both files are infected, and it says I need to activate my antivirus software. Whenever I turn on my computer, a box appears that says I need to download new spy-ware removal software or whatever, and that the problem is a 5 on a scale of 0 to 5. McAfee and Ad-Aware haven't done much, the little red circle is still there with the balloons saying "click here to protect your computer!" and I still can't open task manager or chrome. Can someone help me remove/fix this?Edit:... Read more

A:Malware? Red circle with white cross in taskbar...

I could be of use, but the experts hangs out in the Am I Infected forum.

Either wait a bit to be moved or repost your stuff in that forum

Read other 2 answers
RELEVANCY SCORE 81.6

When I turn my computer on my desktop blinks and the background turns green. A black window pops up in the background behind my icons that reads "YOUR SYSTEM IS INFECTED! System has stopped due to a serious malfunction. Spyware activity has been detected" In about a minute a Warning window pops up that reads Attention system detected potenial hazzard. (Trojan SPM/LX) on your computer that may infect executable files. Click to download official intrusion detection system (IDS Software)I now have numerous pop ups, can't open email account, and any page or document I an working on will go into inactive after a minute or so. I need to click it with the mouse to reactivate it for another minute until it goes inactive again.Here is the information this site said to include:DDS (Ver_09-12-01.01) - NTFSx86 Run by Hite Family at 21:17:23.31 on Fri 01/08/2010Internet Explorer: 6.0.2900.5512============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://www.yahoo.com/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/iemDefault_Search_URL = hxxp://www.google.com/iemSearch Page = hxxp://www.google.commStart Page = hxxp://www.google.comuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = ;*.local;<local>uSearchAssistant = hxxp://www.google.comuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.commURLSearchHooks: H - No F... Read more

A:Have spyware that has red circle with white X icon

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 8 answers
RELEVANCY SCORE 80.8

Im traveling and I've got two problems maybe related .
My Outlook 2013 icon has a red circle with a white x. What does that mean?
My second problem I'll post in the infected forum.
Thanks!

A:Outlook 2013 icon with red circle White x

That usually indicates Outlook is having an issue connecting to your email server. Did your password change recently? Has your email provider changed the address of their mail servers?
 
The other option is that the icon shortcut is corrupt, and it's not pointing to the actual location of the Outlook application.
 
This may be related to your possible malware issue.

Read other 3 answers
RELEVANCY SCORE 80.8

I have a big problem : A spyware was installed in my computer. I can see that a Red circle Icon with a white X is loading in the systray at every startup (even in safe mode) and as soon as it is loaded, a bunch of Shortcut icon appear on my desktop (Casino, Viagra, Porn, ect.), it change my IE start page and favorite and every once in a while a message appear from my systray (pointing that icon) saying that I've got a virus or a spyware and that I should download a specific program to get rid of it (which I haven't done). Nothing else seems to be affected.

I've tried 10 different antispyware programs so far and nothing can get rid of it. From what I understand this program is installing Spider-Crack and DesktoHijack (and god knows what else) on my computer cause Ad-aware sees it, removes it (along with all the icon on the desktop) but because it is in the systray, it re-infects in about 5 seconds. I haven't been able to identify this program in my systray as I cannot click on it (if I do it opens a web page) and there is nothing showing when I hover over it.

Spybot, Spy emergency (trial), Ad-Aware Pro, Microsoft antispyware beta, spy sweep (trial), CWSshredder, Stinger (trial) have been used to try and removing it. I've also tried on disabling every service and program in MSCONFIG and I've also tried starting in safe mode but nothing works.

My antivirus AVG tells me I have no virus (updated yesterday)

Please help

A:Red Circle Icon with white X in the systray - Problem

I suggest you seek the help of our great team of experienced volunteers, and post a HiJackThis! log in the appropriate forum. Please read the instructions carefully:http://www.bleepingcomputer.com/forums/How...s_Log-t956.htmlRegards,John

Read other 3 answers
RELEVANCY SCORE 80.8

Im traveling and I've got two problems maybe related .
My Outlook 2013 icon has a red circle with a white x. What does that mean?
My second problem I'll post in the infected forum.
Thanks!

Read other answers
RELEVANCY SCORE 79.6

I have a resource dll . It consists of an icon that I want to use for my windows driver.First I compiled the dll for windows XP. I tried to install the driver in XP. The driver installed successfully and the icon is picked up by the device manager properly.Then I compiled the dll for Windows 7 (64 bit).I tried to install driver in windows 7.The driver was installed successfully and the device name is listed in the device manager, but there is a small blue question mark over white circle on the icon picked up by device manager . When I took the properties of the device in the device manager, it shows that the device is working properly.The problem was the blue question mark over white circle on the icon .
Please let me know the possible solutions if any one has an idea why there is a blue question mark over white circle on an icon picked up by device manager in windows 7

A:blue question mark over white circle on an icon

RKA,
Welcome to sevenforums. It means






Quote:
A blue "i" on a white field on a device resource in Computer properties indicates that the Use Automatic Settings feature is not selected for the device and that the resource was manually selected. Note that this does not indicate a problem or disabled state


Source

Read other 9 answers
RELEVANCY SCORE 78.8

Hello,

My Dell-VOSTRO laptop is kinda in a weird situation now with spyware, and hopefully someone can help me fix this. It's been bugging me for the past 3 days. The problem is on desktop bottom right corner, where the volume icon and msn icon are, there is always a round red icon with white cross pops up something like this:

"Your computer is infected!

Windows has detected spyware infection!

It is recommended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you.

Click here to protect your comupter from spyware!"


I know this is a spyare spam try to trick you to install their program and not a real windows warning, so I haven't clicked it yet. but I just can't get rid of it. I've tried quite a few things, but nothing works.

There is also a weird thing is that I can't run HijackThis on this laptop, I even renamed it to "Fumble" as someone previous suggested, but it still won't work. Once you double click on the icon, nothing happens. Therefore, I don't really have a HJT log to post. I did follow the steps to run a Panda virus scan and attached the log. Hope it helps in some degrees.

Someone, please help me on this to get rid of that red round icon with the white cross spyware or let me know what need to be disabled to get HiJackThis running to produce a log for you guys.

Thanks a lot in advance!

A:Trojan/Spyware infected! [Red icon with white cross appear on task bar] Please help!

Just want to give an update, I think the trojan or spyware not only disabled HijackThis to run, it does the same thing for other anti-virus software as well. Kaspersky and Windows Defender neither will start now on my laptop. I tried safe mode too, no luck! I guess online scan is the only way to scan it, which I attached the log in the first post, Please help......guys!

Thanks ahead!!!

Read other 16 answers
RELEVANCY SCORE 77.2

After inadvertently clicking to install an Active X from an unknown website, a new icon appeared on my taskbar. Stupid, I know, but was truly an accident. Said icon sometimes flashes and alerts me of possible security threats on my pc. If icon is clicked, a new page loads and prompts user to complete a "Full Scan."
I did not download from this page, but had some issues/concerns w the removing the icon/program associated w the icon.
This is what I did...
First of all, Norton did not catch this and Ad-Aware caught the svchost but it returned after reboot. So, I isolated the files that I thought to be the root of the problem,
C:\WINDOWS\system32\drvcux.dll and C:\Program Files\Common Files\svchost.exe. I disabled System Restore, and while in Safe mode, deleted the offending files. Using Regedit, I deleted all registry values associated w the files (including HKLM\Software\Microsoft\Windows\Current Version\Run\CTDrive) Value: drvcux.dll, run Startup or something, don't remember. Ran CCleaner and cleared out everything, recent stuff, cookies temp files, etc. Rebooted in Normal mode and did another scan w Norton and Ad-aware, nothing. Ran another CCleaner and nothing unexpected.
Is my pc okay now, or am I just enjoying a false sense of security at the moment?
Please respond, thanks in advance for your support.
** To my knowledge, all products (Norton, Ad-Aware, HijackThis, etc) are up to date.**
Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 5:49:24 PM,... Read more

A:Solved: Unknown Icon in System Tray, White Exclamation Point within Red Circle

Read other 16 answers
RELEVANCY SCORE 74

My work computer seems to be infected. I've got the red circle with a white "X" in the system tray. It randomly says I have a virus and that I'm downloading antivirus software to take care of it. Task manager has been disabled. Sometimes when I'm browsing the web I'm redirected to random sites.

I've run several antivirus programs, (McAfee is loaded, but was no help) including SuperAntiSpyware and HouseCall. I've downloaded AVG, but when I try to run it, it says it can't connect to the internet (though I am connected).

I've searched the forums for a fix, and there seem to be various avenues for tackling this, so I'm not sure what to do.

Please help!

A:Red circle with white X virus; help!

Hello and welcome.. First I must say that I hope you're allowed to run tools on tis (office) PC without the bosss or IT dept coming down on you. If that's OK then run these.RKill.... then Super again ( post the scan log)Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way as the malware programs will start again.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' An... Read more

Read other 1 answers
RELEVANCY SCORE 74

i need assistance to remove this virus plus other malware log attactched

A:Red X with white cross virus

Hello and Welcome, kam69. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, and since it's been several days since your original log was posted, please do this:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

---------------------------------------------------------------------------------------------

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 73.2

Continue to get a pop up SMScvhost.exe has stopped working, pop ups with your computer is infected, and a warning application cannot be executed. the file is infected. please activate your antivirus software. Click here to protect your computer. I receive each of the messages continually. Thank you so much for whatever help I can get. I did not get anArk.txt log fromRootRepeal. It said it would not work on a 64 bitMichaelDDS (Ver_09-12-01.01) - NTFSX64 Run by Michael at 13:45:31.56 on Thu 02/04/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4091.2599 [GMT -7:00]AV: Panda Antivirus Pro 2009 *On-access scanning enabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}SP: Panda Antivirus Pro 2009 *enabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\PskSvc.exeC:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2009\TPSrvWow.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\PROGRAM FILES (X86... Read more

A:infected with red circle white x virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted logs, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow th... Read more

Read other 2 answers
RELEVANCY SCORE 70.8

For about more than a month now, my web searches are always being redirected to other sites. Today when I logged on to my main user account an antivirus scan loaded. The icon was a green circle with a white check mark and says Privacy Center on top. That's the only thing that loads and the rest of my desktop including the toolbar doesn't load. When I try to close the virus scan, a pop-up appears saying "The operation is prohibited. Please check your settings." I unfortunately could not post the DDS log because I couldn't access it from my main user account desktop. Even if I go on Safe Mode, the same thing happens - desktop doesn't load and the virus scan's still there. How do I remove this?UPDATE: Yesterday I was able to log onto my main user account. I pressed Ctrl+Shift+Esc and was able to finally close the virus scan. The desktop still won't load but I was able to access my desktop files by clicking on New Task then Browse. Performed the DDS scan and here's the log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Christine at 20:13:27.28 on Fri 08/20/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.737 [GMT -7:00]AV: Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchos... Read more

A:infected with green circle white check antivirus virus

Hi blckberry,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will r... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

I have been battling seemingly different kinds of viruses, malware, etc... for about 5 days. I had never had any sort of problems in the previous 2.8 years of using my laptop. I have installed and run Malwarebytes, SpyBot Search and Destroy, SuperSpywareDetector, RootRepeal (had to use twice), and my own Symantec Anti-virus software. Nothing has worked, and running these programs currently finds nothing. I can't open Task Manager (used regedit, and dsbltskmnger was set to the proper value) nor get rid of this stupid Red Circle with the cross in it. Help appreciated!! I ran the DDS logs, and have them ready to post if necessary.

A:Red Circle with Cross

Topic was moved, BUMP

Read other 3 answers
RELEVANCY SCORE 68

Hello,

Yes, I know this problem has been addressed, and sometimes solved for some, numerous times, but I have tried all the solutions that other people found to work and nothing has worked for me personally. All I can tell you that kinda makes me different than those other people is that I have a Dell Dimension E310 and a Dell Inspiron 1501 Notebook that both have the same anti-virus software installed in them. The reason I say this is because most people say that the problem is because there is more than one anti-virus software installed. Both have AVG Free Edition 7.5. On the laptop, though, there is no red circle on the icon in the tray, but for my desktop, there is. How should I troubleshoot this? Thanks.
 

A:Red Circle in Avast! Anti-virus Icon in Tray

Read other 11 answers
RELEVANCY SCORE 68

Hello,

Yes, I know this problem has been addressed, and sometimes solved for some, numerous times, but I have tried all the solutions that other people found to work and nothing has worked for me personally. All I can tell you that kinda makes me different than those other people is that I have a Dell Dimension E310 and a Dell Inspiron 1501 Notebook that both have the same anti-virus software installed in them. The reason I say this is because most people say that the problem is because there is more than one anti-virus software installed. Both have AVG Free Edition 7.5. On the laptop, though, there is no red circle on the icon in the tray, but for my desktop, there is. How should I troubleshoot this? Thanks.

Read other answers
RELEVANCY SCORE 66.4

Firstly my apologies as I am far from an expert. The title of the thread more or less sums up whats going on, sorry I cant be any more precise.

I have done my best to follow your five steps correctly.

This is one of the websites that keeps opening in IE:
http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2

The activescan txt is attached.

A:IE Homepage Changed + Cross in Red Circle + Goodness Knows What

hi Andy6247,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on ... Read more

Read other 1 answers
RELEVANCY SCORE 63.6

Respected Sir,
Sevenforums,

HARDWARE- I have Win 7,Home Premium,64bit,Dell Inspiron 15R N5010.
My network adapters are: Realtek PCIe FE Family controller & DW1501 Wireless-N WLAN Half miniport adapter.
My ADSL modem + WIFI router is Netgear DGN2200v3 latest version of firmware v1.1.00.10_1.001.

PROBLEM- My network connection icon in task bar shows Red cross disconnected or revolving Blue Busy circle network on wired and wireless connection. But my internet connection works perfectly fine. Please suggest solution to enable network notification correctly. I will carry out every possible advise to enable correct network notification. Problem arise when I personally fiddled with router's security option like changing WPA2-PSK[AES] to WPA-PSK[TKIP] + WPA2-PSK[AES] and again back.
Right now is WPA-PSK[TKIP] + WPA2-PSK[AES]. I have connected my laptop to internet via LAN cable.

My Netgear DGN2200v3 provides WEP, WPA-PSK[TKIP], WPA2-PSK[AES], WPA-PSK[TKIP] + WPA2-PSK[AES], WPA/WPA2 Enterprise. Also please tell which type of network security option should I keep to avoid further conflict. So which should I choose?

I also have posted this issue in Microsoft community but didn't got expected reply nor solution, Please check this link about what Microsoft community answered:
Red X or Blue busy circle symbol on system tray connection icon even - Microsoft Community

I request Sevenforums to please clear my doubts and guide me till problem solves.
Thank you.

A:Red cross/Busy Blue circle sign on prefect working internet connection

I read through the posts on the Microsoft Community page.






Quote:
I would like to add more of the events regarding above issue.
Today morning when I ran sfc/scannow program again I got following message-
Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.logs


But again same problem arised that after typing findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt" I got 0 bytes file on desktop and original CBS.log file was of 4.42 mb .


From my layman point of view their is some thing wrong with my Windows OS and I want to repair it without crashing my system or re-installing Win7. Also I want to tell that recently before getting wifi broadband connection I had deleted my old restore points, disabled hibernation, disable pagefile.sys because on C drive had only 2 gb free space. After deleting them, I ran CCleaner & removed junk files,many unused programs, update my old software with 2013 versions. Then I ran disc check, defragmentation, completing this I installed Netgear genie software to control my newly establish wifi broadband connection. Then I created system restore point, at that time this Red cross or Busy blue circle was not issue. It occur when I personally decided to choose WPA-PSK[TKIP] + WPA2-PSK[AES] from WPA2-PSK[AES] (which was default set my bsnl network technician) se... Read more

Read other 9 answers
RELEVANCY SCORE 60.8

Hello,

I am a college student and today when I woke up I logged onto my computer and it turns out I cannot use google. When I search and click on a result I am redircted to another search site with the URL go.google. My room mate was online last night and must of picked this virus up somewhere.

I've run AVG and Spybot and neither show any infections. I googled this on my laptop (which I am on now) and read about software call Malwarebytes. I download this, put it on a USB drive and went to put it on my desktop and I come to find that the computer has froze up. Now I cannot log on in normal mode so I have to boot in safe mode. When I do this and instal the new software I find that I cannot update the program because the computer cannot connect to the internet.

I do not know what to do. There is so much important stuff on my computer that has not been backed up to the chaos involving my move to college. I have never used HJT and do not have it on my desktop nor can I get it because I cannot connect to the internet.

Please... any help would be amazing.

EDIT: At the moment I am running avg in safe mode and Malwarebytes without the update in safe mode.
 

A:Red Circle with White X

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 3 answers
RELEVANCY SCORE 60.8

Got home from work tonight and the wife said the computer was acting funny. So I took a look and found the red circle/white x in my system tray. I ran spybot and it gave me Wild Tangent and Virtumonde. Ran Norton AV and Spybot but still seem to have the red circle/white x. I will post my HJthis, I am just wondering if there is anything I need to worry about. So far there are no obvious problems with the computer running, mostly get an annoying bubble pop sound every five minutes as if my wireless network is connecting.

System Specs:
Dell Inspiron E1505
CPU T2050 @1.60ghz
RAM 2gb 667mhz
GPU Nvidia GeForce 7300
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:46 AM, on 10/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\... Read more

Read other answers
RELEVANCY SCORE 60.8

Looks like I caught this Virus two nights ago and it is driving me crazy.

I keep getting the balloon in my task bar stating that my computer is infected.

Please help.

Here is my hijack this notepad.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:07 AM, on 11/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_06... Read more

Read other answers
RELEVANCY SCORE 60.8

I searched for topics to see how to get rid of it, but I wasn't very successful at copying all of the steps I've seen, so hopefully you guys can help me out here. I've downloaded SmitFraudFix, but I couldn't run it even if I changed the extension from .exe to .bat. I've even tried it in safe mode.Here's my logfile: Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\Program Files\Common Files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WI... Read more

A:Red circle and white x again.

-edit-

Read other 2 answers
RELEVANCY SCORE 60.8

Picked up some malware that is keeping IE from launching. Window keeps appearing offering to solve the problem, for a fee. The program installed a red circle with a white x in the dock. Running XP Home Edition on a Toahiba Satellite with a Pentium III.

Ran SmitFraudFix. Here is the log it provided--any help will be much appreciated:

SmitFraudFix v2.253

Scan done at 18:18:30.20, Wed 11/21/2007
Run from C:\Documents and Settings\John\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program F... Read more

A:Red circle w/white x

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at ... Read more

Read other 1 answers
RELEVANCY SCORE 60.8

i keep getting a white x on a red circle in my system tray saysing your computer is infected, and i cant get rid of it.

here is my log

Logfile of HijackThis v1.99.1
Scan saved at 11:10:46 PM, on 1/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\T3duZXI\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\inet20010\services.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\system32\paytime.exe
C:\winstall.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\LSASS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplor... Read more

A:Red circle white X

* Click here to download smitRem.exe.
Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

* Download the trial version of Ewido Security Suite here.
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in safe mode:
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
* Go to... Read more

Read other 1 answers
RELEVANCY SCORE 60.8

I now have a white x in a red circle in my system tray. I ran a hijack this log. Can someone please help me! I now have no control over my volume nor can I change the brightness of my screen. Also macafree is giving me these popups of blocked trojens all the time. Please Help Me!

A:White X in Red Circle

Hello please run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take... Read more

Read other 3 answers
RELEVANCY SCORE 60.8

I have the red circle with the white x on my task bar. How do I get rid of it? I have install Ad-Aware Plus 2008 and it doesn't seem to be picking it up? I have Windows XP. What steps do I need to take?
 

Read other answers
RELEVANCY SCORE 60.8

hey all once again i got a virus.......some how the little guy slip by avast(which i do not recommend) anyway what happens is that it popes up saying

DANGER!
harmful viruses detected on your computer. click on the message to scan your computer for security threats for free.
well thats now...before it was showing a yellow triangle with ! in it....it said something bout uninstalling hitman pro 3.5 (which i installed like a year ago to help out every now and then) and i click the bubble by accident(trying to hit the x) and i quess it uninstalled it....then it tried installing another program i ended the process then it turned to the x it closed out taskman and now i cant open it saying taskman has been diabled by your admin...which im the only user on this computer with admin....but i have process explorer open and nothing other than the normal windows stuff just like taskman showed...o ya and i cant update any anti virus programs.....o and when i put my mouse over the icon it says windows security alert

if anyone got any suggestion please let me know.....

A:red circle with white x

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress&qu... Read more

Read other 1 answers
RELEVANCY SCORE 60.8

My friends computer got the white X in a red circle. The infection that does a popup every few seconds saying "You have been infected".I ran ComboFix and it seemed to get rid of it but I want to be sure its gone.Deckard's System Scanner v20071014.68Run by Irvine on 2008-07-26 00:05:33Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-26 06:05:38 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 05:54:36 UTC - RP3 - ComboFix created restore point2: 2008-07-26 05:50:26 UTC - RP2 - ComboFix created restore point1: 2008-07-26 05:35:33 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-26 00:06:33Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin ... Read more

A:White X In Red Circle

Hello PopSmithWelcome to BleepingComputer ========================The first thing I will need you to do is to Download ONE of these anti-virus programs and install it.These are free. AVG free 8.0Note this is free antispyware protection and Antivirus protection.or Antivir=================Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\upezybap.sys
C:\WINDOWS\ufih.exe
C:\WINDOWS\ucunosog.scr
C:\Program Files\Common Files\quwubojyb.vbs
C:\Documents and Settings\Irvine\Application Data\udoheb.dll
C:\WINDOWS\system32\jutabazoju.bat
C:\WINDOWS\qetulicut.exe
C:\Program Files\Common Files\eguxebymym.dat
C:\WINDOWS\ylufuryqo.bin
C:\WINDOWS\ycixuhahy.bat
C:\WINDOWS\unahoqezaj.com
C:\WINDOWS\ruwenofew.scr
C:\WINDOWS\ibawihaz.bin
C:\WINDOWS\dozug.vbs
C:\Program Files\Common Files\uzatiwyqy.dll
C:\Program Files\Common Files\mase.reg
C:\Program Files\Common Files\ecin.pif
C:\Documents and Se... Read more

Read other 6 answers
RELEVANCY SCORE 60.8

I've been infected. it keeps appearing in my tray in the right hand corner of computer, a red circle with a white x, then things slow down and pop ups happen. I have ran adaware, registry cure, registry fix, 1 click maintenance. and it's still there. I can follow instructions well if someone can lead me in the right direction as to what to do. I can log in on safe mode without any problems. other error receiving is a windows error that says potential problem occurred, windows has shutdown buggy to prevent damage. wxyz.sys.....kernel debugger.
 

A:red circle with white x

is there anymore information I can post for someone to help me? please. I notice most people post their hijack this log, is that what I need to do? The reason why I went to this forum, was because I saw where someone else had helped someone with this same problem. I followed their steps, searching certain files, but I didn't have those files so not sure what to do next.
 

Read other 2 answers
RELEVANCY SCORE 60.8

in my tool bar at the bottom of the screen there is a little red circle with a ahite x. It is constantly reminding me that my computer is infected and I need to use antivirus software.

Is this spyware???

i've installed antivirus software and cleaned up all known spy ware.

anybody encountered this???
 

A:little white x in a red circle

Read other 9 answers
RELEVANCY SCORE 60.4

I got infected with some malware. I'm not sure which one it was. I had popup ads coming up on my computer all the time, and error messages with bad grammar on them.I installed Mc Afee, Ad Aware, Spybot search and Destroy, vundo remover and run them all. I also ran Mc Afee Stinger as suggested on here. Each of them removed some malware.I still have a Red x (like a delete icon) instead of the hard drive icon when I look at my hard drive in My Computer. Also if I disconnect the internet from my PC I get IE "Work Offline - No connection to the internet is currently available" messages come up, even though I don't use IE!!! Sygate firewall is reporting that windows explorer is trying to connect to the internet as well, I don't know if that's part of it or what.Can someone decipher my HijackThis log and/or help me out? Cheers!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:49:03 PM, on 21/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Com... Read more

A:Red Cross/delete Icon Instead Of C Drive Icon

Hello 3lpete and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It's clean. Let's try a different scanner and see what we can see.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of th... Read more

Read other 30 answers
RELEVANCY SCORE 60

i got a malware i think. theres this program in my taskbar with a red circle and white x in the middle and constantly pops up balloons saying ur computer is infected windows has detected a spyware, it is recommended to use special antispyware tool .... blah blah.
Here is my hijackthis log:
Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Roxio Creator 2009\5.0\CPMonitor.exe
C:\WINDOWS\system32\winupdate.exe
C:\Wallpaper Changer\EvJOWall.exe
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 60

Hi I'm new to the forum so I'll try to follow the guide lines as described in posts above. I have the red circle with the white x in my systems tray, I also get a popping sound coming from my speakers every so often. I've looked over other forums with same topics most ask for a hjt log so I've posted one in this thread.**Also I must note that I had to rename the hjt.exe before it would run, OS:windows Xp pro. sp2 80gbHD Intel pentium 3 on a compaq desktop pro. the following is my HJT log.

---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:03, on 2008-11-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\c4\Desktop\dot.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\... Read more

Read other answers
RELEVANCY SCORE 60

I posted this in the wrong place to begin with. So here goes. I think I got this down loading an active x plugin. Anyway here is what I have so far. Security alert pop ups, link redirects to spyworld.com or something and cuponmoutain.com sometimes opening windows on their own and this annoying poping sound and the my task bar comes up( usally have it on autohide).
DDS (Ver_09-02-01.01) - NTFSx86
Run by Compaq_Owner at 13:18:12.28 on Fri 02/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.734 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorSer... Read more

A:Evil red circle w/ white x

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Read other 2 answers
RELEVANCY SCORE 60

I'm running a Dell XPS with Windows XP (Media Center)

Over the last couple months, I had a couple viruses that I've taken care of (can't remember what they were), but my system is now acting oddly, and in some ways similar to how it was when it was infected before.

Some of the symptoms:
1) Red circle with a white X in the taskbar. Before, this would warn me that my computer is infected, but now just makes the "pop" sound without showing anything.
2) Random restarts, sometimes without warning, sometimes displaying a window that puts a 1 min. countdown until the computer shuts down (the window that can be halted with running the "shutdown -A" command)
3) Blank web pages popping up in a separate window when using the brower (Firefox)
4) Locked, blank desktop and (sometimes) locked task manager.

So far, I've run scans on the computer several times each with Ad-Aware (Free), AVG (Free) and Spybot Search & Destroy. Each time, even though a run was just completed, there are at least a dozen different infected files, security hazards or trojans. The one that seems to come up the most (and never gets deleted, even in Safe Mode) is something called Virtumonde.

I've run a Hijack This scan, with these results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:49 PM, on 2/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.e... Read more

A:Red Circle & White X, Odd Behavior

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 60

Got blinking white x in red circle in taskbar while surfing internet. Have run spybot and ad aware. AVG keeps popping up with "Virus Detected! While opening file: C:\WINDOWS\SYSTEM32\riqmc.dll Trojan horse Startpage. 19.AO". AVG gives me the option of deleting it, which I do, but then AVG keeps popping that up every time I open my home page which apparently keeps being changed to "about: blank". Keep getting popups that are advertising whatever I search for on the internet. Logfile of HijackThis v1.99.1Scan saved at 2:13:19 PM, on 11/3/2005Platform: Windows XP SP1MSIE: Internet Explorer v6.00 SP1Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Nhksrv.exeC:\WINDOWS\sysii32.exeC:\WINDOWS\System32\Ati2evxx.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\MMKeybd.exeC:\Program Files\Common Files\Real\Update_OB\rea... Read more

A:White X In Red Circle In Taskbar.

Hello and Batman500 welcome to BleepingComputer.You have HijackThis running from a temporary or zip folder. Any backup files HJT creates during the repair process will not be secure if left in this folder. Before we use HJT to get rid of some entries, we need to get it into a permanent location. Create a folder on the C: drive called "C:\HJT". You can do this by opening My Computer then double click on Local Disk (C:). In a clear area right click and select New then Folder and name it "HJT". Unzip HijackThis into this folder. Please delete any other copies of HijackThis and run HJT only from this new folder. If required a tutorial is here.Please read through the instructions before you start (you may want to print this out or copy it into a word program).Download and install the trial version of Ewido Security Suite.When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".- Launch Ewido, there should be an icon on your desktop double-click it.- The program will now go to the main screen.- On the left hand side of the main screen click update.- Click on Start.The update will start and a progress bar will show the updates being installed.Once the updates are installed, close Ewido. Tutorial if neededDownload AboutBuster.zip.- Unzip the contents of AboutBuster.zip to it's own folder.- Navigate to the AboutBuster folder and double-click on AboutBuster.exe.- Clic... Read more

Read other 6 answers
RELEVANCY SCORE 60

OK -- my old computer hit the skids, but before it did, I had the dreaded red circle/white X problem.You guys fixed it. Here's the link. http://www.bleepingcomputer.com/forums/t/129285/red-circle-white-x-ultimate-defender/My wife and I were looking for cars online, her computer shut down and rebooted. I thought "uh oh". Sure enough, now she's got the red circle / white X. Let's do this again..... (sigh)Log created by WinPatrol version 15.5.2008.0:15.5.2008.0
Scan saved at 10:49:16 PM, on 7/18/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\aspimgr.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMntor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\carpserv.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\ORiNOCO\COMBOCARD 11AG\Utility\orinoco.exe
C:\PROGRAM FILES\Java\JRE1.5.0_06\bin\jusched.exe
C:\PROGRAM FILES\QUICKTIME\qttask.exe
C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
C:\PROGRAM FILES\COMMON FILES\Real\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDO... Read more

A:The Red Circle White X Returns

Hello Holy Moses and welcome to BC. Let's see what we can find. Follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Fo... Read more

Read other 9 answers
RELEVANCY SCORE 60

Hi, I've tried myself to get rid of the virus using the programs that have been suggested. I used McAfee (which sucks, but it's my mom's computer and she doesn't trust it unless it costs money.)

I also ran, CC Cleaner, Malwarebytes, and SuperAnti Spyware. It's gone, but I just want to make sure it's REALLY gone.

The problem was a White X in a Red Circle saying I had to update spyware, and it kept opening up POP-UP ads every 10 seconds. I just turned the internet back on, and I re-downloaded HJT and this is my log.

Thank you guys so much in advance for all your help!!! This computer isn't used much so I'm astonished it has a virus at all, but let's see what the nasties are! lol.

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:24 AM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Common Files\Apple\Mo... Read more

A:HJT Log: White X in Red Circle Problem (Pop-ups, etc...)

I'm including this Malwarebytes file as well:

Thanks!!
Malwarebytes' Anti-Malware 1.41
Database version: 2823
Windows 5.1.2600 Service Pack 3

9/19/2009 2:54:53 AM
mbam-log-2009-09-19 (02-54-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 166241
Time elapsed: 1 hour(s), 0 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZCLZ5EM4\exe[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdl59F.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 

Read other 1 answers
RELEVANCY SCORE 60

Two days ago i was searching through the internet..
Suddenly my computer(windows xp sp2) was rebooting..
next time it loaded up popped the red circle with white 'x'
saying im infected and its downloading a program..
Then something installed, i didn't know what it was but there was a progress bar.. i coudn't cancell this or what so ever..
Then again my PC restarted. The red circle with with 'x' is now gone..
But after about 1 minute my whole pc just freezes..
Now everyone i log on to my account it freezes after 1 minute or so..

It runs fine on safemode so it can't be hardware right?

Please help me, I would really appriciate it

thanks in advance.
 

A:PC Freezing After Log on | Red Circle White 'X'

Please please please help

This is the hyjack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:32, on 17/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Prog... Read more

Read other 1 answers
RELEVANCY SCORE 60

Hey I have a red circle with a white x in it in my taskbar. I have no idea how it got there or how to get rid of it. I know that I cannot do a system restore and that I cannot access my task manager either. It tells me "Task manager has been disabled by your administrator. This problem is on a Dell Dimension 2400 running Windows XP Home SP3. I need this fixed as soon as possible. Any help is greatly appreciated.I created a HJT log and it reads as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:15:20 PM, on 12/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfe... Read more

A:Red Circle with White X REmoval

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 60

I need some help. I can't figure out how to get this off my computer. Here is my HJT log....

I am doing this on a secondary laptop since i can't get to any of these websites on the infected computer...
DDS (Ver_09-02-01.01) - NTFSx86
Run by User at 21:41:37.92 on Sat 03/14/2009
Internet Explorer: 6.0.2900.5512

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.toshiba.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshiba.com/
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MSMSGS] "c:&#... Read more

A:red circle w/white x in taskbar

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers