Over 1 million tech questions and answers.

VIRUS ALERT! in system tray clock

Q: VIRUS ALERT! in system tray clock

i have SuperAntiSpyware, MalwareBytes, and Avira installed trying to remove the virus to no avail.they do not find anything.the PC that im running is an XP SP3 machine with AMD athlon 1800+ @ 1.53GHz , 256 MB DDR ramI also have an HJT log saved if neededDDS LOGDDS (Ver_09-12-01.01) - NTFSx86 Run by TomlinJ at 2:50:36.34 on Thu 03/04/2010Internet Explorer: 7.0.5730.11============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2uSearch Page = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uWindow Title = Microsoft Internet Explorer provided by CompaquSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uDefault_Page_URL = hxxp://start.earthlink.netuDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.htmluSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7uSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=mSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: {3c4efcf2-cb3a-462a-945e-97fa946c4830} - c:\windows\system32\xxyvuRLe.dllBHO: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No FileBHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No FileBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: {E07D22E1-CE3A-487F-B754-8044DBEDB049} - No FileBHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllTB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No FileTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileTB: {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - No FileEB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [HistoryKill] c:\program files\historykill\histkill.exe /startupuRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"mRun: [WCOLOREAL] "c:\program files\compaq\coloreal\coloreal.exe"mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exemRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUNmRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [Update 3400C] c:\program files\hewlett-packard\hp precisionscan\precisionscan ltx\update.exe 3400C+mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"mRun: [srmclean] c:\cpqs\scom\srmclean.exemRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUNmRun: [Recguard] c:\windows\sminst\RECGUARD.EXEmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkeymRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exemRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exemRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exemRun: [BtcMouseMaestro] "c:\program files\hp wireless 4 button laser mouse\KMaestro.exe"mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -huPolicies-explorer: NoToolbarCustomize = 1 (0x1)uPolicies-explorer: StartMenuLogoff = 1 (0x1)uPolicies-explorer: NoStartMenuMorePrograms = 1 (0x1)uPolicies-explorer: NoSetFolders = 1 (0x1)uPolicies-system: DisableTaskMgr = 1 (0x1)uPolicies-system: DisableRegistryTools = 1 (0x1)uPolicies-system: NoDispCPL = 1 (0x1)IE: Ebates - file://c:\program files\ebates_moemoneymaker\sy350\tp350\scri350a.htmIE: Web Savings - file://c:\program files\websavingsfromebates\system\temp\ebateswebsavings_script0.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dllDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cabDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {53406295-12AB-4F49-824A-C5EAD19365DE} - hxxp://www.compaq.com/athome/support/PCHInstallTrust01.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cabDPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: awttttTK - awttttTK.dllNotify: igfxcui - igfxsrvc.dllAppInit_DLLs: vizfxs.dll c:\windows\system32\guard32.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: {E07D22E1-CE3A-487F-B754-8044DBEDB049} - No FileLSA: Authentication Packages = msv1_0 c:\windows\system32\xxyvuRLe================= FIREFOX ===================FF - ProfilePath - c:\docume~1\shawn\applic~1\mozilla\firefox\profiles\kir2ad2d.default\FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}============= SERVICES / DRIVERS ============================== Created Last 30 ================2010-03-04 07:47:23 0 ----a-w- c:\documents and settings\shawn\defogger_reenable2010-02-25 08:32:47 258800 ----a-w- c:\windows\system32\drivers\sfi.dat2010-02-25 08:25:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo2010-02-25 08:25:40 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys2010-02-25 08:25:40 171552 ----a-w- c:\windows\system32\guard32.dll2010-02-25 08:25:39 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys2010-02-25 08:25:29 0 d-----w- c:\program files\COMODO2010-02-25 06:39:46 0 d-----w- c:\program files\CCleaner==================== Find3M ====================2010-03-04 07:40:21 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys2010-02-25 04:47:06 5366 ----a-w- c:\windows\compaq.reg2010-01-27 09:33:05 1884 --sha-w- c:\windows\system32\eLRuvyxx.ini22008-08-11 22:19:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081120080812\index.dat============= FINISH: 2:58:17.15 ===============

RELEVANCY SCORE 200
Preferred Solution: VIRUS ALERT! in system tray clock

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: VIRUS ALERT! in system tray clock

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfilesCREATERESTOREPOINTClick the "Quick Scan" button.Please copy and paste both logs back here in your next reply.

Read other 6 answers
RELEVANCY SCORE 108.8

Hi,I've had an infection. I researched and performed the combofix/recovery tool programs and seem to be back to normal. Can you please check these logs and make sure there are no traces? Thank you in advance**EDIT**I also seem to not be able to establish an internet connection. I can do so with other laptops(the one I'm on) on the same wireless network, but cannot with the infected one, still.HIJACKTHIS LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:55, on 8/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Common Files�... Read more

A:Virus Alert In System Tray By The Clock

I've ran everything I know of to run.

It says I am connected to my wireless router. But Firefox or IE won't connect to anything.

Any ideas. I'm desperate

Thanks

Read other 3 answers
RELEVANCY SCORE 84

Hi guys,
got home yesterday and my daugther told me that the computer wasn't working good... here we go... i don't know what she did but now there's a red dot with an white "x" inside that blinks in the system tray, internet explorer doesn't work (no internet connection) can't find my c drive in windows explore and in my computer. i'll borrow a laptop and get a hjk log to you asap.

hope you can help

A:virus infected! in system tray beside clock

here's hjk log file hope someone can help

Logfile of HijackThis v1.99.1
Scan saved at 16:41: VIRUS ALERT!, on 16/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Netwo... Read more

Read other 2 answers
RELEVANCY SCORE 82.4

Hi, any help anyone can give me is greatly appreciated. I have this virus that changed my system clock to military time, won't let me bring up my computer and has put a VIRUS ALERT! next to the system clock. Again any help would be much appreciated. My hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:32: VIRUS ALERT!, on 9/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Comodo\CBOClean\BOCORE.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\WINDOWS\system32\LxrJD31s.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC... Read more

A:Virus Alert Beside System Clock

Hi John05, Welcome to the forums!My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:Please make an Uninstall List using HiJackThis.To access the Uninstall Manager you would do the following:1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.Lastly, please keep these points in mind:If you have questions, please DON'T hesitate to ask!The instructions I give are specific to your current problem and should not be used on other systems.Please post your replies only to this topic, and please DO NOT start a new thread.Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"I am reviewing your log now, and will be back wi... Read more

Read other 4 answers
RELEVANCY SCORE 81.6

HELP! VIRUS ALERT! in system tray!? no longer administrator
Hi I am having a problem with my computer. It happened yesterday. Every now and then I get "Virus Alert!" in system tray as well as white X with a red circled background. Also there are 3 links or programs on my desktop (Error Cleaner, Privacy Protector and Spyware&Protection). However that is only half of it. I initially had my C and D drives missing in My Computer as well as when I go to "Start" the All Programs tab is sometimes missing and most of the icons on the right hand side are gone. As well as the ability to "Run". I have just got a pop-up with the heading Windows Security Alert, which states:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Another pop-up saying:
Security Warning!

Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and EXE and Active-X objects. The Worm has its own SMTP which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP,... Read more

A:Virus Alert in system tray

To get Expert Help with malware removal:

I recommend that you read this article… ( Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? First steps;
IMPORTANT - Read This Before Posting For Malware Removal Help

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the
HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum;
not back here in this one.

When carrying out The 5 Steps,
IMPORTANT - Read This Before Posting For Malware Removal Help

if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Read other 1 answers
RELEVANCY SCORE 81.6

My browser seems to be hijacked and when on the internet I get unwanted pop ups and when surfing the web random pages open up without me doing anything. To the right of my clock on the bottom right it reads VIRUS ALERT!. Here is my main log from Deckerd Scanner System. Spybot keeps finding "virtumonde.dll virus".


Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-06-18 13:57:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
107: 2008-06-18 20:58:54 UTC - RP908 - Deckard's System Scanner Restore Point
106: 2008-06-17 15:55:54 UTC - RP907 - Windows Defender Checkpoint
105: 2008-06-17 00:10:45 UTC - RP906 - Last known good configuration
104: 2008-06-17 00:10:34 UTC - RP905 - Installed Adobe Reader 8.1.2
103: 2008-06-17 00:10:34 UTC - RP904 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-17 00:09:49 UTC - RP802 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-18 14:02:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: In... Read more

A:Virus Alert in System Tray!

Hi, welcome to tsf!

Please visit this webpage for download links, and instructions for running combofixl:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
__________

You're using an older version of Hijackthis. Please uninstall the older version via control panel > add/remove programs

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon tha... Read more

Read other 9 answers
RELEVANCY SCORE 81.6
A:Solved: Virus Alert By System Clock

problem soved through another forum. thanks anyhows
 

Read other 1 answers
RELEVANCY SCORE 80.8

Here is my main.txt and extra.txt. Thank you so very much ahead of time for any and all assistance.

MAIN.TXT-

Deckard's System Scanner v20071014.68
Run by Steve on 2008-05-25 18:13:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2008-05-25 22:13:51 UTC - RP164 - Deckard's System Scanner Restore Point
24: 2008-05-25 21:07:06 UTC - RP163 - Installed McAfee VirusScan Enterprise
23: 2008-05-25 20:58:45 UTC - RP162 - Removed CodeZulu Bind Maker
22: 2008-05-25 16:43:48 UTC - RP161 - Software Distribution Service 3.0
21: 2008-05-25 15:39:31 UTC - RP160 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-23 23:15:09 UTC - RP140 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Steve.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14: VIRUS ALERT!, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system3... Read more

A:VIRUS ALERT! message in system tray...

Hi, welcome to TSF!

1.) You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

2.) Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

3.) Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove y... Read more

Read other 5 answers
RELEVANCY SCORE 80.8

I have a flashing icon in the system tray that looks like a green wheelchair alternating with a slashed circle.Every so often a red box pops up saying "Your computer is infected!", etc etc.Did some research but all the solutions I found referred to files I cannot find in the system32 folder. I don't have any entries for SpywareQuake on add/remove programs. The screenshots of other people's infections all seemed to have a green box but were otherwise the same.Here is my HT log:Logfile of HijackThis v1.99.1Scan saved at 2:14:58 PM, on 4/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\dcomcfg.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Mozilla Firefox\firefox.exeC:... Read more

A:Infected With System Tray Virus Alert

Hello and Welcome to the Forum.Download Killbox by Option^Explicit. Save it to your desktop.Restart your computer into safe mode now. Perform the following steps in safe mode:Double click the KillBox program to launch it Click on Tools>Delete Temp FilesSelect "Replace on Reboot" and "Use Dummy" from the left hand column. Next copy/paste the following into the "Full Path to Delete" box:

C:\WINDOWS\SYSTEM32\winowl32.dll
Click the Red Button with the White x on it. Click the "Delete File" button Reboot your computer==================================Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the you.

Read other 9 answers
RELEVANCY SCORE 80.8

Hi, although using bit defender, have had a virus pop up on my PC which I can't get rid of. I've looked at what I thought are the files causing the issue and removed with Hijack this but still can't remove this annoying pop-up from my tool bar which display that my PC is affected with a virus. Also, have a spyware toolbar added to Internet Explorer I can't get rid of (assume they are related). The pop up states to please use antimalware software to clean and protect my PC. Please if you have any advice to identify the files causing this would be a great help.

PC is running on Windows XP.

Many Thanks!

A:can't remove virus alert pop-up in system tray

Please follow the 5 Step process outlined here

Then download Hijackthis:
* Click here to download HJTsetup.exeSave HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Read other 8 answers
RELEVANCY SCORE 80.8

I would appreciate some help please, with cleaning a desktop computer of a "ContraVirus' program installation. This is for a Windows 98se desktop computer - not currently connected to the internet (but this can be arranged later, if necessary. I am currently using a separate computer for Internet access and research - WinXp notebook computer).
The affected system (Win98se) appears to have installed "ContraVirus 2.0" program, 12 months ago and due to a recent change of owner and internet connection on dial-up is now becoming unuseable. Some symptoms are: Unable to enter Safe Mode, have an icon in system tray showing 'Virus Alert' with white cross in red circle. Left or right mouse clicks on the cross gets no response. Dial up connection periodically tries to connect (This maybe AVG antivirus, though). Recent add/remove program uninstalls have been done for 'ContraVirus 2.0' and 'Sierra - planner.exe'. AVG 6.0 Anti-Virus will not download updates, reporting that a file is missing?. AVG scan shows clean, but registry still has ContraVirus entries.

Log File follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:48 PM, on 13/12/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.E... Read more

A:ContraVirus 2.0 on Win98se system and Virus Alert! in system tray

No takers yet? - who loves a challenge?.
The Hijackthis log above is still current. I will hold off doing anything for awhile longer. Would really appreciate some experienced step by step removal instructions or link to a solution. Even a first step would be great - Thanks
 

Read other 2 answers
RELEVANCY SCORE 80.4

Ugh, I hate Viruses. I knew when I clicked on this file it was a virus right away. At first it stripped my nice background image and gave this plain bluish backdrop and came up with virus warnings and many different virus scanner ads that wouldn't go away, they popup continuously. It took over my internet explorer and redirects it to download more viruses when it's opened. The system clock now says the time followed by "VIRUS ALERT!" in the lower right corner. I seem to have lost some icons, not sure what but there are definitely less on my screen now. Settings>Control Panel doesn't show up when you click on the start menu. I ran AVG and it found many different viruses and put them into the vault. Also ran Ad-Ware and stripped everything it found. Only thing left that I can think of is cleaning the registry but I need help in doing so. I'm not familiar with making adjustments to this critical file. Below I'm posting a copy from AVG and HijackThis.I'm having to use my business computer to surf the web for instructions on cleaning this garbage. I depend on this laptop for my wife?s online PhD courses any help would be greatly appreciated. How do we pay for your support? Donations? Box of flowers? Bow and kiss your toes? Give up my first son?DetailsThe laptop: HP Pavilion dv8000 Operating System: Windows XP Service Pack 2Ad-Ware Definitions File: 0117.000AVG Free version 8.0.169 Virus DB: 270.6.21/1669AVG scans over the last week or so: HijackThis information c... Read more

A:Virus Alert! In System Clock & Messed Up Registry

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 10 answers
RELEVANCY SCORE 80

I am currently using Zone Alarm's Firewall, I have Norton AntiVirus installed, and Ewido is installed with active-guard. Furthermore, I've run Stinger, AdAware, Spybot, ATF-Cleaner, RogueScan, and SmitRem.... I've tried numerous fixes, and I've also fixed several problems in HJT. I've done all of this in Safe Mode as well, and even turned off the system restore while rebooting, so that the problem wouldn't come back.. No fix I know of seems to eliminate this problem...Fortunately the problem is a little bit better than before...I now can control my web browser's startup page and it seems I've eliminated the spyware quake. I used to have uncontrollable pop-ups but those are gone. I've gotten rid of a trojan dropper and dialer. There was a triangular yellow caution sign in my system tray, associated with the popups and the Internet Explorer hijack, but that is gone now. The only thing that I can't get rid of is a little symbol in the system tray that flashes back and forth between what looks like a green handicap symbol (I honestly don't know what it's supposed to be) and a red "ban" symbol. When I hold my cursor over it it says "Virus Alert!" Every now and then red boxed messages appear telling me I am infected with spyware, trying to get me to go to a site and buy softare. In fact, it takes me to SpywareQuake.com...Any help you can give me is greatly appreciated.Here is my HJT log:Logfile of HijackThis v1.99.1Scan saved at 2:25:59 AM, on 4/15/... Read more

A:"virus Alert!" Icon Flashing In System Tray

Hello Harry83,Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. ______________________________ Please download the trial version of Ewido anti-malware 3.5 from here: http://www.ewido.net/en/download/ Install Ewido anti-malware. When installing, under Additional Options uncheck Install background guard and Install scan via context menu. When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok. The program will prompt you to update. Click the Ok button. The program will now go to the main screen.You will need to update Ewido to the latest definition files. On the left-hand side of the main screen click the Update Button. Click on Start.The update will start and a progress bar will show the updates being installed. Once finished updating, close Ewido. ______________________________ Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your ne... Read more

Read other 37 answers
RELEVANCY SCORE 80

Hi I am having a problem with my computer. It happened yesterday. Every now and then I get "Virus Alert!" in system tray as well as white X with a red circled background. Also there are 3 links or programs on my desktop (Error Cleaner, Privacy Protector and Spyware&Protection). However that is only half of it. I initially had my C and D drives missing in My Computer as well as when I go to "Start" the All Programs tab is sometimes missing and most of the icons on the right hand side are gone. As well as the ability to "Run". I have just got a pop-up with the heading Windows Security Alert, which states:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Another pop-up saying:
Security Warning!

Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and EXE and Active-X objects. The Worm has its own SMTP which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista
Security Risk (0-5): 5
Recommendations: Click yes t... Read more

Read other answers
RELEVANCY SCORE 80

Hi I am having a problem with my computer. It happened yesterday. Every now and then I get "Virus Alert!" in system tray as well as white X with a red circled background. Also there are 3 links or programs on my desktop (Error Cleaner, Privacy Protector and Spyware&Protection). However that is only half of it. I initially had my C and D drives missing in My Computer as well as when I go to "Start" the All Programs tab is sometimes missing and most of the icons on the right hand side are gone. As well as the ability to "Run". I have just got a pop-up with the heading Windows Security Alert, which states:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Another pop-up saying:
Security Warning!

Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and EXE and Active-X objects. The Worm has its own SMTP which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista
Security Risk (0-5): 5
Recommendat... Read more

A:Virus Alert! In System Tray, Pop-ups, No Longer Adminstrator

Hello there, welcome to BleepingComputer Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Download SmitfraudFix (by S!Ri)Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.Reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support.Once in Safe Mode, open the SmitfraudFix folder again. Double-click smitfraudfix.cmd.Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.... Read more

Read other 6 answers
RELEVANCY SCORE 80

Picked up this virus. Followed instructions and advice from other users and threads and used ComboFix. Seems to have worked. Greatful if someone could look at the attached log file and let me know if there is anything still there. Can't seem to connect to the internet though.

A:VIRUS ALERT! in System Tray and Missing Drives

Hello, bk_james
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on your syst... Read more

Read other 2 answers
RELEVANCY SCORE 80

Three days ago I detected a virus/worm in my computer - [email protected] Since then I've read forums and downloaded anti-spyware programs that would remove it, and partially it did, but an icon still remains....which means that some spyware can be still in my computer.... The icon is a red circle with a red line across and it changes to a green handicapped symbol every second, which says "Your computer is infected! Critical System Error! System detected virus activities..." and I can't get rid of it.... So, I need your help... Thanks for your assistance.Susana MarinhoPortugalHere is my HijackThis log file Logfile of HijackThis v1.99.1Scan saved at 12:01:29, on 25-04-2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\crypserv.exeC:\Programas\ewido anti-malware\ewidoc... Read more

A:"virus Alert" Icon In My System Tray - [email protected]

Hello there, *It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! * Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs as a "RiskTool"; it is not a virus, but a program used to stop system processes.David

Read other 11 answers
RELEVANCY SCORE 79.2

Hi,

There is a virus in my machine( I guess), as there is a flashing icon in my system tray which flashes green and red. On mouse over of the icon says "Virus Alert!". On clicking on the icon gives the message -
Your computer is infected!

Critical System Error! This may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available softwares.

On Clicking on the message, takes you to http://www.spywarequake.com/?aff=247.

Please advise on how this icon and the associated program can be removed from the system.

Thanks,
 

A:Flashing Icon in system tray with Virus Alert message

Read other 9 answers
RELEVANCY SCORE 78.8

Hi,

This is my first post here, and my computer appears to be infected.

The Symptoms:
-- The desktop has "disappeared" and is replaced by a blank blue screen. The icons on the desktop are all gone.
-- There is no "bar" at the bottom: no start button, no task bar, no clock, no indications of open programs. i.e., the entire screen is blue.

-- However, the situation is different right after I start-up.
-- At first, I see all my programs. Sometimes I see the task bar and start button, clock, etc., sometimes not.
-- But something is wrong even then. The computer is slow. And I know desktop will not last long. Sometimes if I am quick I can double click on a desktop icon before the desktop disappears.
-- Sometimes there is a "transition" period. For a few seconds I'll see the desktop, then for a few it will go "all blue".
-- When it is "all blue", I can still get into programs. If I open up the task manager, I can click on the "New Task ..." button under the "Applications" tab.
-- I can still work with documents, but thinks are slow.
-- When I start in safe mode, I still have the problem of the missing desktop.

Other Signs:
-- When I can see the clock, it says "VIRUS ALERT!" followed by the time. My google searches inform me that this is a common symptom.

What I have done so far:
-- I've done the Norton "Quick Scan" -- found something the first time, and fixed i... Read more

A:Fake Anti-virus -- No Start Menu/task Bar/clock -- Or Has "virus Alert" At Clock

Welcome to BC no_more_virusIf you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY.-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.To fix the policy restrictions created by this infection, please open the SDFix folder or download XP_CodecRepair.inf and save it to your desktop. for Windows XP ONLY. Right-click on XP_CodecRepair.inf and select Install from the Context menu.Note: To download the .inf file, go to File, choose "Save page as" All Files and save XP_CodecRepair.inf to your desktop.Then log off or reboot to apply the changes.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has f... Read more

Read other 3 answers
RELEVANCY SCORE 78.4

Hi,

Recently i got a spyware attach where my laptop is flooded with lots of popups and also start button has disabled lot of buttons. After following the steps posted in the forum task manager is now working and there are no more popups. Now i have following issues.

1. There is VIRUS ALERT! in the system tray
2. System is bit slow
3. Disk Drives are not visible but when i run windows explorer i can see
4. Start button missing lot of entries
5. No access to Control Panel through start

Below is the HijackThis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13: VIRUS ALERT!, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco System... Read more

Read other answers
RELEVANCY SCORE 78.4

Hi All --Last weekend I caught what I believe was a case of mssearchnet + nvctrl and perhaps spyfalcon. Using the advice of this site (awesome, thanks!) and some others, I've managed to be back to normal with one really annoying exception: the "Virus Alert!" flashing icon and occassional message ("Your computer is infected! Critical system error! blah blah blah"). The icon is the green wheelchair icon flashing over to the "ban" icon - red circle, single red line running through it. Interesting to note that no link appears to be functioning in the pop-up box. It's just flashing and popping up every so often. I've gone through many other posts on this and have run the following (in safe mode as well as normal boot mode): ad-aware, spybot, ewido, panda, mcafee, stinger. After every re-boot, I'm still greeted by the unwelcome flashing icon. I disabled system restore early in the process as well. Can someone take a look at my HiJack and SmitFraud logs? Much thanks in advance!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of HijackThis v1.99.1Scan saved at 9:43:50 PM, on 4/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\W... Read more

A:"virus Alert!" Icon Flashing In System Tray - Other Issues Solved

...I did a bit more research and looks like the line from the SmitFraud log held the key:

C:\WINDOWS\system32\suprox.dll FOUND !

Sooooo.....

Booted into safe mode, renamed it, deleted it, and now all seems to be fine.
Even though I didn't have any direct contact with the mods on here, I did learn a whole lot scrolling through these posts. I think this site really provides a great service (especially for the price)! Thanks.

Read other 3 answers
RELEVANCY SCORE 78.4

Ive tried smitfraud and everything. I have webroot spysweeper but nothing seems to work. I tried the going into safe mode and smitfraud procedure but nothing seemed to work. Im posting my HJT Log below...Please someone help.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:49 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\dllcache\win32\winlogon.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\windows\system32\dllcache\win32\csrss.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
D:\Program Files\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Secretmaker\secretmaker.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\... Read more

A:Solved: Virus Alert Flashing Icon in system tray....need help desperatly..Pls

Read other 16 answers
RELEVANCY SCORE 78.4

Hi All,
I am getting a popup in the system tray with a wheelchair and no sign. It tells me I have a Virus. When I go home in Internet Explorer I it changes from about:blank to .safetyuptodate.net/ It will not allow me to change the url.

Photo of item in systemtray


Latest Logfile below. Can you help?


Logfile of HijackThis v1.99.1
Scan saved at 9:46:36 AM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common File... Read more

A:HiJackThis Log File - Virus Alert In System Tray - http://www.safetyuptodate.net

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba

Read other 9 answers
RELEVANCY SCORE 78

Hi there,
I am running Windows XP SP2
I have constant bogus system and virus alerts along with VIRUS ALERT! displayed by the clock. In addition to this when I select the 'Start' button the options for 'All programs', 'My Computer', 'Control Panel', 'printers and faxes', 'help and support', 'search' and 'run' have all disappeared. The only ones left are 'Set program access and defaults' and a 'connect to'
I have worked through your steps 1 to 5 with the following results:

STEP 1
I have AVG free and McAfee Security centre running, I have tried to uninstall McAfee but when I try and uninstall it I get an error message saying that legacy items must be removed first. At this point I am unable to select the uninstall option so I have had to leave it running for now.
In accordance with your malware list I removed 'ShopperReports by Hotbar' and 'Viewpoint Media Player'. There was nothing on spyware warrior that I needed to remove.

STEP 2
I have downloaded Panda Active Scan but when I try to install it I get an error message at 100% requesting me to try again. I have tried numerous times, it won't install. Hence there is no Panda scan log.

STEP 3
I have downloaded Spyware blaster and ie-spyad. Whilst installing ie-spyad and having to browse to select the file I noticed that there was no 'C' drive displayed in 'my computer'

STEP 4
Up until these problems started I had always kept windows up to date. When checking the latest updates as per your link I get an error me... Read more

A:Constant bogus system alerts and VIRUS ALERT! displayed alongside the clock

Bump please

Read other 13 answers
RELEVANCY SCORE 72

My brand new Dell computer has the wrong time in the system tray. I have checked to make sure that I am in the correct time zone, (pacific time), but it is two hours off. Can I fix this myself or do I have to call Dell? Thank you
 

A:System Tray Clock

Read other 7 answers
RELEVANCY SCORE 71.6

Yes, this virus is still out there and somehow it got to me, and on my day off to..
Anyways, I have Webroot spy sweeper and AVG:Free Edition control center. The AVG is always turned on but my WebRoot wasn't. I scanned with both and the Virus icon is still there. Its the one that keeps popping up with a message saying that my computer is infected. Critical System Error! System detected virus activites, they may cause critical system faiulre ect.. My Web Root has not got rid of it after sweeping my system twice. I got a message earlier to install Spysweeper Quake? But I did not. Anyone have any info on how to get rid of this thing? I have no idea how to access my hijack logs. Any easy instructions on how to get rid of this annoying virus icon would be appreciated.
Thanks in advance!
 

A:Virus Alert!! Flashing icon in system icon tray

Read other 15 answers
RELEVANCY SCORE 71.2

Hi to All !

this is my first post to this forum , so please be kind enough to guide me if i blunder on anything !

Problem:

When I boot my PC, it boots successfully most of the time,
but sometimes, at least once in a day , when i boot it, it boots to take me to the windows GUI but when i just look at the Clock in the System Tray , its running too fast ,
i mean, after every 2 to 4 seconds, it increments one minute,
and after five minutes when i have a look at it, i am usually half an hour ahead of the real world time,

when my PC boots into this state , the windows start up sound plays only half the melody and not the complete sound ,
and while in this state, no exe file executes ( i click on the icons but the file does not run),

Amazingly,
in this state , when i reboot my PC again,
it boots back to absolute normality as if nothing happened,
the Clock in the System Tray goes back to normal and it shows the same normal time as it did before the abnormal boot up ( i mean the same time as the real world time as it should normally do )


I am simply awestruck in this problem,
being an electrical engineer myself, this problem has left me clueless as to if its a virus, trojan , spyware , registry error, OS configuration error or a hardware problem ???



System Specs:

Processor: P4 Celeron 1.8GHz
RAM: 256MB
MotherBoard: Mercury
AntiVirus: NOD32 (Updated)
OS :Windows XP SP2
(This copy of OS was installed one month ago and i am having the above ment... Read more

A:System Tray Clock Gone Wild ???

replace the cmos battery

Read other 2 answers
RELEVANCY SCORE 71.2

In the system tray my clock use to display the time only. Now it displays the day and date as well. How do I change it back to just display the time?
 

A:Solved: Clock in System Tray

shrink down the task bar
 

Read other 3 answers
RELEVANCY SCORE 71.2

(1) How can I get the sys tray clock to show hh:mm:ss tt ?

I changed the short and long time format yet "ss" is not showing expect when I move cursor over clock.

Changes to date format reflect in sysclock right away.

(2) Is there a freeware clock available that is Win 7 compatible that I could use instead of the default clock?

Appreciate any suggestions - thanks!

A:System Tray Clock Display

Hello BeepBeep, welcome.

1) I know you can set the long time (which includes seconds) but I do not believe there is a way to show it on the tray clock (at least I cannot get it to do that).

2) There are gadgets that are clocks, as well as numerous programs that function the same (Banshee Screamer Alarm always amused me)

~Lordbob

Read other 6 answers
RELEVANCY SCORE 70.4

The System Tray's Time/Date Display changed without my intentional intervention. It used to display (top to bottom)

Time
Date (MM/DD/YYYY)
Day of Week
It has stopped displaying the Date - Date (MM/DD/YYYY)

Wazzup with that? How do I get the date back the into the display?

Additional Info:
I use the following display settings - they have not changed recently:

Screen resolution - 1280 x 1024 (the highest for my video)
32-bit color (again, the highest)
96 DPI
2-row taskbar (see image, above)
No screensaver
Default theme

 

A:Solved: XP System Tray - Clock Display

Read other 7 answers
RELEVANCY SCORE 70.4

I wasn't sure where to put this as it has to do with the network, battery (on a laptop) the sound, and the action center.

I noticed today that none of my system tray icons are showing up. I went to customize and then turn off and on system icons, and they are grayed out.

I've looked around and saw a solution with deleting some registry lines and restarting explorer.exe but that didn't do anything. I also used a "fix me" from windows and that also didn't work. There was a solution having to do with the windows 7 ultimate that I couldnt do because my version (premium) doesn't have the gedit.msc (iirc) just a gedit.dll.

I can live with icons on the desktop that I can pin to the taskbar if I could only figure out how to actually get those icons to the desktop.

This is so insanely frustrating, thanks for the help everyone,

Evan

A:Cannot enable any system tray icons besides clock HELP PLEASE!

Hello Evan,

If you have not already, you might see if using OPTION TWO in the tutorial below may be able to help.

System Icons - Enable or Disable

Hope this helps,
Shawn

Read other 7 answers
RELEVANCY SCORE 70.4

Just installed a brand new copy of Windows XP Pro and find that the system tray is missing a couple of items that I would expect to see there. One is the clock, and the other is the icon that shows whether I am connected to the internet or not. Neither my hefty Windows manual nor Microsoft's help index make any reference to the system tray.
 

A:Missing clock in system tray, windows Pro

Line 320.-- Restore Volume/Net Icon to Notification Area
http://www.kellys-korner-xp.com/xp_tweaks.htm

Line 316 Sound Icon - Enable
http://www.kellys-korner-xp.com/xp_tweaks.htm

371. Restore Sound - Windows Audio Service
http://www.kellys-korner-xp.com/xp_tweaks.htm

http://www.jakeludington.com/window...e_control_program_has_not_been_installed.html
 

Read other 2 answers
RELEVANCY SCORE 69.6

I have a strange problem with Windows 8.1 Pro. I installed 8.1 Pro clean on this machine and the tooltips used to show just fine when I hover over the clock. Something has changed this behavior. I have uninstalled apps that I can remember installing AFTER it broke but I am still at a loss. I thank anyone who may offer assistance.
Photo of problem:

A:No date tooltip when I hover over clock in system tray

What if you hover over other icons, such as the speaker there in your system tray? Does a bubble appear after a couple seconds?

Read other 6 answers
RELEVANCY SCORE 69.2

am having a problem with this system alert down by the clock if i click on it. it takes me to a web page to get me to buy a av scanner it's very annoying also when i try to use firefox my desktop goes hay wire the clours look weird please help here is a hjt log

Logfile of HijackThis v1.99.1
Scan saved at 6:39:39 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\HP\HP Softwar... Read more

A:system alert down by clock please help have ( hjt ) log

Closing duplicate thread, please continue here: http://forums.techguy.org/security/541873-help-system-alert-down-clock.html
 

Read other 1 answers
RELEVANCY SCORE 69.2

i am having a problem with this system alert down by the clock if i click on it. it takes me to a web page to get me to buy a av scaner it's verry anoying also when i try to use firefox my desktop goes hay wire the clours look weard please help here is a hjt log

Logfile of HijackThis v1.99.1
Scan saved at 6:39:39 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\HP\HP Softwa... Read more

A:help with system alert down by clock

Read other 16 answers
RELEVANCY SCORE 69.2

Hello,
I somehow got a Spydawn system alert popup virus after downloading codecs from the 'net thinking it was safe, i was wrong. I knew i shouldn't have trusted the download but did it anyways.
I managed to get rid of some items that were sent to my desktop plus the system alert that was in my control panel-add/remove programs. I ran ewido, adware,spybot and smitfraud, it doesn't say smitfraud fix..? I even did all of this in safe mode too, but the system alert popup is still flashing in the bottom right corner but now i can not access internet explorer...can't make a connection to the internet.

I don't see anything referring to spydawn in the log.


My Hijackthis log displayed these files that appear to be part of my problem.
I have no internet connection so i can't show you the complete log unless i copy all of it word for word...which i did for just these particular ones that seem suspicious.


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

RO-HKLM\Software\Microsoft\Internet Explorer\Main,start_page_URL =
about:blank

RO-HKCU-same with local_page=about:blank

RO-HKLM.."same"local_page=about:blank

R3-Default url search hook is missing

O3-toolbar:(no name)-{bdad1dad-c946-4a17-adc1-64b5b4ff55do}-(no file)

018-Protocol:msnim-{828030a1-22c1-4009-854f-8e305202313f}-"C:\progra~1\msnmes~1\msgrapp.dll"(file missing)

021-SSODL:prxsvc-{c27eccbf-adea-48c8-842c-a4d699dbae9a}-(no file)

016-dpf{... Read more

A:Flashing system Alert at bottom right system tray, no connection,Spydawn,blank page?

Hi and Welcome to TSF

Look over the First Steps at Removing Malware , then post a HJT log in the HiJackThisLog Help Forum

Cant you copy the complete HJT Log onto a floppy/thumb drive/cd and then paste it in the HiJackThisLog Help Forum? this is the only way we can possibly start helping you

Read other 5 answers
RELEVANCY SCORE 68.8

Win 8.1 Pro
Intel MB graphics
2 DVI monitors
On only one of my Win 8.1 systems does this occur. I leave them all day. It is part of a domain. Screen goes into "turn off" mode after 2 hours. After midnight I lose the wallpaper (single image) and the screen is black. Icons are visible
and when I hover over them, they appear. The day/time in the system tray is stalled at the time of "blanking". This just started happening. I apply MS patches regularly. I have to CTRL-ALT-DEL to reboot and the wallpaper comes back.
The other Win 8.1 Intel system also uses intel graphics and it does not have this problem.

Any thoughts?

John Lenz

A:Desktop wallpaper goes black & clock in system tray stops~ 1 AM

I have upgraded to Win 10 and this error  no longer exists.John Lenz

Read other 22 answers
RELEVANCY SCORE 68.8

In my tray apears this mesagge flashing saying system alert and when i click on it this page pops up hxxp://spydawn.com/?aff=334, i already run ad-aware, spybot, trend micro pc cillin and hijackthis as it said on the tutorial...Please some help on it....ThxLogfile of HijackThis v1.99.1Scan saved at 12:10:26 AM, on 2/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\WINDOWS\system32\SearchIndexer.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS�... Read more

A:System Alert On Tray

Welcome to BC jugalo Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Read other 7 answers
RELEVANCY SCORE 68.8

Can someone help me with this? I have this system tray icon blinking with "System Alert!" info bubbles telling me I have spyware. If I try to do anything with it it sends me to "antivermins.com." I ran Adaware and Spyware and picked up a few things but I'm still getting pop ups.

Copied this from another thread since I have the exact same problems. However, when I did the Smitfraud thing, it didn't get rid of the problem.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:10 AM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared... Read more

A:System Alert in Tray

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 3 answers
RELEVANCY SCORE 68

I got infected with one of the fake "System Alert!" icons that keeps popping a message up every few minutes. I've run Ad-Aware, Spybot, and McAfee Anti-Virus multiple times both in regular Windows mode and in Safe Mode. I've also run the McAfee Stinger application. None of these have solved the problem. Here's my HT log, thanks for any help!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:14 PM, on 2/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Intel\Wireles... Read more

A:Infected With "system Alert!" In System Icon Tray

Hello Donnie M.,Welcome to Bleeping Computer Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Thanks,tea

Read other 14 answers
RELEVANCY SCORE 68

hi all...a past few days my comp. affected with XP antivirus 2008..i've scan with Malwarebytes' Anti-Malware.but now beside my clock still got "virus alert"..can anyone hel me to slove this problembelow is my HijackThis..tqLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:25: VIRUS ALERT!, on 7/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Tools Internet Security\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exeC:\Program Files\Creative\MediaSource\GO\CTCMSGo.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\... Read more

A:Virus Alert Beside My Clock

HiFirst ... as you've run Malwarebytes' Anti-Malware ... please post the log THEN ...Download Deckard's System Scanner (formerly Comboscan) to your Desktop.Note: You must be logged onto an account with administrator privileges.1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.5. Then do the same with extra.txtNote: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txtPlease remember to post both txt files ...Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.THEN ..Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My Co... Read more

Read other 2 answers
RELEVANCY SCORE 68

Hi,I was downloading a keygen the other day and I got a virus where it displays "Virus Alert" on the clock and it changed all the setting in my computer. I was able to resolve a lot of it. The only one that I have left is the wall paper setting. When I tried to change the wall paper setting. i got the following error... file:///C:/Windows/privacy_danger/indexi have posted the Hijackthis log below. hopefully, somebody could help...thanks....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:18:10 PM, on 8/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\Program Files\Common Files\LogiShrd&... Read more

A:Virus Alert On Clock

HiPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 2 answers
RELEVANCY SCORE 68

I had a virus alert next to the clock in addition to numerous other problems. Saw the fix here with using Malwarebyte's Anti-Malware, installed the program and ran it. It found numerous problems and fixed them, however I still have some issues. My wallpaper is gone. It shows up after booting then just goes to white. Also, on booting I get the message "cannot find 'file:///c:/Windows/privacy_danger/index.htm' " The computer is running much better and it appears that the Malwarebyte's program fixed most things but not all. Any more suggestions? I ran the program twice and it did find another problem the second time. I did reboot. Should I try a complete scan? Here are the logs:

First time:Malwarebytes' Anti-Malware 1.26
Database version: 1126
Windows 5.1.2600 Service Pack 3

9/7/2008 8:43:44 PM
mbam-log-2008-09-07 (20-43-44).txt

Scan type: Quick Scan
Objects scanned: 49284
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 15
Registry Values Infected: 29
Registry Data Items Infected: 13
Folders Infected: 1
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\efcDwUKB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wregiimn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\xwnldn.dll (Trojan.Vundo) -> Delete on reboot.
... Read more

A:Virus Alert Next To Clock

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow key... Read more

Read other 12 answers
RELEVANCY SCORE 68

Okay, I admit I was dl torrents and now Im in some trouble. I had my many virus protection programs running. As soon as I ran a recently dl program. All my vp programs went nuts! It stopped most of them but my search, control panel, run and my comp are missing. So, im in desperate need of some help. Thnx in advanced.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Diana\Application Data\inst.exe
C:\WINDOWS\erem.exe
C:\WINDOWS\SYSTEM32\fhiPoUvw.ini
C:\WINDOWS\SYSTEM32\fhiPoUvw.ini2
C:\WINDOWS\SYSTEM32\svevsbly.ini
C:\WINDOWS\system32\ylbsvevs.dll
.
---- Previous Run -------
.
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-13 17:26 . 2008-07-13 17:26 116,864 --a------ C:\WINDOWS\SYSTEM32\mmmghb.dll
2008-07-13 17:26 . 2008-07-13 17:26 116,864 --a------ C:\WINDOWS\SYSTEM32\hjjcbnwq.dll
2008-07-11 11:27 . 2008-07-11 11:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 09:46 . 2008-07-11 09:46 321,792 --a------ C:\WINDOWS\SYSTEM32\wvUoPihf.dll
2008-07-10 11:32 . 2008-07-10 11:32 <DIR> d-------- C:\Program Files\SymNetDrv
2008-07-10 00:34 . 2008-07-10 11:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-10 00:34 . 2008-07-11 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Applicati... Read more

Read other answers
RELEVANCY SCORE 68

i let my friend on my computer while i was at work, came home computer is screwed up /sighControl Alt Delete Disabledfiles are hiddenClock has a VIRUS ALERT Beside itSafemode works.i ran these following programs in safemode.Malware Bytes - Anti MalwareAd-ware Personal - SpywareAd-ware 2008 AVG?? Cannot run for some reason.Search and DestroyA-squaredSDFixSmitfraudFixPlease help, thanks, Morth.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:52:59, on 7/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware2008\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0ZR5LBX4\HiJackThis[1].exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: {c1e31e8c-a12e-d8a8-1eb4-bba4f8dc0e11} - {11e0cd8f-4abb-... Read more

A:Clock - Virus Alert? - Hj Log

Bump

Read other 4 answers
RELEVANCY SCORE 68

Here is my HighJackThis log:Logfile of HijackThis v1.99.1Scan saved at 6:56:07 PM, on 3/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\Program Files\D-Link\Air Utility\AirCFG.exeC:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exeC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\Intel\Intel® Active Monitor\imontray.exeC:\WINDOWS\Logi_MwX.ExeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\... Read more

A:System Alert In Task Tray

Hello,Some remarks first..I notice that you have Weatherbug installed on your computer ? This is very much an ad-enabled application which in addition to providing current outdoor temperature information in the System Tray together with real-time weather alerts can also draw unwanted ads and popups to your computer.Our recommendation would be to uninstall it using the Add or Remove Programs feature in Control Panel.If you want a program which provides weather information there is an ad-free alternative to Weatherbug called WeatherWatcher which is available free from http://www.snapfiles.com/get/weatherwatcher.html.Of course this remains entirely your choice, but please be aware that if you decide to continue using Weatherbug, your computer will be at an increased risk of infection from malware.I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer during HijackThis CleanupThen, Download ResetTeaTimer.bat.Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the compute... Read more

Read other 6 answers