Over 1 million tech questions and answers.

System Alert! In Taskbar Tray

Q: System Alert! In Taskbar Tray

Can't get rid of "System Alert!" icon in tray... It flashes between a white question mark inside a blue circle and what looks like a 'no smoking' sign...but with no cigarette in the middle...basically a red circle with a red line through the middle of it...What I've tried so far..Spybot scanAd aware scanAVG scanBooting in safe mode and running ATF-Cleaner and straight after that I ran SUPERAntiSpyware Free Edition.. It seemed to find it, told me it fixed it...but it still comes up when I get to windows..Here is my log ... Please help..Logfile of HijackThis v1.99.1Scan saved at 6:24:45 PM, on 11/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\ARPWRMSG.EXEC:\Program Files\HP DigitalMedia Archive\DMAScheduler.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\eHome\ehmsas.exeC:\HP\KBD\KBD.EXEc:\windows\system\hpsysdrv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Java\jre1.5.0_06\bin\jucheck.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheModeO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /runO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows...ggPublisher.exeO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

RELEVANCY SCORE 200
Preferred Solution: System Alert! In Taskbar Tray

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: System Alert! In Taskbar Tray

Welcome to BleepingComputer CullyCullen Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.*********************************Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply,along with a new Hijackthis log.

Read other 7 answers
RELEVANCY SCORE 69.2

Hello,
I somehow got a Spydawn system alert popup virus after downloading codecs from the 'net thinking it was safe, i was wrong. I knew i shouldn't have trusted the download but did it anyways.
I managed to get rid of some items that were sent to my desktop plus the system alert that was in my control panel-add/remove programs. I ran ewido, adware,spybot and smitfraud, it doesn't say smitfraud fix..? I even did all of this in safe mode too, but the system alert popup is still flashing in the bottom right corner but now i can not access internet explorer...can't make a connection to the internet.

I don't see anything referring to spydawn in the log.


My Hijackthis log displayed these files that appear to be part of my problem.
I have no internet connection so i can't show you the complete log unless i copy all of it word for word...which i did for just these particular ones that seem suspicious.


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

RO-HKLM\Software\Microsoft\Internet Explorer\Main,start_page_URL =
about:blank

RO-HKCU-same with local_page=about:blank

RO-HKLM.."same"local_page=about:blank

R3-Default url search hook is missing

O3-toolbar:(no name)-{bdad1dad-c946-4a17-adc1-64b5b4ff55do}-(no file)

018-Protocol:msnim-{828030a1-22c1-4009-854f-8e305202313f}-"C:\progra~1\msnmes~1\msgrapp.dll"(file missing)

021-SSODL:prxsvc-{c27eccbf-adea-48c8-842c-a4d699dbae9a}-(no file)

016-dpf{... Read more

A:Flashing system Alert at bottom right system tray, no connection,Spydawn,blank page?

Hi and Welcome to TSF

Look over the First Steps at Removing Malware , then post a HJT log in the HiJackThisLog Help Forum

Cant you copy the complete HJT Log onto a floppy/thumb drive/cd and then paste it in the HiJackThisLog Help Forum? this is the only way we can possibly start helping you

Read other 5 answers
RELEVANCY SCORE 68.8

I would appreciate some help please, with cleaning a desktop computer of a "ContraVirus' program installation. This is for a Windows 98se desktop computer - not currently connected to the internet (but this can be arranged later, if necessary. I am currently using a separate computer for Internet access and research - WinXp notebook computer).
The affected system (Win98se) appears to have installed "ContraVirus 2.0" program, 12 months ago and due to a recent change of owner and internet connection on dial-up is now becoming unuseable. Some symptoms are: Unable to enter Safe Mode, have an icon in system tray showing 'Virus Alert' with white cross in red circle. Left or right mouse clicks on the cross gets no response. Dial up connection periodically tries to connect (This maybe AVG antivirus, though). Recent add/remove program uninstalls have been done for 'ContraVirus 2.0' and 'Sierra - planner.exe'. AVG 6.0 Anti-Virus will not download updates, reporting that a file is missing?. AVG scan shows clean, but registry still has ContraVirus entries.

Log File follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:48 PM, on 13/12/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.E... Read more

A:ContraVirus 2.0 on Win98se system and Virus Alert! in system tray

No takers yet? - who loves a challenge?.
The Hijackthis log above is still current. I will hold off doing anything for awhile longer. Would really appreciate some experienced step by step removal instructions or link to a solution. Even a first step would be great - Thanks
 

Read other 2 answers
RELEVANCY SCORE 68.8

In my tray apears this mesagge flashing saying system alert and when i click on it this page pops up hxxp://spydawn.com/?aff=334, i already run ad-aware, spybot, trend micro pc cillin and hijackthis as it said on the tutorial...Please some help on it....ThxLogfile of HijackThis v1.99.1Scan saved at 12:10:26 AM, on 2/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\WINDOWS\system32\SearchIndexer.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS�... Read more

A:System Alert On Tray

Welcome to BC jugalo Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Read other 7 answers
RELEVANCY SCORE 68.8

Can someone help me with this? I have this system tray icon blinking with "System Alert!" info bubbles telling me I have spyware. If I try to do anything with it it sends me to "antivermins.com." I ran Adaware and Spyware and picked up a few things but I'm still getting pop ups.

Copied this from another thread since I have the exact same problems. However, when I did the Smitfraud thing, it didn't get rid of the problem.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:10 AM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared... Read more

A:System Alert in Tray

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 3 answers
RELEVANCY SCORE 68.4

I got infected with one of the fake "System Alert!" icons that keeps popping a message up every few minutes. I've run Ad-Aware, Spybot, and McAfee Anti-Virus multiple times both in regular Windows mode and in Safe Mode. I've also run the McAfee Stinger application. None of these have solved the problem. Here's my HT log, thanks for any help!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:14 PM, on 2/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Intel\Wireles... Read more

A:Infected With "system Alert!" In System Icon Tray

Hello Donnie M.,Welcome to Bleeping Computer Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Thanks,tea

Read other 14 answers
RELEVANCY SCORE 68

I've been using smitfraud, sb search and destroy, ad aware se and various amounts of spyware/malware removal programs and i can't get this (*#&%(& system alert button on my tray to go away! I've been trying to get the #(*%& thing off for 2 days. I'm going insane. Can somebody please help me? Smitfraud is supposed to go through a step where, "you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot." It doesn't do that and my notepad thing opens up in safe mode. Is there anyone that can solve this problem? Oh yeah, also when I click the balloon where it says there's viruses or whatever on my computer that's slowing me down, it takes me to the stupid antivermin site. Could somebody give me steps on that "Avenger" program thing? I'd like to try that since pretty much everything else hasn't worked.

Logfile of HijackThis v1.99.1
Scan saved at 5:32:45 PM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Syst... Read more

A:System Alert Tray Is Pissing Me Off!!

Read other 16 answers
RELEVANCY SCORE 68

Here is my HighJackThis log:Logfile of HijackThis v1.99.1Scan saved at 6:56:07 PM, on 3/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\Program Files\D-Link\Air Utility\AirCFG.exeC:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exeC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\Intel\Intel® Active Monitor\imontray.exeC:\WINDOWS\Logi_MwX.ExeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\... Read more

A:System Alert In Task Tray

Hello,Some remarks first..I notice that you have Weatherbug installed on your computer ? This is very much an ad-enabled application which in addition to providing current outdoor temperature information in the System Tray together with real-time weather alerts can also draw unwanted ads and popups to your computer.Our recommendation would be to uninstall it using the Add or Remove Programs feature in Control Panel.If you want a program which provides weather information there is an ad-free alternative to Weatherbug called WeatherWatcher which is available free from http://www.snapfiles.com/get/weatherwatcher.html.Of course this remains entirely your choice, but please be aware that if you decide to continue using Weatherbug, your computer will be at an increased risk of infection from malware.I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer during HijackThis CleanupThen, Download ResetTeaTimer.bat.Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the compute... Read more

Read other 6 answers
RELEVANCY SCORE 68

I cannot get rid of System Alert in tray. I have used AVG spyware, Adaware,and spybot, done in Safe Mode and regular. Have McAfee Subscription, and also scanned with Panda. Turned off system restore. Followed instructions on which items to check in Hijack. Have used ATF Cleaner. Used smitfraud fix and smitren fix. Still have all of these programs saved. Picked up this bug downloading a video which appeared to be windows media player.Panda Scan results follow Hijack Log belowPlease Help...Logfile of HijackThis v1.99.1Scan saved at 2:08:23 PM, on 4/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\CTsvcCDA.EXEc:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\svchost.exeC... Read more

A:System Alert In Tray/malware

Welcome to BC

Open Hijackthis, Click Open the Misc tools section Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Read other 1 answers
RELEVANCY SCORE 68

Found answer but can't find a way to delete the question!!!

A:System Tray Alert Time

I'll mark it as solved. In the futrue click on the icon upper right and then type solved in the box.

Read other 4 answers
RELEVANCY SCORE 68

I thought I removed the Trojan Downloader: win32/zlob but I have a new icon in my system tray. It is a question mark in a blue circle that flashes. It identifies it self as a ?System Alert!? but when clicked it launches my internet browser and takes me to a web site to down load SpyDawn. How can I get rid of this? (I use XP)

A:System Alert In Sytem Tray

BC has a Self-help Removal Guide for Spydawn. Follow the instructions and you should be able to remove it quickly:http://www.bleepingcomputer.com/forums/t/81275/how-to-remove-spydawn-removal-instructions/If you have any problems during the removal process, be sure to let us know so our Members can help you.Cheers,John

Read other 1 answers
RELEVANCY SCORE 68

HELP! VIRUS ALERT! in system tray!? no longer administrator
Hi I am having a problem with my computer. It happened yesterday. Every now and then I get "Virus Alert!" in system tray as well as white X with a red circled background. Also there are 3 links or programs on my desktop (Error Cleaner, Privacy Protector and Spyware&Protection). However that is only half of it. I initially had my C and D drives missing in My Computer as well as when I go to "Start" the All Programs tab is sometimes missing and most of the icons on the right hand side are gone. As well as the ability to "Run". I have just got a pop-up with the heading Windows Security Alert, which states:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Another pop-up saying:
Security Warning!

Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and EXE and Active-X objects. The Worm has its own SMTP which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP,... Read more

A:Virus Alert in system tray

To get Expert Help with malware removal:

I recommend that you read this article… ( Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? First steps;
IMPORTANT - Read This Before Posting For Malware Removal Help

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the
HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum;
not back here in this one.

When carrying out The 5 Steps,
IMPORTANT - Read This Before Posting For Malware Removal Help

if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Read other 1 answers
RELEVANCY SCORE 68

My browser seems to be hijacked and when on the internet I get unwanted pop ups and when surfing the web random pages open up without me doing anything. To the right of my clock on the bottom right it reads VIRUS ALERT!. Here is my main log from Deckerd Scanner System. Spybot keeps finding "virtumonde.dll virus".


Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-06-18 13:57:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
107: 2008-06-18 20:58:54 UTC - RP908 - Deckard's System Scanner Restore Point
106: 2008-06-17 15:55:54 UTC - RP907 - Windows Defender Checkpoint
105: 2008-06-17 00:10:45 UTC - RP906 - Last known good configuration
104: 2008-06-17 00:10:34 UTC - RP905 - Installed Adobe Reader 8.1.2
103: 2008-06-17 00:10:34 UTC - RP904 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-17 00:09:49 UTC - RP802 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-18 14:02:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: In... Read more

A:Virus Alert in System Tray!

Hi, welcome to tsf!

Please visit this webpage for download links, and instructions for running combofixl:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
__________

You're using an older version of Hijackthis. Please uninstall the older version via control panel > add/remove programs

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon tha... Read more

Read other 9 answers
RELEVANCY SCORE 67.6

My computer was infected by Spylocked. I have removed everthing to do with it except this icon which constantly switches from a DirectX icon to a warning triangle. Every so often a popup appears. It says that System Alert has detected harmful malwares etc on my computer. If clicked on either right or left click this site is brought up http://www.spylocked.com/?aff=334where they try to sell you a product called Spylocked. I seemed to have removed all except this icon/popup; I have searched the computer several times and can't find it. I'm in the middle of writing a major report which must be finished by the end of the month and I have lost 3 days to this already. Help!Logfile of HijackThis v1.99.1Scan saved at 13:57:13, on 26/05/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spool... Read more

A:System Alert Popup From An Icon In The Sys Tray

Download SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.exeDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Post back with the smitfraudfix log and a new HijackThis log

Read other 1 answers
RELEVANCY SCORE 67.6

howdy all,

i'm sick of xp's wireless status constantly reminding me (via alert windows) of the signals in the area. if i lived in africa, this might not matter, but i live in PDX, and we have signals everywhere.

i also use flashgot, and i don't want the "finished" alert from it either.

i know i can remove the flashgot icon from the tray, but i can't seem to keep the wifi icon off.

help?

thanks

b
 

Read other answers
RELEVANCY SCORE 67.6

Hi,I've had an infection. I researched and performed the combofix/recovery tool programs and seem to be back to normal. Can you please check these logs and make sure there are no traces? Thank you in advance**EDIT**I also seem to not be able to establish an internet connection. I can do so with other laptops(the one I'm on) on the same wireless network, but cannot with the infected one, still.HIJACKTHIS LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:55, on 8/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Common Files�... Read more

A:Virus Alert In System Tray By The Clock

I've ran everything I know of to run.

It says I am connected to my wireless router. But Firefox or IE won't connect to anything.

Any ideas. I'm desperate

Thanks

Read other 3 answers
RELEVANCY SCORE 67.6

There is a system tray alert (yellow triangle with an ! in the middle) flashing, stating there are different malware threats, viruses, worms, etc. Also, it will constantly bring up various websites every 2 minutes while connected to the internet.

The HiJackThis log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:21 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm... Read more

Read other answers
RELEVANCY SCORE 67.6

I am getting periodic appearances of a 'Windows Security Alert' icon in my system tray, telling me to go somewhere and download something. I assume this is a virus.I am running the latest version of Avira, with updates, and have scanned my sytem. It has not reported any viruses. I also went to the online scanner - Symantec Security Check - it didn't find any either.The 'Windows Security Alert' problem icon comes and goes.Here are the results of my scans, as per the instructions in the sticky thread:I see there is an entry -mRunServices: [TrojanShield Protector] c:\program files\trojanshield\Port.exe, but when I browse my drive, I do not see a trojanshield directory. could it be hidden?Also, it lists -STS: c:\windows\system32\cq16ea6yh.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\cq16ea6yh.dll, but I cannot find the cq16ea6yh.dll anywhere. I see that cq16ea6yh.dll is one of the files listed by Avira as being in quarantine (it is listed as the TR/PCK.Krap.AH.4 trojan). Could this DDS entry be a remnant of a previously detected and quarantined virus? or is it part of my current problem?DDS log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Ian at 21:22:44.29 on Sun 12/27/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.238 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}===========... Read more

A:Windows Security Alert - in system tray

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 67.6

I have a flashing icon in the system tray that looks like a green wheelchair alternating with a slashed circle.Every so often a red box pops up saying "Your computer is infected!", etc etc.Did some research but all the solutions I found referred to files I cannot find in the system32 folder. I don't have any entries for SpywareQuake on add/remove programs. The screenshots of other people's infections all seemed to have a green box but were otherwise the same.Here is my HT log:Logfile of HijackThis v1.99.1Scan saved at 2:14:58 PM, on 4/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\dcomcfg.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Mozilla Firefox\firefox.exeC:... Read more

A:Infected With System Tray Virus Alert

Hello and Welcome to the Forum.Download Killbox by Option^Explicit. Save it to your desktop.Restart your computer into safe mode now. Perform the following steps in safe mode:Double click the KillBox program to launch it Click on Tools>Delete Temp FilesSelect "Replace on Reboot" and "Use Dummy" from the left hand column. Next copy/paste the following into the "Full Path to Delete" box:

C:\WINDOWS\SYSTEM32\winowl32.dll
Click the Red Button with the White x on it. Click the "Delete File" button Reboot your computer==================================Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the you.

Read other 9 answers
RELEVANCY SCORE 67.6

Hi, although using bit defender, have had a virus pop up on my PC which I can't get rid of. I've looked at what I thought are the files causing the issue and removed with Hijack this but still can't remove this annoying pop-up from my tool bar which display that my PC is affected with a virus. Also, have a spyware toolbar added to Internet Explorer I can't get rid of (assume they are related). The pop up states to please use antimalware software to clean and protect my PC. Please if you have any advice to identify the files causing this would be a great help.

PC is running on Windows XP.

Many Thanks!

A:can't remove virus alert pop-up in system tray

Please follow the 5 Step process outlined here

Then download Hijackthis:
* Click here to download HJTsetup.exeSave HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Read other 8 answers
RELEVANCY SCORE 67.6

Here is my main.txt and extra.txt. Thank you so very much ahead of time for any and all assistance.

MAIN.TXT-

Deckard's System Scanner v20071014.68
Run by Steve on 2008-05-25 18:13:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2008-05-25 22:13:51 UTC - RP164 - Deckard's System Scanner Restore Point
24: 2008-05-25 21:07:06 UTC - RP163 - Installed McAfee VirusScan Enterprise
23: 2008-05-25 20:58:45 UTC - RP162 - Removed CodeZulu Bind Maker
22: 2008-05-25 16:43:48 UTC - RP161 - Software Distribution Service 3.0
21: 2008-05-25 15:39:31 UTC - RP160 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-23 23:15:09 UTC - RP140 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Steve.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14: VIRUS ALERT!, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system3... Read more

A:VIRUS ALERT! message in system tray...

Hi, welcome to TSF!

1.) You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

2.) Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

3.) Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove y... Read more

Read other 5 answers
RELEVANCY SCORE 67.6

i have SuperAntiSpyware, MalwareBytes, and Avira installed trying to remove the virus to no avail.they do not find anything.the PC that im running is an XP SP3 machine with AMD athlon 1800+ @ 1.53GHz , 256 MB DDR ramI also have an HJT log saved if neededDDS LOGDDS (Ver_09-12-01.01) - NTFSx86 Run by TomlinJ at 2:50:36.34 on Thu 03/04/2010Internet Explorer: 7.0.5730.11============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2uSearch Page = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uWindow Title = Microsoft Internet Explorer provided by CompaquSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uDefault_Page_URL = hxxp://start.earthlink.netuDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.htmluSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7uSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=mSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\com... Read more

A:VIRUS ALERT! in system tray clock

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the to... Read more

Read other 6 answers
RELEVANCY SCORE 66.8

I picked up a nasty bug this morning and have been battling it all day long. I've been down a similar road before and have thrown everything I can at it, spybot, ad-aware, AVG, stinger, you name it, I tried it. One thing that came up a lot was downloader.zlob, not sure if that means anything.Now I think I'm ready for a pro to take a look at the situation. If anyone can help, I would greatly appreciate it.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:52:05 PM, on 10/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\ups.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Program Files\Window... Read more

A:windiwsfsearch, "System Alert!" in system tray

Hey there. Since I haven't received a reply in over five days, I thought I'd take the opportunity to add a couple of pieces of information to the puzzle. I guess I should have mentioned that I am using XP SP3 and IE 7.I don't have that weird "system alert" symbol in the system tray anymore. I just ignored it and it went away. Wish that worked for cancer. It was probably more of a symptom than a cause.I tried to roll back using system restore with no luck, it wouldn't allow me to restore to an earlier restore point. System restore is currently off. I turned on tea timer and it blocked some registry changes.I'm having a lot of trouble with Hijack This. When it runs it slows way down while scaning 015 Trusted Zone Enumeration. I will try to unistall and re-install it.Now my HJT log looks different than it originally did.Here's my topic with the old log.Here's a current log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:40 AM, on 10/18/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\System32\svchost.exeC:... Read more

Read other 8 answers
RELEVANCY SCORE 66.8

Hello, over the past week I've attained the fake XP Security Center "scareware." I've already used Malwarebytes to address this issue, and for the most part, things are better. However, I realized that the fake notification in my system tray "Windows Security Alerts" is still present. When I click on it, it brings up the phony XP Security Center. The only way I know this is phony is because when I navigate to "Automatic Updates" through my Control Panel, it is already activated whereas, when I see the phony XP Security Center, it shows the Automatic Updates as turned off. I tried using SmitFraudFix through other online help, but the icon is still present. I just want to get rid of this. Also, is there any way to make sure I've taken care of all the fake XP Security Center problems without reformatting my computer? I'll be checking back at least once everyday (probably more, though), as my schedule is busy (whose isn't?) I'd really appreciate if someone could take me through this problem step-by-step. Thanks guys!

Also, I used Registry Booster to scan my registry and it showed that it was badly damaged. Of course, I couldn't fix the problem because the program only allows for up to 15 errors to be fixed . . . I had 200+

A:Fake "Windows Security Alert" in System Tray

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers
RELEVANCY SCORE 66.8

Hi I am having a problem with my computer. It happened yesterday. Every now and then I get "Virus Alert!" in system tray as well as white X with a red circled background. Also there are 3 links or programs on my desktop (Error Cleaner, Privacy Protector and Spyware&Protection). However that is only half of it. I initially had my C and D drives missing in My Computer as well as when I go to "Start" the All Programs tab is sometimes missing and most of the icons on the right hand side are gone. As well as the ability to "Run". I have just got a pop-up with the heading Windows Security Alert, which states:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Another pop-up saying:
Security Warning!

Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and EXE and Active-X objects. The Worm has its own SMTP which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista
Security Risk (0-5): 5
Recommendations: Click yes t... Read more

Read other answers
RELEVANCY SCORE 66.8

Three days ago I detected a virus/worm in my computer - [email protected] Since then I've read forums and downloaded anti-spyware programs that would remove it, and partially it did, but an icon still remains....which means that some spyware can be still in my computer.... The icon is a red circle with a red line across and it changes to a green handicapped symbol every second, which says "Your computer is infected! Critical System Error! System detected virus activities..." and I can't get rid of it.... So, I need your help... Thanks for your assistance.Susana MarinhoPortugalHere is my HijackThis log file Logfile of HijackThis v1.99.1Scan saved at 12:01:29, on 25-04-2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\crypserv.exeC:\Programas\ewido anti-malware\ewidoc... Read more

A:"virus Alert" Icon In My System Tray - [email protected]

Hello there, *It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! * Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs as a "RiskTool"; it is not a virus, but a program used to stop system processes.David

Read other 11 answers
RELEVANCY SCORE 66.8

I acquired the fake XP Security Center "scareware," used Malwarebytes, SpyDoctor, and SmitFraudFix, to try and remove the virus. Everything seems to be okay except that the fake "Windows Security Alerts" icon is still in my system tray (it's a red shield with a white x in the middle). Also, when I click the icon, it opens up a fake XP Security Center window that shows my Automatic Updates as "Turned Off." I know this window is phony because when I check the Automatic Updates through the Control Panel, it is on. (ADDED 3/28/11) The next time I turned on my computer, after the GMER scan, my cursor worked for a couple minutes, and then it became invisible; however, it was still functional, but I had to navigate carefully using highlighted text as reference points. It is now the next day, and I'm still having this problem.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kevin at 17:40:18.12 on Sun 03/27/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.253 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoo... Read more

A:Fake "Windows Security Alert" in System Tray

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 27 answers
RELEVANCY SCORE 66.8

i have an annoying pop up from my system tray. A small red shield with a cross which goes to a blue shield with a question mark then back again. The pop up says that my system has detected a number of spyware applications which may slow down the performance of my computer etc.
When i click the shield it takes me to this site http://www.spycrush.com/?aff=334.

Can anyone help?

I wish to get rid of this. i have tried Spyware Doctor without success.
 

A:Help to remove Security Alert popup in System tray

Hi, Welcome to TSG!!
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 66.8

Picked up this virus. Followed instructions and advice from other users and threads and used ComboFix. Seems to have worked. Greatful if someone could look at the attached log file and let me know if there is anything still there. Can't seem to connect to the internet though.

A:VIRUS ALERT! in System Tray and Missing Drives

Hello, bk_james
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on your syst... Read more

Read other 2 answers
RELEVANCY SCORE 66.8

Hi I am having a problem with my computer. It happened yesterday. Every now and then I get "Virus Alert!" in system tray as well as white X with a red circled background. Also there are 3 links or programs on my desktop (Error Cleaner, Privacy Protector and Spyware&Protection). However that is only half of it. I initially had my C and D drives missing in My Computer as well as when I go to "Start" the All Programs tab is sometimes missing and most of the icons on the right hand side are gone. As well as the ability to "Run". I have just got a pop-up with the heading Windows Security Alert, which states:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Another pop-up saying:
Security Warning!

Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and EXE and Active-X objects. The Worm has its own SMTP which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista
Security Risk (0-5): 5
Recommendat... Read more

A:Virus Alert! In System Tray, Pop-ups, No Longer Adminstrator

Hello there, welcome to BleepingComputer Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Download SmitfraudFix (by S!Ri)Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.Reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support.Once in Safe Mode, open the SmitfraudFix folder again. Double-click smitfraudfix.cmd.Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.... Read more

Read other 6 answers
RELEVANCY SCORE 66.8

Hi All,I have a "System Alert!" tray icon that brings up fake alerts. Here is the full text of the message:"System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution."I researched a number of topics like "How to Remove VirusHeat" or "How to Remover VirusProtect", but I cannot find any specified .dll files in system32 folder that would indicate a problem. Just as described, I, due to my stupidity, opened a "codec" that installed this crap on my computer. In particular, in Program Files I had "Web Technologies" folder that I managed to delete in the safe mode, however, the tray icon is still there. I also deleted all registries that had "Web Technologies" mentioned, but the damned tray icon is still there. It is the first thing that loads, even in the safe mode. It does not show up in Processes in Task Manager. When I click on the "alert" balloon, it launches Internet Explorer, but it does not load any pages with the fake spyware soft. It seems that I somehow killed most of this malware, but I still cannot get rid of the icon. Avast! and SpyBot do not find any problems.Here is the log if HijackThis. I will appreciate any advice on how to finish this malware off. Thank you!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:02:07, on 7/1... Read more

A:System Alert! Tray Icon, (virusprotect?, Virusheat? Don't Know)

Okay, it may have been Antivirus 2009 Hijack featured on the main page on today's bleepingcomputer.com and here:http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009. I did not find any .dll files specified there, but just in case, I downloaded and ran Malwarebytes that found some registry entries that remained and needed to be deleted. So, after Malwarebytes I restarted, and voila - the evil icon has gone. Thanks to www.bleepingcomputer.com!!

Read other 3 answers
RELEVANCY SCORE 66.8

Okay, I went to download some missing 'activeX slot' to view a movie online. I was decieved and ended up downloading something else. Now, a new icon has appeared on my system tray. It poses as an alert and says something along the lines of, "warning backdoor trojan has infected your pc click here for help with removal." however even if I click on the 'X' in the pop-up bubble or try to right click on the icon itself to try to close it out, a website loads in a new browser. The site is called 'spylocked' at url, http://www.spylocked.com/?aff=334. It is a pretty elaborate fake company that offers anti-virus protection programs for various styles of the windows os. the average preson thinks "ok free I'll click." If you do it downloads a executable file to your desktop that is a setup for another program. If you try to install this program some sort of infection is unleashed on your system. Luckily my norton protection caught this and stopped it before it was too late. This systray icon is accompanied by other ones that pop up a little more periodically but display similar alert messages, "system alert, malware threats", and take you to other elaborately fake 'help' websites. These sites download infections as well. Finally, I get pop-ups now saying, "get the latest virus protection here" while I never got a single pop-up before this whole thing started. If you follow the pop-ups you get yet more fake help sites with free software available.... Read more

A:Annoying Alert Bubbles, Constantly From My System Tray

Hello antles,Welcome to Bleeping Computer. The codec you downloaded is a trojan. Do this.You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Download SmitfraudFixExtract the content (a folder named SmitfraudFix) to your Desktop.Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run Ewido and update the definition files. On the main screen select the icon Update then select the Update now link. Next select the Start Update button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab. Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this Under Reports Select Automatically generate report after every scan Un-Select Only if threats were found Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet. Boot your computer into Safemode Go to Start> Shut Off your Computer> Restart As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly. This will bring up a menu. Use the Up and Down Arrow Keys to scroll up to SAFEMODE Then press the Enter on you... Read more

Read other 8 answers
RELEVANCY SCORE 66.8

I am currently using Zone Alarm's Firewall, I have Norton AntiVirus installed, and Ewido is installed with active-guard. Furthermore, I've run Stinger, AdAware, Spybot, ATF-Cleaner, RogueScan, and SmitRem.... I've tried numerous fixes, and I've also fixed several problems in HJT. I've done all of this in Safe Mode as well, and even turned off the system restore while rebooting, so that the problem wouldn't come back.. No fix I know of seems to eliminate this problem...Fortunately the problem is a little bit better than before...I now can control my web browser's startup page and it seems I've eliminated the spyware quake. I used to have uncontrollable pop-ups but those are gone. I've gotten rid of a trojan dropper and dialer. There was a triangular yellow caution sign in my system tray, associated with the popups and the Internet Explorer hijack, but that is gone now. The only thing that I can't get rid of is a little symbol in the system tray that flashes back and forth between what looks like a green handicap symbol (I honestly don't know what it's supposed to be) and a red "ban" symbol. When I hold my cursor over it it says "Virus Alert!" Every now and then red boxed messages appear telling me I am infected with spyware, trying to get me to go to a site and buy softare. In fact, it takes me to SpywareQuake.com...Any help you can give me is greatly appreciated.Here is my HJT log:Logfile of HijackThis v1.99.1Scan saved at 2:25:59 AM, on 4/15/... Read more

A:"virus Alert!" Icon Flashing In System Tray

Hello Harry83,Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. ______________________________ Please download the trial version of Ewido anti-malware 3.5 from here: http://www.ewido.net/en/download/ Install Ewido anti-malware. When installing, under Additional Options uncheck Install background guard and Install scan via context menu. When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok. The program will prompt you to update. Click the Ok button. The program will now go to the main screen.You will need to update Ewido to the latest definition files. On the left-hand side of the main screen click the Update Button. Click on Start.The update will start and a progress bar will show the updates being installed. Once finished updating, close Ewido. ______________________________ Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your ne... Read more

Read other 37 answers
RELEVANCY SCORE 66

Hi,

There is a virus in my machine( I guess), as there is a flashing icon in my system tray which flashes green and red. On mouse over of the icon says "Virus Alert!". On clicking on the icon gives the message -
Your computer is infected!

Critical System Error! This may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available softwares.

On Clicking on the message, takes you to http://www.spywarequake.com/?aff=247.

Please advise on how this icon and the associated program can be removed from the system.

Thanks,
 

A:Flashing Icon in system tray with Virus Alert message

Read other 9 answers
RELEVANCY SCORE 66

Not sure how this initially got here but I've been unsuccessful as of yet in removing it. I believe I removed the actual program that is installed from Ant-Vermins.com but I can't get rid of this system alert. I'm frustrated, what can I do?
 

A:Anti-Vermins.com - Persistent fake 'System Alert' in tray.

Read other 9 answers
RELEVANCY SCORE 66

Hey Guys,

I'm not too sure if this may be possible. I've done a bit of "googling" but the key words always bring up "how to move the taskbar" but that is not what I want....

Basically my monitor has developed a small leak down on the bottom right, nothing major, it can wait until I've saved up to get a nice new one. For now though I can't see my tray notification and more importantly the clock. Is there anyway to move the sytem tray (including the clock) further towards thw middle so that I can see it?

XP has been around for years so I would have thought someone would have come up with a way!

Thanks
 

A:Move the system tray NOT the taskbar

It's built into the program to always be on the right of the taskbar when horizontal (top or bottom) and the bottom of the taskbar when vertical (left or right side).
 

Read other 1 answers
RELEVANCY SCORE 66

Hi,I hope someone here can help with this.
For some reason,the taskbar on my desktop has gone from being on the bottom,to going along the left side.I tried to drag it back,but the best I could do was to get along it on the top.Any ideas as to how I can get it back to the bottom?I tried dragging it all over the place,but it just won't go to the bottom.
It's running win 2000.Thanks.
 

A:Solved: Taskbar/system tray

Not sure if it's the same in Win2K, but won't hurt to try.

Right click on the taskbar and make sure "Lock The Taskbar" is unchecked, then just left click and hold on a blank area in the taskbar and drag it to the bottom, Lock it again when your done.
 

Read other 2 answers
RELEVANCY SCORE 65.2

Hi All --Last weekend I caught what I believe was a case of mssearchnet + nvctrl and perhaps spyfalcon. Using the advice of this site (awesome, thanks!) and some others, I've managed to be back to normal with one really annoying exception: the "Virus Alert!" flashing icon and occassional message ("Your computer is infected! Critical system error! blah blah blah"). The icon is the green wheelchair icon flashing over to the "ban" icon - red circle, single red line running through it. Interesting to note that no link appears to be functioning in the pop-up box. It's just flashing and popping up every so often. I've gone through many other posts on this and have run the following (in safe mode as well as normal boot mode): ad-aware, spybot, ewido, panda, mcafee, stinger. After every re-boot, I'm still greeted by the unwelcome flashing icon. I disabled system restore early in the process as well. Can someone take a look at my HiJack and SmitFraud logs? Much thanks in advance!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of HijackThis v1.99.1Scan saved at 9:43:50 PM, on 4/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\W... Read more

A:"virus Alert!" Icon Flashing In System Tray - Other Issues Solved

...I did a bit more research and looks like the line from the SmitFraud log held the key:

C:\WINDOWS\system32\suprox.dll FOUND !

Sooooo.....

Booted into safe mode, renamed it, deleted it, and now all seems to be fine.
Even though I didn't have any direct contact with the mods on here, I did learn a whole lot scrolling through these posts. I think this site really provides a great service (especially for the price)! Thanks.

Read other 3 answers
RELEVANCY SCORE 65.2

My Husband opened an Email that instructed him to update 'Quick Time'. He, so trusting, clicked this. Ever since we have a Blinking Yellow Exclemation Point in the Tray, a Windows Pop-Up that tells us we have Malware (obviously it IS the Malware), Then every minute or so Internet Explores logs itself on and tries to connect to some internet page //www.onlinestability.com//. I am not sure what Virus it is so am havig no luck doing searchs on it.

I did the 'pre' stuff from the preperation page (Ad-aware, Spy-bot etc). I do still need to update my Internet Explore. Norton comes back Clean, Stinger and HouseCall came back clean. But, I still have the issue.

Here is the HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 9:15:23 PM, on 3/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SN... Read more

A:System Alert In Tray, 'fake' Malware Pop-up And Internet Being Logged On And Redirect

Hello,My Husband opened an Email that instructed him to update 'Quick Time'When updates are send via mail, never trust this, because as you've noticed, this was a malware installer. Your Hijackthislog is incomplete. I am missing the bottom part.Also, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.So I strongly advise to unzip/extract hijackthis.zip.Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlCreate a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.How do you make a permanent folder:Click My Computer, then C:\ and then on Program Files.In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.And as an extra instruction, Can you rename Hijackthis.exe to Analyse.exeThen scan with Analyse.exe and post the log in your next reply (which will be a hijackthislog ofcourse)

Read other 16 answers
RELEVANCY SCORE 65.2

I've been trying to get rid of this for days now. Read 100s of googled pages and tried every
anti-virus/malware software removal tool recommended. Nothing has succeded, the trojan
keep reinstalling itself somehow and appearing as a Red Ball with Exclamation in the Sys Tray
on the lower right desktop.

Hovering a cursor over it only yields two choices, Open or Ignore.
If you open it, Security Warning window pops up, with Spyware Detection Alert
as the header. There is then some phoney "Your system might be infected" wording,
then 2 buttons to choose from, Full Scan or Learn More.

If the internet connection is left on, and the MSIE browser open,
it eventually starts throwing unwanted advertising windows.

This started out as a mistakenly installed WinAntiVirus malware, which
persisted through DOZENS of attempt at removal.

I've run the following software at least 10 different times, in both SafeMode
and Normal.

Windows Defender (Beta 2) does not find anything.

VundoFix V6.2.8 found some stuff early on, but removed it and now finds nothing

SpyBot S+D 1.4 found instances of SmitFraud Toolbar, claimed to have removed them, but they
kept re-appearing after rebooting.
I used the Process Explorer software to try and find the Threads in the
WinLogon.exe to kill as suggested, killed what seemed to be the random generated dlls,
but it didn't work. Trojan systray kept re-appearing after reboot.
Now it finds nothing on scan.

AdAware SE Personal 1.06r1 will no longer up... Read more

A:Impossible Smitfraud , Winantivirus, Spyware Detection Alert, System Tray

Logfile of HijackThis v1.99.1Scan saved at 1:03:15 AM, on 11/8/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\SYSTEM32\Rpcnet.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\Windows Media Connect\mswmcls.e... Read more

Read other 7 answers
RELEVANCY SCORE 65.2

Ive tried smitfraud and everything. I have webroot spysweeper but nothing seems to work. I tried the going into safe mode and smitfraud procedure but nothing seemed to work. Im posting my HJT Log below...Please someone help.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:49 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\dllcache\win32\winlogon.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\windows\system32\dllcache\win32\csrss.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
D:\Program Files\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Secretmaker\secretmaker.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\... Read more

A:Solved: Virus Alert Flashing Icon in system tray....need help desperatly..Pls

Read other 16 answers
RELEVANCY SCORE 65.2

Hi,

Recently i got a spyware attach where my laptop is flooded with lots of popups and also start button has disabled lot of buttons. After following the steps posted in the forum task manager is now working and there are no more popups. Now i have following issues.

1. There is VIRUS ALERT! in the system tray
2. System is bit slow
3. Disk Drives are not visible but when i run windows explorer i can see
4. Start button missing lot of entries
5. No access to Control Panel through start

Below is the HijackThis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13: VIRUS ALERT!, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco System... Read more

Read other answers
RELEVANCY SCORE 65.2

Hi All,
I am getting a popup in the system tray with a wheelchair and no sign. It tells me I have a Virus. When I go home in Internet Explorer I it changes from about:blank to .safetyuptodate.net/ It will not allow me to change the url.

Photo of item in systemtray


Latest Logfile below. Can you help?


Logfile of HijackThis v1.99.1
Scan saved at 9:46:36 AM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common File... Read more

A:HiJackThis Log File - Virus Alert In System Tray - http://www.safetyuptodate.net

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba

Read other 9 answers
RELEVANCY SCORE 65.2

system tray triangle alert adware need help removing

i have used adaware and avg detected a few baddies have remove but system tray still have this annoying pop up triangle exclamtion mark icon and once a while will say your system alert: malware threats ,,, please help me... i have hijack this log below
i think i have stoped the process from the task manager the process call isnotify.exe in c:\ windows/system32 and have manually delete it not sure i have done the right thing, also I have then sorted all the files that was installed that time and remove them... into recycle bin, at the moment no more pop up but if I can get some expert opinion anything I else ,eg dll files I need to remove?

much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 1:16:10 PM, on 25/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Mozilla Firefox\firefox.ex... Read more

A:Solved: system tray yellow triangle exclamation alert how to stop it.

Read other 9 answers
RELEVANCY SCORE 65.2

Hi...just recently when i started my computer up..and after windows loaded...there was just my background...all my icons & task bar & system tray were gone. The only way i could turn my computer off was manually....than i waited a bit..and when i started it again..windows did a disk check..than when it loaded again..all my icons & other stuff were back. But when i restart it or turn it off & than turn it on next day...its same thing again..just a background...so it looks like the only way my icons come back is when windows does a disk check.
Whats causing my computer to do this? I've had problems with trojan horse virus's recently...dont know if its related. I hope somebody out there can help me solve this problem.

Thanxs in advance
 

A:Solved: No icons or taskbar & system tray...need help!!

Read other 12 answers
RELEVANCY SCORE 65.2

i am running windows xp and i am having a problem. the whole task bar at the bottom of the screen has dissappeared, start menu and system tray and all. ever since then i cant use internet explorer. it will open and close immediately. i have run a thorough check on spybot and run my norton as well. does anyone know how to get this back?

A:Start Menu, Taskbar And System Tray

Try this first:My Taskbar is missing and I have no Start button - what do I do?My Taskbar disappeared and other simple tweaks

Read other 1 answers