[RosemaryV]

I have Windows XP and now on the bottom right toolbar it says VIRUS ALERT! I tried to click on it and the clock just comes up. Should I worry about this? I am using AVG 8.0 and Windows Defender and Super Anti Spyware. I am concerned that I have a virus and I also don't know how to get rid of the words VIRUS ALERT! if it means nothing. Help!

[piano9playa5]

It sounds to me like you have a rogue anti virus program. It is a type of adware that scares you into purchasing their product by giving flase warnings.

Quote:

Go here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.

Post your log and description of the problem in the malware removal forum and be patient. However I must say that I am surprised that SuperAntiSpyware didn't remove it.

[Corgi]

This is very new thing, affecting lots of computers. The worst happened to mine and I still have not recover completely. You have been infected with the Smitfraud virus....

You need to download the smitfraudfix program and follow the instructions to a T. You also need superantispyware professional.

Likely you also have been infected with other things... as I have.

I am bringing in my computer to a technicians tomorrow.

Here is a more detailed explanation of how to fix your clock problem:

Smitfraud attacks show fake antispyware programs popups on your screen and/or a balloon popup from the windows system tray displaying a warning message that your computer is infected with spyware (here it is falsely calling it worm.win32.netbooster) and telling you to purchase, download & install their program to remove it. Often, it will hijack your desktop and publish a warning message in big letters (with their weblink) on your desktop wallpaper. The infection will usually alter the settings of your current virus protection software (including Norton and McAfee) and render it powerless to delete the infection. The Smitfraud application will also typically disable your ability to launch the task manager with the alt-ctrl-del keys, too.

DO NOT BUY THE ANTISPYWARE PROGRAM THAT IS BEING ADVERTISED ON YOUR WALLPAPER AND IN THE POPUPS. The creator of the bogus popups is an affiliate of the particular antispyware program they are promoting, so each time an unsuspecting user purchases the advertised program in hopes of removing the trojan the person behind the attack gets paid. Not a very ethical way of selling an antispyware, antivirus, or other computer pest removal product.

Here is the 100% FREE solution I found on http://www.bleepingcomputer.com that worked for me:

1. Download and install the Smitfraudfix tool in the link below.
http://siri.urz.free.fr/Fix/SmitfraudFix...

2. Download and install Super Antispyware. Update definitions.
http://www.superantispyware.com/

3. Run both programs (Smitfraudfix first) after you start your operating system is in safe mode. Follow the instructions carefully for Smitfraudfix. Allow Super Antispyware to quarantine whatever it finds.

To learn how to run your operating system in safe mode:
http://www.bleepingcomputer.com/tutorial...

3. Reboot in normal mode. Run the Bit Defender online scan (no download necessary). Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

4. Download and run RogueRemover. Select "Scan" and follow the steps indicated. It didnt find anything for me, but it comes highly recommended.
http://www.malwarebytes.org/rogueremover...

You can continue to follow-up with Spybot and AdAware if you desire. Of course, you should also keep your regular anti-virus software up-to-date and scan regularly; hopefully it will be working well again after the infection is removed. Be sure to restore the settings which the Smitfraud program altered. Smitfraud apps are quite nasty, and it may take a while to remove all traces.

Good luck!

[RosemaryV]

I just did a HiJack This log and will post to malware removal - I hope I did it correctly. I don't think I could do all the things Corgi suggested so will post my HiJack This list first.
Thanks for any help

[Byteman]

Hi, I know we are very outnumbered, and sometimes quite slow to respond to threads... but this thread is only a few days old.
And:

Although several of the replies here have the correct idea as to how to go about removing the rogue spyware program, I think those who replied to this person's first post should be aware of this:

Quote from the TechSupportGuy site rules:

Quote:

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.

Here's a link to where you can get training:

http://library.techguy.org/wiki/Beco...alware_Removal

It would be great if some of you that may have the time and energy could enroll and help with the tons of malware threads we get!

And> Since the original poster has started a new thread in Malware Removal and posted her HJT log there, I'm closing this one.