Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

"Your computer is infected!" pop-up

(New)
(!)

llopez704's Avatar
llopez704 llopez704 is offline
Computer Specs
Junior Member with 1 posts.
THREAD STARTER
 
Join Date: Mar 2008
Location: NC
Experience: Intermediate
16-Mar-2008, 02:33 PM #1
Unhappy "Your computer is infected!" pop-up
I keep getting a pop-up in my system tray that says "Your computer is infected! Windows has detected spyware infection!" The red circle with an X sits in my tray. I can no longer run HiJack This, not even in Safe Mode, so I cannot post that log. I have searched various forums to find a KillBox.exe and a ComboFix.exe; neither of which will run.

I have run a registry cleaner, which was able to clean up various .dlls and keys. I have run a scan from TrendMicro's website, which cleaned up a trojan, some adware, and some ActiveX controls. I ran Microsoft's Malware tool, which found nothing.

Any ideas on how to rid my system?!?!?!?!?!?!
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware.   Byteman has a birthday soon! Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,391 posts.
 
Join Date: Jan 2002
Location: NY
16-Mar-2008, 02:59 PM #2
Hi,

http://www.radiosplace.com/

On your left side, in the blue list menu, Hijackthis.exe

We can try this older standalone version of Hijackthis, to use to see a log until we can get the new one to run:

this is a standalone .exe> as soon as you get it downloaded, rename hijackthis.exe to tool.exe and try to get the log for us...it will work the same way. Don't open it, make sure you download it onto your desktop and then, double click tool.exe or whatever you rename it to, select Scan and Save a log, and copy and Paste the log into a reply here.
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!

Last edited by Byteman; 18-Mar-2008 at 02:50 AM..
stylez79's Avatar
stylez79 stylez79 is offline
Computer Specs
Member with 45 posts.
 
Join Date: Mar 2008
Experience: Intermediate
17-Mar-2008, 10:53 AM #3
{Edited by Moderator}-Hi stylez79>> I have removed what you posted here.

I'm sorry but our site has a Rule that no one may assist with removing/ cleaning malware unless qualified with TSG forum permission. There are specific removal tools we use for this infection, they are the best way to attack this. I am posting the Rule here, so you have it as a guide-

Also, we have all the tools, with download links, available here:

http://forums.techguy.org/general-se...elp-tools.html

And, throughout the security sections, there are links to just about every removal tool and protective or cleaning tool known. We have had to put restrictions in place, about malware removal, due to the newer infections that require cleaning with advanced special tools- that's one additional reason. These tools carry some special directions, and we also reccommend that they only be used with our help.


Quote:
Originally Posted by TSG
Only members who are deemed qualified to remove malware may post to security related threads. These members can be easily recognized by a gold shield or a blue shield (indicating a trainee) that will appear next to their user name.

A paragraph has also been added to the forum rules that reads as follows:

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.

Last edited by Byteman; 18-Mar-2008 at 02:57 AM..
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware.   Byteman has a birthday soon! Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,391 posts.
 
Join Date: Jan 2002
Location: NY
18-Mar-2008, 02:49 AM #4
Hi llopez704

Have you been able to get Hijackthis to run?

Please try what I have in my reply and post the log if you do.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,881 posts.
 
Join Date: Aug 2003
18-Mar-2008, 09:17 AM #5
Quote:
Originally Posted by {Edited by Moderator}
-Hi stylez79>> I have removed what you posted here.

I'm sorry but our site has a Rule that no one may assist with removing/ cleaning malware unless qualified with TSG forum permission. There are specific removal tools we use for this infection, they are the best way to attack this. I am posting the Rule here, so you have it as a guide-

Also, we have all the tools, with download links, available here:

http://forums.techguy.org/general-se...elp-tools.html

And, throughout the security sections, there are links to just about every removal tool and protective or cleaning tool known. We have had to put restrictions in place, about malware removal, due to the newer infections that require cleaning with advanced special tools- that's one additional reason. These tools carry some special directions, and we also reccommend that they only be used with our help.
Just wanted to be sure you saw this. To elaborate, while it's fine to have the link to your site in your signature, we like to see that people are here to help others and not solely for the purpose of gaining exposure and more traffic for their own sites.
__________________
Microsoft MVP - Consumer Security
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware.   Byteman has a birthday soon! Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,391 posts.
 
Join Date: Jan 2002
Location: NY
19-Mar-2008, 03:13 PM #6
Quote:
Originally Posted by Byteman View Post
Hi llopez704

Have you been able to get Hijackthis to run?

Please try what I have in my reply and post the log if you do.
Compaq__'s Avatar
Compaq__ Compaq__ is offline
Computer Specs
Member with 458 posts.
 
Join Date: Mar 2008
Location: noyb
Experience: Advanced
19-Mar-2008, 04:28 PM #7
This could be caused by the messenger service in Windows. If you run Windows Update and get all of the latest security patches, this should stop. It's basically just "Instant Messenger SPAM" that is broadcast out across the net. Good possibility this is the problem.

Load those security patches. I see this all the time.
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware.   Byteman has a birthday soon! Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,391 posts.
 
Join Date: Jan 2002
Location: NY
19-Mar-2008, 04:49 PM #8
Hi Compaq__
This infection is well-known, and is the SmitFraud, or Privacy-Danger, fake alert, we have been dealing with this for a very long time...

The poster cannot execute any files.... he may not be able to even post a Hijackthis log, but I am having them try. Most likely, he will not be able to install patches.... I would have them try some of the removal tools for it, but probably they won't run, either...

I would like to see a Hijackthis log, first though....



Also> this site has a Rule about who may post advice when dealing with malware cleaning....this thread obviously is. You may not have seen the Rules section, so here it is:

Quote:
Originally Posted by TSG
Only members who are deemed qualified to remove malware may post to security related threads. These members can be easily recognized by a gold shield or a blue shield (indicating a trainee) that will appear next to their user name.

A paragraph has also been added to the forum rules that reads as follows:

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.
Compaq__'s Avatar
Compaq__ Compaq__ is offline
Computer Specs
Member with 458 posts.
 
Join Date: Mar 2008
Location: noyb
Experience: Advanced
19-Mar-2008, 06:47 PM #9
Saw it. LOL Yes, very familiar with this type of issue. Didn't see him say he can't run executables. From his description sure looks like the old messenger service spam...no tools required to fix that. Just runnin those security patches...
That's my observation...not advice.

Last edited by Compaq__; 19-Mar-2008 at 06:56 PM..
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware.   Byteman has a birthday soon! Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,391 posts.
 
Join Date: Jan 2002
Location: NY
19-Mar-2008, 07:35 PM #10
Hi Compaq- No, this isn't Messenger spam, though that does give popups. This is an infection, part of the trojan Zlob. or Smitfraud family, of which there are quite a few variants.

One of the symptoms, is the red X, in the system tray, as well as a large notice on your screen proclaiming it's bogus message.

Here is a page about this very similar family:

http://www.dslreports.com/faq/seclean?text=1 <Scroll down to where it has

"Screenshots of Desktop Hijack" for good examples of this trojan.


http://fix-slow-computer.com/index.php?s=delete

http://www.wilderssecurity.com/showthread.php?t=75890 screenshot of one type

http://www.smokey-services.eu/forum/...pic.php?t=2035


About not being able to run executables: Seems it is mostly, antimalware tools that will not run- and actually, we see quite a few of these infections that can disable Hijackthis, plus other security programs.....perhaps not ALL executables, my mistake there... There are some things we can have them try, that will let them post a Hijackthis log, and run tools.

Still, you are not authorized to post removal advice here at TSG- this person has to clear up this infection before being sent off to do a lot of Windows Updates....

See the Quoted information for directions to try and become qualified here at this forum, if you would like to help with malware cleaning.

You will see from the links I posted, that the infection is this type...


Quote:
Originally Posted by llopez704 View Post
I keep getting a pop-up in my system tray that says "Your computer is infected! Windows has detected spyware infection!" The red circle with an X sits in my tray. I can no longer run HiJack This, not even in Safe Mode, so I cannot post that log. I have searched various forums to find a KillBox.exe and a ComboFix.exe; neither of which will run.

I have run a registry cleaner, which was able to clean up various .dlls and keys. I have run a scan from TrendMicro's website, which cleaned up a trojan, some adware, and some ActiveX controls. I ran Microsoft's Malware tool, which found nothing.

Any ideas on how to rid my system?!?!?!?!?!?!

Last edited by Byteman; 19-Mar-2008 at 08:06 PM..
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware.   Byteman has a birthday soon! Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,391 posts.
 
Join Date: Jan 2002
Location: NY
19-Mar-2008, 07:53 PM #11
Hi llopez704

Please ignore the posts between Compaq_ and myself and try what I have below:

Hi,

http://www.radiosplace.com/

On your left side, in the blue list menu, Hijackthis.exe

We can try this older standalone version of Hijackthis, to use to see a log until we can get the new one to run:

this is a standalone .exe> as soon as you get it downloaded, rename hijackthis.exe to tool.exe and try to get the log for us...it will work the same way. Don't open it, make sure you download it onto your desktop and then, double click tool.exe or whatever you rename it to, select Scan and Save a log, and copy and Paste the log into a reply here.

If that does not work for you: First, delete any copies of ComboFix.exe you have now


Quote:
NOTE>>!Very important!! I want you to rename Combofix.exe as you download it to a name of your choice like such as ben.exe. It is very important that save the newly renamed EXE file to your desktop, so it appears right on your screen area.

*****Download link is below, read all of this, before you attempt to download or use ComboFix!!*****

You must rename Combofixe.exe as you download it and not after it is on your computer.

You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
Open Firefox
Click Tools -> Options -> Main
Under the downloads section check the button that says "Always ask me where to save files".
Click OK



For Internet Explorer:
Choose to save, not open the file
When prompted - save the file to your desktop, and rename it anything with an .exe extension on the end.
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**



Once you have the renamed ComboFix file on the desktop:

It's important that you do turn off the protective programs such as antivirus, and the ones mentioned in the link below, so do go there and act on that advice!

Please read all through the info so you know what will be done.
Here are directions etc but I also have them below:
http://www.bleepingcomputer.com/comb...o-use-combofix

There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.
Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------

  3. Double click on combofix.exe & follow the prompts.
  4. When finished, it will produce a report for you.
  5. Please post the "C:\ComboFix.txt" in your next reply..And, after you are done posting the log from ComboFix....run Hijackthis again, Scan and Save a Log....post the brand new log
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑