1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

RE: Flashing icon regurgiated

Discussion in 'Virus & Other Malware Removal' started by petral8, Feb 10, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. petral8

    petral8 Thread Starter

    Joined:
    Feb 10, 2007
    Messages:
    6
    I am experiencing same problem as previous posters but could not find a solution, or maybe am looking in wrong place. Just removed Anti Vermins with XoftSpySE -- went ahead and purchased it after reading where it was highly recommended. The primary problems are gone and computer is running much faster. However, the stupid flashing red/slash icon in the lower right tray is DRIVING ME NUTS! Any fairly easy way to get rid of it without buying any more antivirus or spyware programs?
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  3. petral8

    petral8 Thread Starter

    Joined:
    Feb 10, 2007
    Messages:
    6
    MFDnSC -- First off, thanks for reply. Here's what happened:
    Got in safe mode as directed, double-clicked smithfraudfix.cmd and entered "2" for clean. It went thru its thing -- "killing process" -- for a minute or two, then returns to mithfraudFix folder with 12 items in contents, including smithfraudfix.cmd. Did not receive any prompts or result details, so I repeated process. Still no prompts, so I restarted and irritating flashing red-slash mark icon is now gone. I am not sure what happened or if it is temporary. I still get Windows Security Alerts that Panda virus protection is off, but they are much less frequent and I don't recall messing with that much in the past.
     
  4. petral8

    petral8 Thread Starter

    Joined:
    Feb 10, 2007
    Messages:
    6
    Forgot to mention that wallpaper returned, so removal is incomplete? Do I need to return to safe mode to punch in C:\repport.txt?
     
  5. petral8

    petral8 Thread Starter

    Joined:
    Feb 10, 2007
    Messages:
    6
    Sorry -- perhaps I am a notch below intermediate -- typed C:\rapport.txt in Firefox address window and this came up:

    SmitFraudFix v2.141

    Scan done at 21:34:52.04, Sat 02/10/2007
    Run from C:\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    206.161.200.105 www.your.com
    206.161.200.105 your.com
    206.161.200.103 www.kinghost.com
    206.161.200.103 kinghost.com
    206.161.200.103 www1.kinghost.com
    206.161.200.103 www2.kinghost.com
    206.161.200.103 www3.kinghost.com
    206.161.200.103 www4.kinghost.com
    206.161.200.103 www5.kinghost.com
    206.161.200.103 www6.kinghost.com
    206.161.200.103 www7.kinghost.com
    206.161.200.103 www8.kinghost.com
    206.161.200.103 www9.kinghost.com
    206.161.200.103 www10.kinghost.com
    206.161.200.103 www1.ndhosting.com
    206.161.200.103 www3.ndhosting.com
    206.161.200.103 www2.ndhosting.com
    206.161.200.103 www.ndhosting.com

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  7. petral8

    petral8 Thread Starter

    Joined:
    Feb 10, 2007
    Messages:
    6
    Hopefully this is what you were looking for:

    SUPERAntiSpyware Scan Log
    Generated 02/11/2007 at 11:31 AM

    Application Version : 3.5.1016

    Core Rules Database Version : 3165
    Trace Rules Database Version: 1176

    Scan type : Complete Scan
    Total Scan Time : 00:47:09

    Memory items scanned : 393
    Memory threats detected : 0
    Registry items scanned : 4863
    Registry threats detected : 13
    File items scanned : 46110
    File threats detected : 68

    Adware.Tracking Cookie
    C:\Documents and Settings\Pete\Cookies\[email protected][2].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][3].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][2].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][2].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][2].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][2].txt
    C:\Documents and Settings\Pete\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][2].txt
    C:\Documents and Settings\Alex\Cookies\[email protected][1].txt
    C:\Documents and Settings\Pete\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][2].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][1].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][1].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][1].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][1].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][1].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][2].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][2].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][2].txt
    C:\Documents and Settings\Trina\Cookies\[email protected][1].txt

    Trojan.Media-Codec
    HKCR\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
    HKCR\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\InprocServer32
    HKCR\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\InprocServer32#ThreadingModel
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}

    Malware.SystemDoctor
    C:\DOCUMENTS AND SETTINGS\PETE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\H3J48O6O\SYSTEMDOCTOR2006FREEINSTALL[1].EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1676\A0184618.EXE

    Adware.DelFin Project/PromulGate
    C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\1CEC8A2D-482C-468C-BE9B-D79DC9\0893E58A-8FB6-469B-A14A-3B0165
    C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\1CEC8A2D-482C-468C-BE9B-D79DC9\97E916F1-56DA-4A0B-AFFA-A84513

    Adware.Starware
    C:\PROGRAM FILES\SCREENSAVERS.COM\INSTALLER\TEMP\PLTBINST.EXE

    Malware.PestCapture
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1673\A0184224.EXE

    Trojan Downloader-SystemAlert.Process
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1676\A0184743.DLL

    Malware.AntiVermins
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1676\A0184744.EXE
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yep now post a new hijack log

    IE - Block Third party cookies
    1. Click on the Tools button on the Internet Explorer tool bar.
    2. Highlight and click on Internet options at the bottom of the Tools menu.
    3. Select the Privacy Tab of the Internet Options menu.
    4. Select the Advanced... button at the bottom of the screen.
    5. Select override automatic cookie handling button.
    6. To block third party cookies select block under "Third-party cookies".
    7. Select "always allow session cookies".
    8. Click on the OK button at the bottom of the screen.
     
  9. petral8

    petral8 Thread Starter

    Joined:
    Feb 10, 2007
    Messages:
    6
    Thanks again, MFD. Did as you advised. I primarily use Firefox-- is there something similar under "Tools," "Options," etc.?
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Post a hijack log

    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Scroll down to the download section

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Flashing icon regurgiated
  1. Dano2
    Replies:
    0
    Views:
    676
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543025

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice