1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Red Circle with White X

Discussion in 'Virus & Other Malware Removal' started by Cez77, Sep 6, 2008.

Thread Status:
Not open for further replies.
  1. Cez77

    Cez77 Thread Starter

    Sep 6, 2008

    I am a college student and today when I woke up I logged onto my computer and it turns out I cannot use google. When I search and click on a result I am redircted to another search site with the URL go.google. My room mate was online last night and must of picked this virus up somewhere.

    I've run AVG and Spybot and neither show any infections. I googled this on my laptop (which I am on now) and read about software call Malwarebytes. I download this, put it on a USB drive and went to put it on my desktop and I come to find that the computer has froze up. Now I cannot log on in normal mode so I have to boot in safe mode. When I do this and instal the new software I find that I cannot update the program because the computer cannot connect to the internet.

    I do not know what to do. There is so much important stuff on my computer that has not been backed up to the chaos involving my move to college. I have never used HJT and do not have it on my desktop nor can I get it because I cannot connect to the internet.

    Please... any help would be amazing.

    EDIT: At the moment I am running avg in safe mode and Malwarebytes without the update in safe mode.
  2. cybertech

    cybertech Retired Moderator

    Apr 16, 2002
    Hi, Welcome to TSG!!

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  3. Cez77

    Cez77 Thread Starter

    Sep 6, 2008
    Hello again,

    So it seems that I have picked up another Malware. I am constantly getting a pop up that says my computer has been infected. My task manager was disabled but I was able to get it back up. From what I've read this is either SpySheriff or SpyAxe but I cannot find any of the processes that come along with this malware and my desktop has not been changed.

    I have HiJackThis but it refuses to open. I reinstalled it and it still refuses to open. I renamed it... still no response. I get "Windows Firewall" Alerts of about 20 different trojan and they all open a page asking me to buy software.

    I know that I am supposed to attach a log but I have explained why I cannot do that. Please please please help...


    EDIT 1: Also - If I click the red circle it pulls up what looks like cmdprompt and has something about WINI10~1.exe. As I am typing this i got a windows security alert saying I am infected with Trojan-Spy.Win32.KeyLogger.aa but the "enable protection" just takes me to a bogus website Smart Soft Reviews.

    EDIT 2: I am now being bombarded with AVG notifications. Newest one is in windows/system32/dllcache/beep.sys. says its Trojan Horse Agent.3.R

    EDIT 3: Windows File Protection just came up. Says that my files have been replaced and I need to insert my Windows CD. I am afraid to restart my computer or turn if off.PLEASE HELP ME!
  4. cybertech

    cybertech Retired Moderator

    Apr 16, 2002
    Download SDFix and save it to your Desktop.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • Open the c:\SDFix folder and double click RunThis.cmd to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back to the thread with a HijackThis log.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/758076

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice