1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"Your computer is infected!" pop-up

Discussion in 'Virus & Other Malware Removal' started by llopez704, Mar 16, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. llopez704

    llopez704 Thread Starter

    Joined:
    Mar 16, 2008
    Messages:
    1
    I keep getting a pop-up in my system tray that says "Your computer is infected! Windows has detected spyware infection!" The red circle with an X sits in my tray. I can no longer run HiJack This, not even in Safe Mode, so I cannot post that log. I have searched various forums to find a KillBox.exe and a ComboFix.exe; neither of which will run.

    I have run a registry cleaner, which was able to clean up various .dlls and keys. I have run a scan from TrendMicro's website, which cleaned up a trojan, some adware, and some ActiveX controls. I ran Microsoft's Malware tool, which found nothing.

    Any ideas on how to rid my system?!?!?!?!?!?!
     
  2. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    Hi,

    http://www.radiosplace.com/

    On your left side, in the blue list menu, Hijackthis.exe

    We can try this older standalone version of Hijackthis, to use to see a log until we can get the new one to run:

    this is a standalone .exe> as soon as you get it downloaded, rename hijackthis.exe to tool.exe and try to get the log for us...it will work the same way. Don't open it, make sure you download it onto your desktop and then, double click tool.exe or whatever you rename it to, select Scan and Save a log, and copy and Paste the log into a reply here.
     
  3. stylez79

    stylez79

    Joined:
    Mar 16, 2008
    Messages:
    45
    {Edited by Moderator}-Hi stylez79>> I have removed what you posted here.

    I'm sorry but our site has a Rule that no one may assist with removing/ cleaning malware unless qualified with TSG forum permission. There are specific removal tools we use for this infection, they are the best way to attack this. I am posting the Rule here, so you have it as a guide-

    Also, we have all the tools, with download links, available here:

    http://forums.techguy.org/general-security/603629-security-help-tools.html

    And, throughout the security sections, there are links to just about every removal tool and protective or cleaning tool known. We have had to put restrictions in place, about malware removal, due to the newer infections that require cleaning with advanced special tools- that's one additional reason. These tools carry some special directions, and we also reccommend that they only be used with our help.


     
  4. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    Hi llopez704

    Have you been able to get Hijackthis to run?

    Please try what I have in my reply and post the log if you do.
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,667
    Just wanted to be sure you saw this. To elaborate, while it's fine to have the link to your site in your signature, we like to see that people are here to help others and not solely for the purpose of gaining exposure and more traffic for their own sites. :)
     
  6. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
     
  7. Compaq__

    Compaq__

    Joined:
    Mar 18, 2008
    Messages:
    458
    This could be caused by the messenger service in Windows. If you run Windows Update and get all of the latest security patches, this should stop. It's basically just "Instant Messenger SPAM" that is broadcast out across the net. Good possibility this is the problem.

    Load those security patches. I see this all the time.
     
  8. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    Hi Compaq__
    This infection is well-known, and is the SmitFraud, or Privacy-Danger, fake alert, we have been dealing with this for a very long time...

    The poster cannot execute any files.... he may not be able to even post a Hijackthis log, but I am having them try. Most likely, he will not be able to install patches.... I would have them try some of the removal tools for it, but probably they won't run, either...

    I would like to see a Hijackthis log, first though....



    Also> this site has a Rule about who may post advice when dealing with malware cleaning....this thread obviously is. You may not have seen the Rules section, so here it is:

     
  9. Compaq__

    Compaq__

    Joined:
    Mar 18, 2008
    Messages:
    458
    Saw it. LOL Yes, very familiar with this type of issue. Didn't see him say he can't run executables. From his description sure looks like the old messenger service spam...no tools required to fix that. Just runnin those security patches...
    That's my observation...not advice.
     
  10. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    Hi Compaq- No, this isn't Messenger spam, though that does give popups. This is an infection, part of the trojan Zlob. or Smitfraud family, of which there are quite a few variants.

    One of the symptoms, is the red X, in the system tray, as well as a large notice on your screen proclaiming it's bogus message.

    Here is a page about this very similar family:

    http://www.dslreports.com/faq/seclean?text=1 <Scroll down to where it has

    "Screenshots of Desktop Hijack" for good examples of this trojan.


    http://fix-slow-computer.com/index.php?s=delete

    http://www.wilderssecurity.com/showthread.php?t=75890 screenshot of one type

    http://www.smokey-services.eu/forum/viewtopic.php?t=2035


    About not being able to run executables: Seems it is mostly, antimalware tools that will not run- and actually, we see quite a few of these infections that can disable Hijackthis, plus other security programs.....perhaps not ALL executables, my mistake there... There are some things we can have them try, that will let them post a Hijackthis log, and run tools.

    Still, you are not authorized to post removal advice here at TSG- this person has to clear up this infection before being sent off to do a lot of Windows Updates....

    See the Quoted information for directions to try and become qualified here at this forum, if you would like to help with malware cleaning.

    You will see from the links I posted, that the infection is this type...


     
  11. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    Hi llopez704

    Please ignore the posts between Compaq_ and myself and try what I have below:

    Hi,

    http://www.radiosplace.com/

    On your left side, in the blue list menu, Hijackthis.exe

    We can try this older standalone version of Hijackthis, to use to see a log until we can get the new one to run:

    this is a standalone .exe> as soon as you get it downloaded, rename hijackthis.exe to tool.exe and try to get the log for us...it will work the same way. Don't open it, make sure you download it onto your desktop and then, double click tool.exe or whatever you rename it to, select Scan and Save a log, and copy and Paste the log into a reply here.

    If that does not work for you: First, delete any copies of ComboFix.exe you have now


    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**



    Once you have the renamed ComboFix file on the desktop:

    It's important that you do turn off the protective programs such as antivirus, and the ones mentioned in the link below, so do go there and act on that advice!

    Please read all through the info so you know what will be done.
    Here are directions etc but I also have them below:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
    Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.
    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​

    3. Double click on combofix.exe & follow the prompts.
    4. When finished, it will produce a report for you.
    5. Please post the "C:\ComboFix.txt" in your next reply..And, after you are done posting the log from ComboFix....run Hijackthis again, Scan and Save a Log....post the brand new log
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/693942