Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Red Flashing X In System Tray And Pop Ups


  • Please log in to reply
10 replies to this topic

#1 CPJones

CPJones

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 05 March 2008 - 10:56 PM

Hi,

I have a virus or something that puts a red flashing x in the system tray, give a million pop ups, took over my home page, sometimes shuts down my computer randomly.

I thought I took care of this about a month ago, same problem. I had symantec. I got rid of that and installed kaspersky, which found a ton of stuff (great), but not the one causing this problem. I downloaded some program after a ton of research, and that's what got rid of it for the time being. now it's back.

I don't remember what that program was. it came from a website f-secure.com or something like that. I tried to research this again, but am just finding lots of confusing posts that seem to be resolved, but I can't figure out how or why.

I have hijack this installed...i don't know if you want that or something else, so i will wait for instructions...

thank you very much

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:59 PM

Posted 05 March 2008 - 11:52 PM

Hello please no HJT log unless we ask,thanks. I think this will fix you up
Please follow these instructions.
How to remove the Smitfraud / Generic Zlob

Now Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop .. DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode:How to start Windows in Safe Mode
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt
.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions and Let us know how it went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 CPJones

CPJones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 06 March 2008 - 02:11 PM

Ok, I did as instructed. SmitfraudFix was the program I ran about a month ago that did red of the problem until it came back now. Hopefully the additional fixes you have told me to do will get rid of it for good! I had no problems on restart.

Here's the Super log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/06/2008 at 01:40 PM

Application Version : 4.0.1154

Core Rules Database Version : 3415
Trace Rules Database Version: 1407

Scan type : Complete Scan
Total Scan Time : 00:36:51

Memory items scanned : 145
Memory threats detected : 0
Registry items scanned : 4466
Registry threats detected : 53
File items scanned : 5306
File threats detected : 15

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{A037112F-183D-4E98-8CEA-1A0D93BA9F48}
HKCR\CLSID\{A037112F-183D-4E98-8CEA-1A0D93BA9F48}
HKCR\CLSID\{A037112F-183D-4E98-8CEA-1A0D93BA9F48}
HKCR\CLSID\{A037112F-183D-4E98-8CEA-1A0D93BA9F48}\InprocServer32
HKCR\CLSID\{A037112F-183D-4E98-8CEA-1A0D93BA9F48}\InprocServer32#ThreadingModel
HKCR\CLSID\{A037112F-183D-4E98-8CEA-1A0D93BA9F48}\ProgID
HKCR\CLSID\{A037112F-183D-4E98-8CEA-1A0D93BA9F48}\Programmable
HKCR\CLSID\{A037112F-183D-4E98-8CEA-1A0D93BA9F48}\TypeLib
HKCR\CLSID\{A037112F-183D-4E98-8CEA-1A0D93BA9F48}\VersionIndependentProgID
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\AC8ZT2\ENSFOLR.DLL

Trojan.Unclassified/EGO
HKLM\Software\Classes\CLSID\{C5C1C68B-79A3-461B-BF41-410CF67FABB4}
HKCR\CLSID\{C5C1C68B-79A3-461B-BF41-410CF67FABB4}
HKCR\CLSID\{C5C1C68B-79A3-461B-BF41-410CF67FABB4}
HKCR\CLSID\{C5C1C68B-79A3-461B-BF41-410CF67FABB4}\InprocServer32
HKCR\CLSID\{C5C1C68B-79A3-461B-BF41-410CF67FABB4}\InprocServer32#ThreadingModel
HKCR\CLSID\{C5C1C68B-79A3-461B-BF41-410CF67FABB4}\ProgID
HKCR\CLSID\{C5C1C68B-79A3-461B-BF41-410CF67FABB4}\Programmable
HKCR\CLSID\{C5C1C68B-79A3-461B-BF41-410CF67FABB4}\TypeLib
HKCR\CLSID\{C5C1C68B-79A3-461B-BF41-410CF67FABB4}\VersionIndependentProgID
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\AC8ZT2\ENLFXGW.DLL

Adware.SBSoft
HKU\S-1-5-21-1935655697-746137067-1060284298-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{08BEC6AA-49FC-4379-3587-4B21E286C19E}

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
C:\Program Files\Outerinfo\FF\chrome.manifest
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\Outerinfo\FF\components
C:\Program Files\Outerinfo\FF\install.rdf
C:\Program Files\Outerinfo\FF
C:\Program Files\Outerinfo\Terms.rtf
C:\Program Files\Outerinfo
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo

Rootkit.Unclassified/KR_Done
C:\WINNT\system32\kr_done1

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE
C:\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:59 PM

Posted 06 March 2008 - 02:18 PM

Nice work !! was this an XP system?
Also check these,
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs. From within Add/Remove Programs highlight any of the following programs (if listed) and select "Remove".

ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX By OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Sudoku by OIN
Yazzle Snowballwars by OIN
Yazzle Kobe Balls! by OIN
Zolero Translator

or anything similar with OIN, Outer Info Network or Yazzle in them.
Important! Reboot when done.

Open My Computer or Windows Explorer, navigate to C:\Program Files and delete any of the named program folders listed above that you find (if they still exist).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 CPJones

CPJones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 06 March 2008 - 04:30 PM

It's a Windows 2000.

I looked for any of those remaining programs, and found none. Does that mean I'm all set?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:59 PM

Posted 07 March 2008 - 12:15 AM

As long as it has stopped the popups and such you should be good.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 CPJones

CPJones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 07 March 2008 - 11:28 AM

Awesome, then I hope I won't be back anytime soon! Thanks for all the help and the easy to follow solution.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:59 PM

Posted 07 March 2008 - 03:28 PM

Ok cool
Please have a read here
How did I get infected?, With steps so it does not happen again!
Best Practices - Internet Safety For 2008
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 CPJones

CPJones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 06 April 2008 - 11:51 AM

Hi,

The same virus has returned (w/ red biohazard background that was also there before....not actually a background, a window that I just moved over from the edge of the screen and closed).

Anyway, it's back. It seems that it just returns on this cycle. I'm guessing something still on the computer since only my parents use it, and rarely ever do.

I'm going to follow the old directions I was given to remove it for now since I go to school in another state, and will be leaving in about an hour. Maybe I can tell someone any directions you would have, but I'm guessing it would be something I would have to do the next time the virus returns in a month or so.

Thanks

#10 CPJones

CPJones
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 06 April 2008 - 11:57 AM

I'd also like to add that as I updated the Super Antispyware, one of the updates was for smitfraud variant, so maybe it will find the problem this time

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:59 PM

Posted 06 April 2008 - 04:02 PM

OK then please follow the instructions for using SDFix here How to use SDFix
Copy and paste the contents of the results file Report.txt in your next reply and tell us how it went.

Edited by boopme, 06 April 2008 - 04:03 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users