Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Red Circle Icon with white X in the systray - Problem


  • Please log in to reply
3 replies to this topic

#1 jacobderosenoir

jacobderosenoir

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 01 June 2005 - 09:30 AM

I have a big problem : A spyware was installed in my computer. I can see that a Red circle Icon with a white X is loading in the systray at every startup (even in safe mode) and as soon as it is loaded, a bunch of Shortcut icon appear on my desktop (Casino, Viagra, Porn, ect.), it change my IE start page and favorite and every once in a while a message appear from my systray (pointing that icon) saying that I've got a virus or a spyware and that I should download a specific program to get rid of it (which I haven't done). Nothing else seems to be affected.

I've tried 10 different antispyware programs so far and nothing can get rid of it. From what I understand this program is installing Spider-Crack and DesktoHijack (and god knows what else) on my computer cause Ad-aware sees it, removes it (along with all the icon on the desktop) but because it is in the systray, it re-infects in about 5 seconds. I haven't been able to identify this program in my systray as I cannot click on it (if I do it opens a web page) and there is nothing showing when I hover over it.

Spybot, Spy emergency (trial), Ad-Aware Pro, Microsoft antispyware beta, spy sweep (trial), CWSshredder, Stinger (trial) have been used to try and removing it. I've also tried on disabling every service and program in MSCONFIG and I've also tried starting in safe mode but nothing works.

My antivirus AVG tells me I have no virus (updated yesterday)

Please help

BC AdBot (Login to Remove)

 


m

#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:44 AM

Posted 01 June 2005 - 09:40 AM

I suggest you seek the help of our great team of experienced volunteers, and post a HiJackThis! log in the appropriate forum. Please read the instructions carefully:

http://www.bleepingcomputer.com/forums/How...s_Log-t956.html


Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:07:44 AM

Posted 01 June 2005 - 09:40 AM

Maybe you should consider posting a Highjack This Log. This link will take you to a detailed tutorial on how to post a log.

Good Luck! :thumbsup:

How to Post a Highjack This Log

Just please keep in mind that all Highjack This Team Members are volunteers. One must practice a little patience, when waiting for help. I promise you though that they will get to you as soon as they are able.

And above all do not attempt to work on your log yourself. And only take the advice from an official HJT Team Member. Which will show under thier name and avatar.

One more thing. Do not reply to your own post. As the Team keeps an eye out for zero replies. If they see a reply they will assume that someone is already helping you out. Then I'm afraid that you may get lost in the shuffle.
Posted Image

#4 jacobderosenoir

jacobderosenoir
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 02 June 2005 - 12:54 PM

I've found the solution to my problem on another Forum. Here it is


Run HijackThis and place checks beside each of the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0202/ or whatever web page you might have there like servicegoods.com


If you, or an administrator, set these restrictions on purpose (i.e., if you used Spybot's Home Page and Option Lock down features in the Immunize section, or you used a similar program to place them, leave them alone. Otherwise check them also.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After you check these items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

Now click on the Config.. button on the bottom right of HijackThis, click on the Misc Tools button up at the top right, click on Delete a file on reboot under System Tools. Select this file in bold:
C:\WINDOWS\System32\param32.dll

If you do not see the file you may have to configure Windows to show hidden files and folders:

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

After you select the file close HijackThis and reboot your computer.

Immediatly after run ad-aware, spy sweeper and Microsft Anti-Spyware to get rid of all the spyware program this program might have installed. Use Microsoft anti-spyware to be sure that your homepage is not pointing to any unwanted site.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users