Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Icon On My Taskbar Won't Go Away

  • Please log in to reply
3 replies to this topic

#1 jenny36


  • Members
  • 3 posts
  • Local time:02:27 PM

Posted 18 June 2007 - 10:31 PM

I am not computer literate at all, but this spycrusher got onto my computer. I uninstalled it and all the other things but there is still this flashing icon on my taskbar. how do i get it off?

BC AdBot (Login to Remove)


#2 rookie147


  • Members
  • 5,321 posts
  • Local time:08:27 PM

Posted 19 June 2007 - 02:34 AM

Hello there,
Please download SmitfraudFix (by S!Ri)
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Once in Safe Mode, open the SmitfraudFix folder again.
Double-click smitfraudfix.cmd.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process, in case we need it later on.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.

If this does not solve your problem, download and run HijackThis:
HijackThis Download Site
Once it is downloaded, extract the zip file to C:\HJT and navigate to the C:\HJT folder.
Now double-click on HijackThis.exe.
Put a checkmark in the box at the bottom that states Don't show this frame again when I start HijackThis.
Then click on the button labeled None of the above, just start the program.
You will now be presented with the main HJT screen.
Press the Scan button and then when it is done, the Save Log button.

Then post the HijackThis log, along with the contents of C:\rapport.txt in a new topic in our HijackThis Logs and Analysis forum, so you can recieve help from a member of the team on how to remove this malware.

Edited by rookie147, 19 June 2007 - 02:35 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image

#3 bg129


  • Members
  • 5 posts
  • Local time:03:27 PM

Posted 19 June 2007 - 07:21 PM

Rookie.... I am kind of interfering this thread because I have the same problem. I did the very first thing you said to do with the safe mode, restarted my computer and the spycrush icon came up again and then quickly left. Curious and confused, I restarted again. The same exact thing happened. The ZlobActiveXObject file was removed from my computer so part of me thinks I got the spyware off but the smarter part of me thinks its still hiding somewhere,

#4 rookie147


  • Members
  • 5,321 posts
  • Local time:08:27 PM

Posted 20 June 2007 - 04:17 AM

Hello bg129
If you are not sure whether or not it has been completely there are a couple of things we can do. However, they cannot be done in this forum.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1, and press Enter.
A text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your own topic in our HijackThis logs forum (linked to earlier) along with a HijackThis log.
We don't deal with HijackThis logs in this section of the forum, so make sure you start your own topic there, and someone will be along to help you.

Edited by rookie147, 20 June 2007 - 04:18 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users