red shield with a white x causing problems, did read the read and run me first

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mispelled, Feb 4, 2007.

  1. mispelled

    mispelled Private E-2

    Hi, I'm sort of new to forums, but I have a bit of a pickle, I have a red shield with a white x in it that resembles the windows defender icon in my system tray, when I hover over it it says "Your computer is infected !" When clicked it pops up a window saying: "would you like to update your security software and download registry cleaner?" and occasionally a ballon pops out of the system tray saying "Windows has detected spyware infection which corrupted the registry. It is recommended to load update to prevent data loss. Windows will now download and install the most up-to-date software for you. Click here to protect your computer."

    I followed all the directions in the read & run me first thread, and nothing seemed to help, I'm attaching all the logs except counterspy as I couldn't find a way to get it to output a log in text format or anything, it said 0 malware found in everything except in my cookies there was 2 that it deleted.

    again any help anyone could offer would be greatly appreciated.
     

    Attached Files:

  2. mispelled

    mispelled Private E-2

    here are the other files
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the directions in step 7 of the READ ME. You have HijackThis installed like this:

    C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

    That is exactly where we specify not to install it and you did not rename it. It must be installed like this:

    C:\Program Files\HJT\analyse.exe

    Correct the above now before continuing.

    I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

    ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

    Now attach new logs from:
    • GetRunKey
    • ShowNew
    • HJT
    How are things working now?
     
  4. mispelled

    mispelled Private E-2

    Hi, I completed those steps and the malware has been removed, it hasn't re-appeared for a couple of days so hopefully it's gone for good.

    Thank you very much for your help and expertise.
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is highly recommended that you attach the 2 rapport.txt logs and then the three new follow up logs from GetRunKey, ShowNew, and HJT as requested. You may have remaining malware issues and may not even notice.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds