Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 61223
  • Last Modified:

said: 'Your computer is infected!'

Hi all,

There is a red icon stay in my system tray and always says that 'Your computer is infetced!' and a stupid anti spyware-(Worldantispy) always come out automatically.

http://syskplim.f2o.org/icon.jpg

I can't even found any alien in my startup // registry-LM-RUN // registry-CU-RUN  and services.

Please help me to solve this. Thanks
0
syskplim
Asked:
syskplim
  • 11
  • 8
  • 3
  • +1
2 Solutions
 
Harisha M GCommented:
Download HijackThis from www.majorgeeks.com/download3155.html
Run the program, and submit the logfile to http://hijackthis.de
Save the analysis and post the link here (Do not post the logfile itself)

Also run BHO Daemon
www.bhodaemon.com/



Then Run one or more of these tools from SAFE MODE with SYSTEM RESTORE OFF:
__________________________________________________________________________________________
Spy Bot Search & Destroy:
http://www.safer-networking.org/en/mirrors/index.html
http://www.spychecker.com/program/spybot.html
__________________________________________________________________________________________
Spy Sweeper:
http://www.spychecker.com/program/spysweeper.html
__________________________________________________________________________________________
Ad-Aware SE Personal Edition:
http://www.spychecker.com/download/download_adaware.html
__________________________________________________________________________________________
SpywareBlaster
http://www.spychecker.com/program/spywareblaster.html
__________________________________________________________________________________________
CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html
__________________________________________________________________________________________
0
 
Harisha M GCommented:
Have you tried the online scans ?

Housecall Online Scan
http://housecall.antivirus.com

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
0
 
syskplimAuthor Commented:
Dear mgh_mgharish,

this is my saved HJT log.

http://hijackthis.de/logfiles/d6f4ba39d8a8bbd022b37027e3593511.html


i did restart my pc in save command mode and scaned it with Ad-Aware SE Personal Edition (with updated definition file) but nothing found.

when i clicked on that stupid red icon, it will link me to www.worldantispy.com and ask me to register that worldantispy.  As i know, that was a version of trojen similar to this:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.desktophijack.c.html

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Harisha M GCommented:
There are many "Possibly Nasty" entries. If you don't know what they are, delete them.

NOTE:
O4 - Global Startup: WorldAntiSpy.lnk = C:\Program Files\WorldAntiSpy\WorldAntiSpy.exe         

This is being shown as Unknown which means it is not a recognised software. That itself may be the virus. Uninstall that first
0
 
syskplimAuthor Commented:
This is my new HJT logs.

http://hijackthis.de/logfiles/d6f4ba39d8a8bbd022b37027e3593511.html

i have just finished running Symantec Security Check and got the report as below.

http://syskplim.f2o.org/onlinescan.jpg
0
 
Harisha M GCommented:
Well, now run SpyBot to remove those Dialer and Adware threats.

Also, delete the quarentined files in MS Antispyware
0
 
syskplimAuthor Commented:
After i restarted the pc, that stupid red icon still be the 1st to come out !!   :(

even HJT logs seems ok now.
--> http://www.hijackthis.de/logfiles/d1ba0e9c8866a762a7076544b477df7e.html

and 1 more thing is: there is an item  ->> LM/software/ISTbar in my registry that i can't delete it even i tried many software like regedit, Registry Mechanic, registry cleaner, spybot ...... it was an error said that can't delete this key.. no more IST file was load in memory..

0
 
Harisha M GCommented:
What is PowerWord ? Is it a known software ?

Start --> Run --> "msconfig.msc"  without quotes.
In the startup tab, remove suspected entries.

0
 
Harisha M GCommented:
Press Ctrl+Alt+Delete Click the processes tab

Now, if that icon can be closed, (By rightclicking and selecting exit etc), do that and find the process which stops when you close that.
0
 
syskplimAuthor Commented:
PowerWord is a legal software. i am using Win2K, no msconfig. i checked my startup list with Spybot and found no suspected item.

This is my processes list --> http://syskplim.f2o.org/task.jpg

0
 
r-kCommented:
Suggest you try ewido from:

 http://www.ewido.net/en/

there is a free download, and it works well in such cases.
0
 
Harisha M GCommented:
syskplim, does that happen in Safe mode also ?
0
 
syskplimAuthor Commented:
Yes, mgh_mgharish. In safe mode, the red icon was there.

r-k:  i am scanning the pc with ewido and it can clean the ISTbar that sticked in my registry as i mentioned above but doesnt help to remove that stupid red icon.




0
 
Harisha M GCommented:
You really need to find the process which is creating all that..

Try this..

Go on closing each of the processes that are running. And notedown the process which, on closing, removes that icon.
0
 
Harisha M GCommented:
First remove the known software processes, then remove the antivirus processes and then go for system processes
0
 
r-kCommented:
If no luck so far with the above suggestions, then try the following:

Download Autoruns from: http://www.sysinternals.com/Utilities/Autoruns.html

and run it. Use the "Hide Microsoft Entries" option to reduce the display.

If you can spot anything suspicious you can un-check it and reboot and see it helps. Otherwise use the "Save as.." option to save the Autoruns results to a text file, and cut-and-paste the results here.

PS: Sometimes you need to run ewido more than once to catch everything.

0
 
syskplimAuthor Commented:
i have just finished the ewido scanning.... and RED ICON STILL THERE ~~~  :_(

even that ISTbar, finally cannot be deleted..

http://syskplim.f2o.org/clean1.jpg

http://syskplim.f2o.org/clean2.jpg

http://syskplim.f2o.org/clean3.jpg

aaaAAAAaaaaHHHHHH  !!! Stupid ReD iCON~~~ and ISTbar~~  !!


mgh_mgharish: all of the running processes are known processes, and some of them can't be stoped...


0
 
Harisha M GCommented:
Goto DOS and run the command (Don't know whether exists in 2000)
SFC /SCANNOW

This should revert all the Windows files to their original versions.
0
 
syskplimAuthor Commented:
HI~~!!  the red icon suddenly gone after i restart my PC~!!

Is that the result of  EWIDO -or- SFC /SCANNOW ??  :*o

After i scanned the PC with ewido and fixed some of the error, the red icon still there... then i run sfc /scannow as mgh_mgharish suggested... some files were copied from my win2k pro CD into my hdd.. nothing changed after that.. and i decided to restart the pc and finally red icon gone..

The only thing now remain is ISTbar in my registry.. but seems that it doesnt harm even staying.

Anyway thanks to both mgh_mgharish and r-k.



0
 
r-kCommented:
Glad the main problem is solved. If you want to get rid of the traces of ISTbar, try the removal tool linked from this page:

 http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html

0
 
syskplimAuthor Commented:
r-k: this won't help. It can't get any ISTbar signal from my PC. that ISTbar is dead but i dont know why i cant delete those registry keys..

0
 
Harisha M GCommented:
syskplim, glad we could be of some help :)
0
 
mickn66Commented:
I know this problem has been solved already, but I recently had the same exact problem in that nothing could delete certain registry keys that had been installed by spyware.  It turned out to be simply that my permissions were not set up right.  Check this: http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21582519.html
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 11
  • 8
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now