Link to home
Create AccountLog in
Avatar of syskplim
syskplim

asked on

said: 'Your computer is infected!'

Hi all,

There is a red icon stay in my system tray and always says that 'Your computer is infetced!' and a stupid anti spyware-(Worldantispy) always come out automatically.

http://syskplim.f2o.org/icon.jpg

I can't even found any alien in my startup // registry-LM-RUN // registry-CU-RUN  and services.

Please help me to solve this. Thanks
Avatar of Harisha M G
Harisha M G
Flag of India image

Download HijackThis from www.majorgeeks.com/download3155.html
Run the program, and submit the logfile to http://hijackthis.de
Save the analysis and post the link here (Do not post the logfile itself)

Also run BHO Daemon
www.bhodaemon.com/



Then Run one or more of these tools from SAFE MODE with SYSTEM RESTORE OFF:
__________________________________________________________________________________________
Spy Bot Search & Destroy:
http://www.safer-networking.org/en/mirrors/index.html
http://www.spychecker.com/program/spybot.html
__________________________________________________________________________________________
Spy Sweeper:
http://www.spychecker.com/program/spysweeper.html
__________________________________________________________________________________________
Ad-Aware SE Personal Edition:
http://www.spychecker.com/download/download_adaware.html
__________________________________________________________________________________________
SpywareBlaster
http://www.spychecker.com/program/spywareblaster.html
__________________________________________________________________________________________
CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html
__________________________________________________________________________________________
Have you tried the online scans ?

Housecall Online Scan
http://housecall.antivirus.com

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
Avatar of syskplim
syskplim

ASKER

Dear mgh_mgharish,

this is my saved HJT log.

http://hijackthis.de/logfiles/d6f4ba39d8a8bbd022b37027e3593511.html


i did restart my pc in save command mode and scaned it with Ad-Aware SE Personal Edition (with updated definition file) but nothing found.

when i clicked on that stupid red icon, it will link me to www.worldantispy.com and ask me to register that worldantispy.  As i know, that was a version of trojen similar to this:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.desktophijack.c.html

There are many "Possibly Nasty" entries. If you don't know what they are, delete them.

NOTE:
O4 - Global Startup: WorldAntiSpy.lnk = C:\Program Files\WorldAntiSpy\WorldAntiSpy.exe         

This is being shown as Unknown which means it is not a recognised software. That itself may be the virus. Uninstall that first
This is my new HJT logs.

http://hijackthis.de/logfiles/d6f4ba39d8a8bbd022b37027e3593511.html

i have just finished running Symantec Security Check and got the report as below.

http://syskplim.f2o.org/onlinescan.jpg
Well, now run SpyBot to remove those Dialer and Adware threats.

Also, delete the quarentined files in MS Antispyware
After i restarted the pc, that stupid red icon still be the 1st to come out !!   :(

even HJT logs seems ok now.
--> http://www.hijackthis.de/logfiles/d1ba0e9c8866a762a7076544b477df7e.html

and 1 more thing is: there is an item  ->> LM/software/ISTbar in my registry that i can't delete it even i tried many software like regedit, Registry Mechanic, registry cleaner, spybot ...... it was an error said that can't delete this key.. no more IST file was load in memory..

What is PowerWord ? Is it a known software ?

Start --> Run --> "msconfig.msc"  without quotes.
In the startup tab, remove suspected entries.

Press Ctrl+Alt+Delete Click the processes tab

Now, if that icon can be closed, (By rightclicking and selecting exit etc), do that and find the process which stops when you close that.
PowerWord is a legal software. i am using Win2K, no msconfig. i checked my startup list with Spybot and found no suspected item.

This is my processes list --> http://syskplim.f2o.org/task.jpg

SOLUTION
Avatar of r-k
r-k

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
syskplim, does that happen in Safe mode also ?
Yes, mgh_mgharish. In safe mode, the red icon was there.

r-k:  i am scanning the pc with ewido and it can clean the ISTbar that sticked in my registry as i mentioned above but doesnt help to remove that stupid red icon.




You really need to find the process which is creating all that..

Try this..

Go on closing each of the processes that are running. And notedown the process which, on closing, removes that icon.
First remove the known software processes, then remove the antivirus processes and then go for system processes
If no luck so far with the above suggestions, then try the following:

Download Autoruns from: http://www.sysinternals.com/Utilities/Autoruns.html

and run it. Use the "Hide Microsoft Entries" option to reduce the display.

If you can spot anything suspicious you can un-check it and reboot and see it helps. Otherwise use the "Save as.." option to save the Autoruns results to a text file, and cut-and-paste the results here.

PS: Sometimes you need to run ewido more than once to catch everything.

i have just finished the ewido scanning.... and RED ICON STILL THERE ~~~  :_(

even that ISTbar, finally cannot be deleted..

http://syskplim.f2o.org/clean1.jpg

http://syskplim.f2o.org/clean2.jpg

http://syskplim.f2o.org/clean3.jpg

aaaAAAAaaaaHHHHHH  !!! Stupid ReD iCON~~~ and ISTbar~~  !!


mgh_mgharish: all of the running processes are known processes, and some of them can't be stoped...


ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
HI~~!!  the red icon suddenly gone after i restart my PC~!!

Is that the result of  EWIDO -or- SFC /SCANNOW ??  :*o

After i scanned the PC with ewido and fixed some of the error, the red icon still there... then i run sfc /scannow as mgh_mgharish suggested... some files were copied from my win2k pro CD into my hdd.. nothing changed after that.. and i decided to restart the pc and finally red icon gone..

The only thing now remain is ISTbar in my registry.. but seems that it doesnt harm even staying.

Anyway thanks to both mgh_mgharish and r-k.



Glad the main problem is solved. If you want to get rid of the traces of ISTbar, try the removal tool linked from this page:

 http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html

r-k: this won't help. It can't get any ISTbar signal from my PC. that ISTbar is dead but i dont know why i cant delete those registry keys..

syskplim, glad we could be of some help :)
I know this problem has been solved already, but I recently had the same exact problem in that nothing could delete certain registry keys that had been installed by spyware.  It turned out to be simply that my permissions were not set up right.  Check this: https://www.experts-exchange.com/questions/21582519/Is-it-possible-to-edit-registry-on-dual-boot-computer-from-other-boot.html