Avatar of syskplim
syskplim
 asked on

said: 'Your computer is infected!'

Hi all,

There is a red icon stay in my system tray and always says that 'Your computer is infetced!' and a stupid anti spyware-(Worldantispy) always come out automatically.

http://syskplim.f2o.org/icon.jpg

I can't even found any alien in my startup // registry-LM-RUN // registry-CU-RUN  and services.

Please help me to solve this. Thanks
Anti-Virus Apps

Avatar of undefined
Last Comment
mickn66

8/22/2022 - Mon
Harisha M G

Download HijackThis from www.majorgeeks.com/download3155.html
Run the program, and submit the logfile to http://hijackthis.de
Save the analysis and post the link here (Do not post the logfile itself)

Also run BHO Daemon
www.bhodaemon.com/



Then Run one or more of these tools from SAFE MODE with SYSTEM RESTORE OFF:
__________________________________________________________________________________________
Spy Bot Search & Destroy:
http://www.safer-networking.org/en/mirrors/index.html
http://www.spychecker.com/program/spybot.html
__________________________________________________________________________________________
Spy Sweeper:
http://www.spychecker.com/program/spysweeper.html
__________________________________________________________________________________________
Ad-Aware SE Personal Edition:
http://www.spychecker.com/download/download_adaware.html
__________________________________________________________________________________________
SpywareBlaster
http://www.spychecker.com/program/spywareblaster.html
__________________________________________________________________________________________
CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html
__________________________________________________________________________________________
Harisha M G

Have you tried the online scans ?

Housecall Online Scan
http://housecall.antivirus.com

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
syskplim

ASKER
Dear mgh_mgharish,

this is my saved HJT log.

http://hijackthis.de/logfiles/d6f4ba39d8a8bbd022b37027e3593511.html


i did restart my pc in save command mode and scaned it with Ad-Aware SE Personal Edition (with updated definition file) but nothing found.

when i clicked on that stupid red icon, it will link me to www.worldantispy.com and ask me to register that worldantispy.  As i know, that was a version of trojen similar to this:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.desktophijack.c.html

Your help has saved me hundreds of hours of internet surfing.
fblack61
Harisha M G

There are many "Possibly Nasty" entries. If you don't know what they are, delete them.

NOTE:
O4 - Global Startup: WorldAntiSpy.lnk = C:\Program Files\WorldAntiSpy\WorldAntiSpy.exe         

This is being shown as Unknown which means it is not a recognised software. That itself may be the virus. Uninstall that first
syskplim

ASKER
This is my new HJT logs.

http://hijackthis.de/logfiles/d6f4ba39d8a8bbd022b37027e3593511.html

i have just finished running Symantec Security Check and got the report as below.

http://syskplim.f2o.org/onlinescan.jpg
Harisha M G

Well, now run SpyBot to remove those Dialer and Adware threats.

Also, delete the quarentined files in MS Antispyware
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
syskplim

ASKER
After i restarted the pc, that stupid red icon still be the 1st to come out !!   :(

even HJT logs seems ok now.
--> http://www.hijackthis.de/logfiles/d1ba0e9c8866a762a7076544b477df7e.html

and 1 more thing is: there is an item  ->> LM/software/ISTbar in my registry that i can't delete it even i tried many software like regedit, Registry Mechanic, registry cleaner, spybot ...... it was an error said that can't delete this key.. no more IST file was load in memory..

Harisha M G

What is PowerWord ? Is it a known software ?

Start --> Run --> "msconfig.msc"  without quotes.
In the startup tab, remove suspected entries.

Harisha M G

Press Ctrl+Alt+Delete Click the processes tab

Now, if that icon can be closed, (By rightclicking and selecting exit etc), do that and find the process which stops when you close that.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
syskplim

ASKER
PowerWord is a legal software. i am using Win2K, no msconfig. i checked my startup list with Spybot and found no suspected item.

This is my processes list --> http://syskplim.f2o.org/task.jpg

SOLUTION
r-k

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Harisha M G

syskplim, does that happen in Safe mode also ?
syskplim

ASKER
Yes, mgh_mgharish. In safe mode, the red icon was there.

r-k:  i am scanning the pc with ewido and it can clean the ISTbar that sticked in my registry as i mentioned above but doesnt help to remove that stupid red icon.




Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Harisha M G

You really need to find the process which is creating all that..

Try this..

Go on closing each of the processes that are running. And notedown the process which, on closing, removes that icon.
Harisha M G

First remove the known software processes, then remove the antivirus processes and then go for system processes
r-k

If no luck so far with the above suggestions, then try the following:

Download Autoruns from: http://www.sysinternals.com/Utilities/Autoruns.html

and run it. Use the "Hide Microsoft Entries" option to reduce the display.

If you can spot anything suspicious you can un-check it and reboot and see it helps. Otherwise use the "Save as.." option to save the Autoruns results to a text file, and cut-and-paste the results here.

PS: Sometimes you need to run ewido more than once to catch everything.

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
syskplim

ASKER
i have just finished the ewido scanning.... and RED ICON STILL THERE ~~~  :_(

even that ISTbar, finally cannot be deleted..

http://syskplim.f2o.org/clean1.jpg

http://syskplim.f2o.org/clean2.jpg

http://syskplim.f2o.org/clean3.jpg

aaaAAAAaaaaHHHHHH  !!! Stupid ReD iCON~~~ and ISTbar~~  !!


mgh_mgharish: all of the running processes are known processes, and some of them can't be stoped...


ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
syskplim

ASKER
HI~~!!  the red icon suddenly gone after i restart my PC~!!

Is that the result of  EWIDO -or- SFC /SCANNOW ??  :*o

After i scanned the PC with ewido and fixed some of the error, the red icon still there... then i run sfc /scannow as mgh_mgharish suggested... some files were copied from my win2k pro CD into my hdd.. nothing changed after that.. and i decided to restart the pc and finally red icon gone..

The only thing now remain is ISTbar in my registry.. but seems that it doesnt harm even staying.

Anyway thanks to both mgh_mgharish and r-k.



r-k

Glad the main problem is solved. If you want to get rid of the traces of ISTbar, try the removal tool linked from this page:

 http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
syskplim

ASKER
r-k: this won't help. It can't get any ISTbar signal from my PC. that ISTbar is dead but i dont know why i cant delete those registry keys..

Harisha M G

syskplim, glad we could be of some help :)
mickn66

I know this problem has been solved already, but I recently had the same exact problem in that nothing could delete certain registry keys that had been installed by spyware.  It turned out to be simply that my permissions were not set up right.  Check this: https://www.experts-exchange.com/Operating_Systems/WinXP/Q_21582519.html
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck