How to remove "Animalware" maleware.

Hi everybody.  My friend has an icon in the lower right icon tray.  About every three minutes it pops up.  It flashes between a handycapped symbol and a prohibited symbol with a popup that states "Critical System Error! System detected virus activities. They may cause critical system failure. Please use animalware software to clean and protect your system from parasite programs. Click here to get all available software."

I've cleaned many systems of spyware, but this one has me stumped.  I've looked at running processes and it doesn't show up.  There's nothing in the Startup folder.  I looked in the registry, and there's nothing for it in the RUN area.

I ran Spybot, Ad-Aware and Microsoft Anti Spyware with nothing found.  I tried starting in Safe Mode, and the icon still shows up.  I Googled Animalware but only found one person with the same problem and it didn't have a resolution.

Does anybody have an idea on how I can proceed with this problem?  It's XP Professional + SP2.  For anti-virus it's running McAfee 8.0, fully updated.
fever_rcaTechnician Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark BradyPrincipal Data EngineerCommented:
Unless this program is registered as a system process then it should show up in 'processes'.

Have you checked both the 'run' keys in the registry ?

hkey_local_machine/software/microsoft/windows/currentversion/run

and

hkey_current_user/software/microsoft/windows/currentversion/run

also check msconfig for possible programs that launch on startup.

Cheers
Elvin
MereteCommented:
Hello fever_rca  do you have access to this computer to run these sugestions.

Are you sure you are spelling it correctly,also what happens when you >>Click here to get all available software."  
does it supply any info?
try using your search assistant  start menue search: and type in animalware software..get the search assistant to search all system files. unhide all all system folders from tools folder options view. There is three.
Also search for Temp and delete the contents. Once installed these are no longer required.

Have a look in your system events control panel administrative tools. event viewer applications.
Post back some errors.

Try several deep scanners where one misses one detects.
Malicious Software Removal Tool scan free, clicking on this link will run >>http://www.microsoft.com/security/malwareremove/default.mspx#run
it otherwise
choose this one as a reference
http://www.microsoft.com/security/malwareremove/default.mspx
 online scanner called Nuker
Free scan
Let Error Nuker, our amazing FREE PC Diagnostics tool, identify the precise problems in your Windows registry so you can determine exactly what is wrong with your Windows Registry.
Best of all you can keep the tool forever and find out if your PC has problems for
http://www.errornuker.com/

If suspected malware and feel stuck you can always do the manual way please do the following.
dis-able the system restore to delete any folders that may contain a malware, then re-enable it.
r/click my computer properties system restore.
perform a disc cleanup at start all programs accessories system tools.

Delete all cookies temporary internet files history.
delete the index.dat file
Index.dat are files hidden on your computer that contain all of the Web sites that you have ever visited. Every URL, and every Web page is listed there. Not only that but all of the email that has been sent or received through Outlook or Outlook Express is also being logged.
According to Microsoft, these files are used to cache visited Web sites to help speed up the loading of Web pages in Internet Explorer. Obviously this cannot be the case because when you clear the Temporary Internet Files the "index.dat" files remain behind and continue to grow. If you delete or clear the Temporary Internet Files, there is absolutely no need to index the URL cache because those files no longer exist.
http://www.acesoft.net/delete_index.dat_files.htm

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
Process Explorer
http://www.sysinternals.com/Utilities/ProcessExplorer.html

empty the recycle bin
delete the temp files in the temp folder

here is a great tool that monitors the start up that msconfig maynot show. I use it and reccomned it
free
Startup Inspector for Windows is a Windows platform software that helps Windows user to manage Windows startup applications.
http://www.freedownloadscenter.com/Utilities/System_Maintenance_and_Repair_Utilities/Startup_Inspector_for_Windows.html

please let us know if any help and if you find a solution.
I would be interested in knowing your feed back.
Cheers Merete

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MereteCommented:
also I missed this To check if you have any spyware
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe

Open Hijackthis, click  scan and save a logfile
then navigate to programfiles hijackthis folder and copy out the log file
 contents and paste the log here http://www.hijackthis.de/ 

 click "Analyse", "Save". at the very bottom of this page..  
Copy the address/url and post a link to the saved list here.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

venom96737Commented:
some adaware and spyware will never show in any scans nor in any processes but they will leave an icon in the sytem32 folder look in there for some silly icons and that may clear the problem.
fever_rcaTechnician Author Commented:
Thanks for the tips.

I have looked in local_machine; I didn't look in current_user.  I'll do that.
I did look in msconfig for startup.  I could identify each program.

I'll try deleting all temp, internet files and the recycle bin.

I've never used Hijack this.  Always sounds so complicated.  I will if nothing else works.

I haven't tried clicking on the icon to see what software it suggests.  Besides not wanting to download more crap, I feel like it's giving up.  Geek pride?  Maybe...

 I also thought any thing running would show a process.  But this doesn't.  Can't even right-click it to get options.  I'll perform the sugestions andreport back.
MereteCommented:
it is very easy now , scans in a secs, save teh installer hijackthis to your desktop for now, hit analize and save log, 4 secs laters
 then just open the txt log where you saved it, otherwise it defaulats to programfiles hijackthis program, look for the lofile .txt
 using the edit at the top> select all >edit again> copy >open the web page here http://www.hijackthis.de/ 
  you will see a smallish windows paste it into that, below this windows is the word analyze it does it in 3 secs turns the page to your analyzed log just  scroll down and you will see your entire hijackthis log file analysed with safe or dangerous in red.
copy the url to this and paste it here.
rpggamergirlCommented:
>>I've never used Hijack this.  Always sounds so complicated.  I will if nothing else works.<<

Hijackthis is not complicated! We will tell you which ones to fix after we see the log. Hijackthis malware entries points to a specific infections where we can then tell you which tool to use instead of installing and trying so many scanners and hoping one will work.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "scan and save a logfile" don't fix anything yet, just upload the logfile created, go here and paste your Hijackthis log,
http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.
smartjen4uCommented:
for all your solutions instead of just trying the tweak install Windows Defender frm here
http://www.microsoft.com/athome/security/spyware/software/default.mspx
dude i tell you it really works

Windows Defender (Beta 2) is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, and a new streamlined interface that minimizes interruptions and helps you stay productive.

regards
fever_rcaTechnician Author Commented:
Sorry, didn't have a chance to look at this today.  I will tackle it again in the morning and report what I find.

Richard
fever_rcaTechnician Author Commented:
Success!  I used Zonealarm to lock down internet access.  Then I clicked on the popup to "get software".  Zonealarm blocked access, but the website it tried to reach was spywarequake.com.  Ah-Ha!

Googled that, found this website:  http://www.bleepingcomputer.com/forums/topic47826.html
It listed the exact error - except they said "antimalware", instead of "animalware".  Cheap maleware!  LoL

So I followed the manual removal instructions (See the webpage) and it worked great.

Thanks for the help - I'll award points to Merete for the suggestion of clicking on the popup.
MereteCommented:
lol great, malware  animalware same thing hey they are all animals lol.
Well done. Thank you knidly for the points and for your feedback. :)
Best wishes to you
Merete
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.