How to remove "Animalware" maleware.

Posted on 2006-04-17
Last Modified: 2008-01-09
Hi everybody.  My friend has an icon in the lower right icon tray.  About every three minutes it pops up.  It flashes between a handycapped symbol and a prohibited symbol with a popup that states "Critical System Error! System detected virus activities. They may cause critical system failure. Please use animalware software to clean and protect your system from parasite programs. Click here to get all available software."

I've cleaned many systems of spyware, but this one has me stumped.  I've looked at running processes and it doesn't show up.  There's nothing in the Startup folder.  I looked in the registry, and there's nothing for it in the RUN area.

I ran Spybot, Ad-Aware and Microsoft Anti Spyware with nothing found.  I tried starting in Safe Mode, and the icon still shows up.  I Googled Animalware but only found one person with the same problem and it didn't have a resolution.

Does anybody have an idea on how I can proceed with this problem?  It's XP Professional + SP2.  For anti-virus it's running McAfee 8.0, fully updated.
Question by:fever_rca
    LVL 20

    Expert Comment

    by:Mark Brady
    Unless this program is registered as a system process then it should show up in 'processes'.

    Have you checked both the 'run' keys in the registry ?




    also check msconfig for possible programs that launch on startup.

    LVL 69

    Accepted Solution

    Hello fever_rca  do you have access to this computer to run these sugestions.

    Are you sure you are spelling it correctly,also what happens when you >>Click here to get all available software."  
    does it supply any info?
    try using your search assistant  start menue search: and type in animalware software..get the search assistant to search all system files. unhide all all system folders from tools folder options view. There is three.
    Also search for Temp and delete the contents. Once installed these are no longer required.

    Have a look in your system events control panel administrative tools. event viewer applications.
    Post back some errors.

    Try several deep scanners where one misses one detects.
    Malicious Software Removal Tool scan free, clicking on this link will run >>
    it otherwise
    choose this one as a reference
     online scanner called Nuker
    Free scan
    Let Error Nuker, our amazing FREE PC Diagnostics tool, identify the precise problems in your Windows registry so you can determine exactly what is wrong with your Windows Registry.
    Best of all you can keep the tool forever and find out if your PC has problems for

    If suspected malware and feel stuck you can always do the manual way please do the following.
    dis-able the system restore to delete any folders that may contain a malware, then re-enable it.
    r/click my computer properties system restore.
    perform a disc cleanup at start all programs accessories system tools.

    Delete all cookies temporary internet files history.
    delete the index.dat file
    Index.dat are files hidden on your computer that contain all of the Web sites that you have ever visited. Every URL, and every Web page is listed there. Not only that but all of the email that has been sent or received through Outlook or Outlook Express is also being logged.
    According to Microsoft, these files are used to cache visited Web sites to help speed up the loading of Web pages in Internet Explorer. Obviously this cannot be the case because when you clear the Temporary Internet Files the "index.dat" files remain behind and continue to grow. If you delete or clear the Temporary Internet Files, there is absolutely no need to index the URL cache because those files no longer exist.

    Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
    Process Explorer

    empty the recycle bin
    delete the temp files in the temp folder

    here is a great tool that monitors the start up that msconfig maynot show. I use it and reccomned it
    Startup Inspector for Windows is a Windows platform software that helps Windows user to manage Windows startup applications.

    please let us know if any help and if you find a solution.
    I would be interested in knowing your feed back.
    Cheers Merete

    LVL 69

    Expert Comment

    also I missed this To check if you have any spyware
    Please download HijackThis 1.99.1

    Open Hijackthis, click  scan and save a logfile
    then navigate to programfiles hijackthis folder and copy out the log file
     contents and paste the log here

     click "Analyse", "Save". at the very bottom of this page..  
    Copy the address/url and post a link to the saved list here.
    LVL 15

    Expert Comment

    some adaware and spyware will never show in any scans nor in any processes but they will leave an icon in the sytem32 folder look in there for some silly icons and that may clear the problem.

    Author Comment

    Thanks for the tips.

    I have looked in local_machine; I didn't look in current_user.  I'll do that.
    I did look in msconfig for startup.  I could identify each program.

    I'll try deleting all temp, internet files and the recycle bin.

    I've never used Hijack this.  Always sounds so complicated.  I will if nothing else works.

    I haven't tried clicking on the icon to see what software it suggests.  Besides not wanting to download more crap, I feel like it's giving up.  Geek pride?  Maybe...

     I also thought any thing running would show a process.  But this doesn't.  Can't even right-click it to get options.  I'll perform the sugestions andreport back.
    LVL 69

    Expert Comment

    it is very easy now , scans in a secs, save teh installer hijackthis to your desktop for now, hit analize and save log, 4 secs laters
     then just open the txt log where you saved it, otherwise it defaulats to programfiles hijackthis program, look for the lofile .txt
     using the edit at the top> select all >edit again> copy >open the web page here
      you will see a smallish windows paste it into that, below this windows is the word analyze it does it in 3 secs turns the page to your analyzed log just  scroll down and you will see your entire hijackthis log file analysed with safe or dangerous in red.
    copy the url to this and paste it here.
    LVL 47

    Expert Comment

    >>I've never used Hijack this.  Always sounds so complicated.  I will if nothing else works.<<

    Hijackthis is not complicated! We will tell you which ones to fix after we see the log. Hijackthis malware entries points to a specific infections where we can then tell you which tool to use instead of installing and trying so many scanners and hoping one will work.

    Please download HijackThis 1.99.1
    Open Hijackthis, click "scan and save a logfile" don't fix anything yet, just upload the logfile created, go here and paste your Hijackthis log,
    and click "Analyse", click "Save".  Post the link to the saved list here.
    LVL 3

    Expert Comment

    for all your solutions instead of just trying the tweak install Windows Defender frm here
    dude i tell you it really works

    Windows Defender (Beta 2) is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, and a new streamlined interface that minimizes interruptions and helps you stay productive.


    Author Comment

    Sorry, didn't have a chance to look at this today.  I will tackle it again in the morning and report what I find.


    Author Comment

    Success!  I used Zonealarm to lock down internet access.  Then I clicked on the popup to "get software".  Zonealarm blocked access, but the website it tried to reach was  Ah-Ha!

    Googled that, found this website:
    It listed the exact error - except they said "antimalware", instead of "animalware".  Cheap maleware!  LoL

    So I followed the manual removal instructions (See the webpage) and it worked great.

    Thanks for the help - I'll award points to Merete for the suggestion of clicking on the popup.
    LVL 69

    Expert Comment

    lol great, malware  animalware same thing hey they are all animals lol.
    Well done. Thank you knidly for the points and for your feedback. :)
    Best wishes to you

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
    Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now