How to remove "Animalware" maleware.
Hi everybody. My friend has an icon in the lower right icon tray. About every three minutes it pops up. It flashes between a handycapped symbol and a prohibited symbol with a popup that states "Critical System Error! System detected virus activities. They may cause critical system failure. Please use animalware software to clean and protect your system from parasite programs. Click here to get all available software."
I've cleaned many systems of spyware, but this one has me stumped. I've looked at running processes and it doesn't show up. There's nothing in the Startup folder. I looked in the registry, and there's nothing for it in the RUN area.
I ran Spybot, Ad-Aware and Microsoft Anti Spyware with nothing found. I tried starting in Safe Mode, and the icon still shows up. I Googled Animalware but only found one person with the same problem and it didn't have a resolution.
Does anybody have an idea on how I can proceed with this problem? It's XP Professional + SP2. For anti-virus it's running McAfee 8.0, fully updated.
I've cleaned many systems of spyware, but this one has me stumped. I've looked at running processes and it doesn't show up. There's nothing in the Startup folder. I looked in the registry, and there's nothing for it in the RUN area.
I ran Spybot, Ad-Aware and Microsoft Anti Spyware with nothing found. I tried starting in Safe Mode, and the icon still shows up. I Googled Animalware but only found one person with the same problem and it didn't have a resolution.
Does anybody have an idea on how I can proceed with this problem? It's XP Professional + SP2. For anti-virus it's running McAfee 8.0, fully updated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
also I missed this To check if you have any spyware
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click scan and save a logfile
then navigate to programfiles hijackthis folder and copy out the log file
contents and paste the log here http://www.hijackthis.de/
click "Analyse", "Save". at the very bottom of this page..
Copy the address/url and post a link to the saved list here.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click scan and save a logfile
then navigate to programfiles hijackthis folder and copy out the log file
contents and paste the log here http://www.hijackthis.de/
click "Analyse", "Save". at the very bottom of this page..
Copy the address/url and post a link to the saved list here.
some adaware and spyware will never show in any scans nor in any processes but they will leave an icon in the sytem32 folder look in there for some silly icons and that may clear the problem.
ASKER
Thanks for the tips.
I have looked in local_machine; I didn't look in current_user. I'll do that.
I did look in msconfig for startup. I could identify each program.
I'll try deleting all temp, internet files and the recycle bin.
I've never used Hijack this. Always sounds so complicated. I will if nothing else works.
I haven't tried clicking on the icon to see what software it suggests. Besides not wanting to download more crap, I feel like it's giving up. Geek pride? Maybe...
I also thought any thing running would show a process. But this doesn't. Can't even right-click it to get options. I'll perform the sugestions andreport back.
I have looked in local_machine; I didn't look in current_user. I'll do that.
I did look in msconfig for startup. I could identify each program.
I'll try deleting all temp, internet files and the recycle bin.
I've never used Hijack this. Always sounds so complicated. I will if nothing else works.
I haven't tried clicking on the icon to see what software it suggests. Besides not wanting to download more crap, I feel like it's giving up. Geek pride? Maybe...
I also thought any thing running would show a process. But this doesn't. Can't even right-click it to get options. I'll perform the sugestions andreport back.
it is very easy now , scans in a secs, save teh installer hijackthis to your desktop for now, hit analize and save log, 4 secs laters
then just open the txt log where you saved it, otherwise it defaulats to programfiles hijackthis program, look for the lofile .txt
using the edit at the top> select all >edit again> copy >open the web page here http://www.hijackthis.de/
you will see a smallish windows paste it into that, below this windows is the word analyze it does it in 3 secs turns the page to your analyzed log just scroll down and you will see your entire hijackthis log file analysed with safe or dangerous in red.
copy the url to this and paste it here.
then just open the txt log where you saved it, otherwise it defaulats to programfiles hijackthis program, look for the lofile .txt
using the edit at the top> select all >edit again> copy >open the web page here http://www.hijackthis.de/
you will see a smallish windows paste it into that, below this windows is the word analyze it does it in 3 secs turns the page to your analyzed log just scroll down and you will see your entire hijackthis log file analysed with safe or dangerous in red.
copy the url to this and paste it here.
>>I've never used Hijack this. Always sounds so complicated. I will if nothing else works.<<
Hijackthis is not complicated! We will tell you which ones to fix after we see the log. Hijackthis malware entries points to a specific infections where we can then tell you which tool to use instead of installing and trying so many scanners and hoping one will work.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "scan and save a logfile" don't fix anything yet, just upload the logfile created, go here and paste your Hijackthis log,
http://www.hijackthis.de/
and click "Analyse", click "Save". Post the link to the saved list here.
Hijackthis is not complicated! We will tell you which ones to fix after we see the log. Hijackthis malware entries points to a specific infections where we can then tell you which tool to use instead of installing and trying so many scanners and hoping one will work.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "scan and save a logfile" don't fix anything yet, just upload the logfile created, go here and paste your Hijackthis log,
http://www.hijackthis.de/
and click "Analyse", click "Save". Post the link to the saved list here.
for all your solutions instead of just trying the tweak install Windows Defender frm here
http://www.microsoft.com/athome/security/spyware/software/default.mspx
dude i tell you it really works
Windows Defender (Beta 2) is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, and a new streamlined interface that minimizes interruptions and helps you stay productive.
regards
http://www.microsoft.com/athome/security/spyware/software/default.mspx
dude i tell you it really works
Windows Defender (Beta 2) is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, and a new streamlined interface that minimizes interruptions and helps you stay productive.
regards
ASKER
Sorry, didn't have a chance to look at this today. I will tackle it again in the morning and report what I find.
Richard
Richard
ASKER
Success! I used Zonealarm to lock down internet access. Then I clicked on the popup to "get software". Zonealarm blocked access, but the website it tried to reach was spywarequake.com. Ah-Ha!
Googled that, found this website: http://www.bleepingcomputer.com/forums/topic47826.html
It listed the exact error - except they said "antimalware", instead of "animalware". Cheap maleware! LoL
So I followed the manual removal instructions (See the webpage) and it worked great.
Thanks for the help - I'll award points to Merete for the suggestion of clicking on the popup.
Googled that, found this website: http://www.bleepingcomputer.com/forums/topic47826.html
It listed the exact error - except they said "antimalware", instead of "animalware". Cheap maleware! LoL
So I followed the manual removal instructions (See the webpage) and it worked great.
Thanks for the help - I'll award points to Merete for the suggestion of clicking on the popup.
lol great, malware animalware same thing hey they are all animals lol.
Well done. Thank you knidly for the points and for your feedback. :)
Best wishes to you
Merete
Well done. Thank you knidly for the points and for your feedback. :)
Best wishes to you
Merete
Have you checked both the 'run' keys in the registry ?
hkey_local_machine/softwar
and
hkey_current_user/software
also check msconfig for possible programs that launch on startup.
Cheers
Elvin