[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to remove "Animalware" maleware.

Posted on 2006-04-17
11
Medium Priority
?
9,531 Views
Last Modified: 2008-01-09
Hi everybody.  My friend has an icon in the lower right icon tray.  About every three minutes it pops up.  It flashes between a handycapped symbol and a prohibited symbol with a popup that states "Critical System Error! System detected virus activities. They may cause critical system failure. Please use animalware software to clean and protect your system from parasite programs. Click here to get all available software."

I've cleaned many systems of spyware, but this one has me stumped.  I've looked at running processes and it doesn't show up.  There's nothing in the Startup folder.  I looked in the registry, and there's nothing for it in the RUN area.

I ran Spybot, Ad-Aware and Microsoft Anti Spyware with nothing found.  I tried starting in Safe Mode, and the icon still shows up.  I Googled Animalware but only found one person with the same problem and it didn't have a resolution.

Does anybody have an idea on how I can proceed with this problem?  It's XP Professional + SP2.  For anti-virus it's running McAfee 8.0, fully updated.
0
Comment
Question by:fever_rca
11 Comments
 
LVL 20

Expert Comment

by:Mark Brady
ID: 16467697
Unless this program is registered as a system process then it should show up in 'processes'.

Have you checked both the 'run' keys in the registry ?

hkey_local_machine/software/microsoft/windows/currentversion/run

and

hkey_current_user/software/microsoft/windows/currentversion/run

also check msconfig for possible programs that launch on startup.

Cheers
Elvin
0
 
LVL 70

Accepted Solution

by:
Merete earned 1500 total points
ID: 16467781
Hello fever_rca  do you have access to this computer to run these sugestions.

Are you sure you are spelling it correctly,also what happens when you >>Click here to get all available software."  
does it supply any info?
try using your search assistant  start menue search: and type in animalware software..get the search assistant to search all system files. unhide all all system folders from tools folder options view. There is three.
Also search for Temp and delete the contents. Once installed these are no longer required.

Have a look in your system events control panel administrative tools. event viewer applications.
Post back some errors.

Try several deep scanners where one misses one detects.
Malicious Software Removal Tool scan free, clicking on this link will run >>http://www.microsoft.com/security/malwareremove/default.mspx#run
it otherwise
choose this one as a reference
http://www.microsoft.com/security/malwareremove/default.mspx
 online scanner called Nuker
Free scan
Let Error Nuker, our amazing FREE PC Diagnostics tool, identify the precise problems in your Windows registry so you can determine exactly what is wrong with your Windows Registry.
Best of all you can keep the tool forever and find out if your PC has problems for
http://www.errornuker.com/

If suspected malware and feel stuck you can always do the manual way please do the following.
dis-able the system restore to delete any folders that may contain a malware, then re-enable it.
r/click my computer properties system restore.
perform a disc cleanup at start all programs accessories system tools.

Delete all cookies temporary internet files history.
delete the index.dat file
Index.dat are files hidden on your computer that contain all of the Web sites that you have ever visited. Every URL, and every Web page is listed there. Not only that but all of the email that has been sent or received through Outlook or Outlook Express is also being logged.
According to Microsoft, these files are used to cache visited Web sites to help speed up the loading of Web pages in Internet Explorer. Obviously this cannot be the case because when you clear the Temporary Internet Files the "index.dat" files remain behind and continue to grow. If you delete or clear the Temporary Internet Files, there is absolutely no need to index the URL cache because those files no longer exist.
http://www.acesoft.net/delete_index.dat_files.htm

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
Process Explorer
http://www.sysinternals.com/Utilities/ProcessExplorer.html

empty the recycle bin
delete the temp files in the temp folder

here is a great tool that monitors the start up that msconfig maynot show. I use it and reccomned it
free
Startup Inspector for Windows is a Windows platform software that helps Windows user to manage Windows startup applications.
http://www.freedownloadscenter.com/Utilities/System_Maintenance_and_Repair_Utilities/Startup_Inspector_for_Windows.html

please let us know if any help and if you find a solution.
I would be interested in knowing your feed back.
Cheers Merete

0
 
LVL 70

Expert Comment

by:Merete
ID: 16467784
also I missed this To check if you have any spyware
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe

Open Hijackthis, click  scan and save a logfile
then navigate to programfiles hijackthis folder and copy out the log file
 contents and paste the log here http://www.hijackthis.de/ 

 click "Analyse", "Save". at the very bottom of this page..  
Copy the address/url and post a link to the saved list here.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:venom96737
ID: 16468183
some adaware and spyware will never show in any scans nor in any processes but they will leave an icon in the sytem32 folder look in there for some silly icons and that may clear the problem.
0
 

Author Comment

by:fever_rca
ID: 16468367
Thanks for the tips.

I have looked in local_machine; I didn't look in current_user.  I'll do that.
I did look in msconfig for startup.  I could identify each program.

I'll try deleting all temp, internet files and the recycle bin.

I've never used Hijack this.  Always sounds so complicated.  I will if nothing else works.

I haven't tried clicking on the icon to see what software it suggests.  Besides not wanting to download more crap, I feel like it's giving up.  Geek pride?  Maybe...

 I also thought any thing running would show a process.  But this doesn't.  Can't even right-click it to get options.  I'll perform the sugestions andreport back.
0
 
LVL 70

Expert Comment

by:Merete
ID: 16468480
it is very easy now , scans in a secs, save teh installer hijackthis to your desktop for now, hit analize and save log, 4 secs laters
 then just open the txt log where you saved it, otherwise it defaulats to programfiles hijackthis program, look for the lofile .txt
 using the edit at the top> select all >edit again> copy >open the web page here http://www.hijackthis.de/ 
  you will see a smallish windows paste it into that, below this windows is the word analyze it does it in 3 secs turns the page to your analyzed log just  scroll down and you will see your entire hijackthis log file analysed with safe or dangerous in red.
copy the url to this and paste it here.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 16468537
>>I've never used Hijack this.  Always sounds so complicated.  I will if nothing else works.<<

Hijackthis is not complicated! We will tell you which ones to fix after we see the log. Hijackthis malware entries points to a specific infections where we can then tell you which tool to use instead of installing and trying so many scanners and hoping one will work.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "scan and save a logfile" don't fix anything yet, just upload the logfile created, go here and paste your Hijackthis log,
http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.
0
 
LVL 3

Expert Comment

by:smartjen4u
ID: 16469240
for all your solutions instead of just trying the tweak install Windows Defender frm here
http://www.microsoft.com/athome/security/spyware/software/default.mspx
dude i tell you it really works

Windows Defender (Beta 2) is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, and a new streamlined interface that minimizes interruptions and helps you stay productive.

regards
0
 

Author Comment

by:fever_rca
ID: 16484280
Sorry, didn't have a chance to look at this today.  I will tackle it again in the morning and report what I find.

Richard
0
 

Author Comment

by:fever_rca
ID: 16495055
Success!  I used Zonealarm to lock down internet access.  Then I clicked on the popup to "get software".  Zonealarm blocked access, but the website it tried to reach was spywarequake.com.  Ah-Ha!

Googled that, found this website:  http://www.bleepingcomputer.com/forums/topic47826.html
It listed the exact error - except they said "antimalware", instead of "animalware".  Cheap maleware!  LoL

So I followed the manual removal instructions (See the webpage) and it worked great.

Thanks for the help - I'll award points to Merete for the suggestion of clicking on the popup.
0
 
LVL 70

Expert Comment

by:Merete
ID: 16495156
lol great, malware  animalware same thing hey they are all animals lol.
Well done. Thank you knidly for the points and for your feedback. :)
Best wishes to you
Merete
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question