Blue question mark + Red X in task bar...HELP!

Status
Not open for further replies.
I have seen some posts on this already but I need some personal help resolving this issue. It's the same red x flashing to a blue question mark. If I click on it, a box pops up saying "Your computer is infected! Critical system error...." it goes on to say something about antimalware software to clean it up. This message also pops up about every 5 to 10 minutes. I've tried removing with spybot - no luck. I need some professional assistance. Any help would be greatly appreciated. Thanks.
 
Can you please READ the Stickies at the top of this forum. HiJackThis (HJT) would probably be your best bet to get rid of this malware. Also please read the sticky about posting your HJT file first too.

Cheers
 
Go HERE and follow the instructions exactly.

Post a fresh HJT log as a .txt attachment into this thread, only after doing the above.

Regards Howard :)
 
I can`t see any Ewido log.

However, what I really need is a fresh HJT log after you have followed the instructions.

Regards Howard :)
 
Just replying to this message just in case anyone else later on has the same problem an reads this. I just had this problem for the past 2 days and this is how i solved the problem.

1. I went an downloaded Ad-Aware free version and did a full scan in regular mode
2. Downloaded ATF Cleaner
3. Downloaded SmitFraud
4. Went in safemode (f8 on windows xp)
5. Did the ATF cleaner first and cleaned everything but the saved passwords of course
6. Cleaned with smitfraud

and bam..problem solved

This is what the smitfraud report showed....


SmitFraudFix v2.242

Scan done at 20:46:04.23, Wed 11/21/2007
Run from C:\Documents and Settings\OoFriezAoO\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b0883848-1466-4470-a418-3fe7d36694b9}"="bemocked"

[HKEY_CLASSES_ROOT\CLSID\{b0883848-1466-4470-a418-3fe7d36694b9}\InProcServer32]
@="C:\WINDOWS\system32\rldyt.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b0883848-1466-4470-a418-3fe7d36694b9}\InProcServer32]
@="C:\WINDOWS\system32\rldyt.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\rldyt.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\rldyt.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Status
Not open for further replies.
Back