Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Red Circle With White Cross in Taskbar


  • Please log in to reply

#1
jpmorris

jpmorris

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

I've run virtually every recommended program (Spybot, Ad-Aware, System Security Suite, Clean Up!, Trend Micro Housecall, Panda ActiveScan, and Computer Associates eTrust). These appear to have cleaned up every virus, trojan, or other malware, and I've deleted various things using HJT. But nonetheless, a small red circle icon with a white cross keeps appearing in the corner of my taskbar (next to the clock), and it occassionally pops up a message that "Your Computer is infected!" I haven't clicked on the icon for fear it would lead to site that reinfects my computer. After two very long nights, I'm at a loss as to how to remove this silly piece of malware.

Here's my most recent HJT log, I don't see any problems with it, but maybe someone else can direct me. Thanks in advance!!!!

Logfile of HijackThis v1.99.1
Scan saved at 2:41:14 AM, on 5/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\winnook.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jim\Desktop\Anti-Virus Programs\Hijack This\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Hi jpmorris,

Can you surf to:
http://www.kaspersky.com/scanforvirus
and have this file scanned:
C:\WINDOWS\System32\winnook.exe

Let me know the results.

Also I'd like to advise you to uninstall:
ViewPoint Manager
under Add/Remove Software

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe

Then reboot and let me know if that got rid of the icon.

Regards,
  • 0

#3
jpmorris

jpmorris

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Metallica,

You are a master! The icon is gone. Thanks greatly!

You asked that I scan the following file (at http://www.kaspersky.com/scanforvirus) and post the results -- here it is:

Scanned file:   winnook.exe

winnook.exe - infected by Trojan.Win32.TopAntiSpyware.l 


Thus, it looks like I have a trojan horse attached to this file. Any recommendations? Should I just delete it?

In addition, Windows Messenger opens everytime I start-up the computer (it didn't do this before the infection). I don't use this application. Any suggestions?

Thanks again for all your expertise and assistance.

Jim

Edited by jpmorris, 25 May 2005 - 10:03 PM.

  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
You can delete
C:\WINDOWS\System32\winnook.exe

XP Antispy will give you the option to stop Messenger (and some others)
http://www.xp-antispy.org/

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP