While visiting myspace(I hate it even more now), I clicked upon a link I shouldn't have.. Now I have viruses on my PC that I can't get rid of. It started out as an icon sitting in my system tray saying "Critical System Error". When I click it, it would bring me here: http://www.virusburst.com/?aff=334


I figured that this icon is more to advertise(IE: It's spyware) than it is to notify me of a system error. So, I ran my anti-virus(AVG Free Edition) and my Windows Defender(Anti-Spyware). Windows Defender finds nothing at all, but AVG finds a Trojan. So, I delete the virus and my computer restarts. Now, the damn icon is still in my system tray, even causing pops! I can't seem to get rid of it, anyone have any ideas? I'm suppose to be running a game server, but I'm afraid to turn it on untill I get rid of this virus.

Here's a screenshot of the icon:
http://i23.photobucket.com/albums/b381/ZeroShadow/Damn.jpg


EDIT: DAMMIT! Here goes another one! This one I THOUGHT I removed, but I guess not. This one flashes. It's a yellow sign with a black exclamation mark in it.
http://i23.photobucket.com/albums/b381/Zer...amnEvenMore.jpg

LOL< addware thats saying you may have a virus haha.. did ya try MS's version at http://www.microsoft.com/downloads/details...;displaylang=en

yeah, its free, its a beta, but I bet you it will catch them addwares.. also try checking yer add/remove software in the control panel to see if its something you can uninstall that way..

peace
-skep

What you have there is spyware and not a virus, so don't worry too much abt spreading it. What happens is, there is a program (somewhere on your pc now) which is triggered to download/and run that spyware in stealth and your virus protector will pick that sort of thing up as a trojan since they work similarly. When you delete the file, the installation file has already written to your boot log (it's hidden somewhere else), so when you restart your PC it just reinstalls what you deleted. In other words, the whole thing is just a nasty mess and annoying as heck.

I found this a good link to use. It's an online spyware scanner and also gets rid of all the files for you and, in most cases, it works. I hope this helps you.

http://www.spywareinfo.com/xscan.php

Good luck!

Download the trial version of ewido and update it then run it.

Turn off your system restore and scan it in safe mode, you should be able to delete it without it reinstalling .

It didn't work.. =/



And when I restart my PC and go to my boot menu, I can't find safe mode.

I use to have the SAME, EXACT problem. But I Downloaded Spyware Doctor (the best anti-malware IMO) and it got rid of it completely. (albeit, you can do a free scan, but you gotta buy it

BTW- Spyware Doc found things that even Ewido and Ad-Aware missed.

Bit Defender (Scans and removes)
http://www.bitdefender.com/scan8/ie.html

F-Secure (Scans and removes)
http://support.f-secure.com/enu/home/ols.shtml

Run Spy Sweeper, Ad-Aware, Ewido, Spybot-S&D

Then if worse comes to worse, run SmitRem
http://www.bleepingcomputer.com/files/smitRem.php

Run all of this in safe mode.

Get the trial version of webroot then register it. That might get rid of it.

I'd agree with the rest of the posters, that's some nasty adware. Most of the good stuff you can't remove in add/remove programs but it doesn't hurt to check. I usually start with adaware personal and spybot s&d (both free) but it's just a personal preference. Do it all in safe mode. Also delete your temporary internet files. Good luck!

Let me know how you get rid of it I have the same problem, However I switched to firefox browser and it seems to have quarantined it for now.
Irish

Will do, Irish. I'm going to try a few if the things that the guys here told me to do.

Also, how do I run it in safemode? I can't even figure out how to get into safe mode on this PC.

Tap F8 just before Windows begins to load.

Check your add/remove in your control panel. If you see any suspicious software remove it. The programs above will remove the program no problem as well.

I personally use AVG Antivirus, Spybot, Ad-Aware, Ewido and Spyware Blaster.

A google search will find them easy. All are free except Ewido but it has a free trial 30 days I think.

Just used Spyware Doctor, didn't work.... Avast doesn't work. Windows Defender(Beta) doesn't work....

Spware Doctor found some effections and it removed them. But that same icon in my system tray is still there, and I'm still getting popups...

Ah. The evils of myspace.
Ouch! That's the trojan Horse virus, I think. Nasty thing.

Damn, maybe it's more serious than my affliction was. Sorry dude.

Talk to some Professionals

hahahahah you were looking at porn. ive seen that adware before on the ad-aware annual internet report, and it only comes from certain sites



do a system restore

start>all programs>accessories>system tools>system restore

Maybe I was. Hehehe. *smirk*

Thanks for letting the secret out!


Anyway, are you sure a system restore will work?


*I really did get it on myspace though. It just asked me to install something in order to view Adult Content. Stupid me actually clicked it!! Damn harmones. >.>*

Wow..... I'm really screwed. This is a new pc and everything was working fine untill that "virus". I just tried to restore TWICE, and it didn't work either time.

PS. Irish, how exactly did you catch it? Hmmmmmm? XD

..........

I allowed my lonely son access while he stayed with me I managed to clean up 27 Trogens and 56 adware programs but can not remove this one.
He is 25 years old but I guess we still need a father son talk
Irish

Ok try this. Go to your system tray, down by the clock, and close all the background junk that you can. Hit control, alt, delete (not in safe mode) and check your running processes. Go through the list and if you don't have too many processes try looking them up at processlibrary.com. This can help narrow down the suspicious running software, processlibrary will tell you if any of it is malware. Then go to your start menu and "run". Type "msconfig" and hit the "startup" tab on the top right. Look for that process or something similarly named on that list. You may have to expand the directory to the right to see the whole thing. Disable any malware identified by processlibrary by unmarking the check box next to it. Do not uncheck anything unless you have identified it as malware. If you can find the correct file in msconfig disable it, that will keep it from loading on startup.

Well, I know the processes that are causing trouble. When I end them, they just reappear in the list. I can do it over and over but get no healthy result.

Typical. Find them in msconfig. If they can't start to begin with, they won't do that.

Can't even find them in msconfig, they're not on the list. >_< Guess I'll have to try out that site you talked about, and see if they are malware.

If you can't find it there, maybe googling the adware will give you an idea of the directory or the name of the startup item. Then you can find that on the startup tab and go from there. Just be careful what ya disable in there. I've never had problems doing it but ya never know. I'd imagine if you clicked something you shouldn't you could probably fix it in safe mode but wouldn't want you to make the problem worse. Better safe than sorry and all that stuff. For some of the newer malware sometimes this is the only quick fix we have if the customer says no to a reformat. The malware is still on the machine but at least it's not fucnctional. <shrugs>

There's always some of the more advanced forums. Hijack this is a great tool but I've only used it a few times and am not that comfortable with it yet. They can do some impressive things with it nowadays.

I've even found the directory for them. It's

C:\Program Files\MMediaCodec

I found the processes in there. The site you gave me told me that they were a trojan/virus. 2 actually had an uninstall file. I used one and it worked. It uninstalled one of the annoying processes. When my PC restarted, I tried removing the other but it won't work. And the annoying icon is STILL there.

Odd thing is... they are no longer listed in the processes on the Task Manager. O_o

There must be another process going on bringing up the icon. It can get tedious going through every one but you might be stuck doing that. Have you tried throwing a potato at it?

Ok yeah.. that means I'm getting tired! Will check back in tomorrow evening. Glad you got some of it gone at least!

*edit - I don't know if I mentioned, reboot the computer after editing the startup items in msconfig for the changes to take effect. I think it prompts you and it's kind of implied, but.. yeah.

I started up in safe-mode, and the icon in my system tray was the ONLY friggin thing to load. I scanned with Spyware Doctor and AVG Anti-Virus, and neither found ANYTHING! I've even tried using Windows Malware Deleter(That's not the name I don't think).


I think I did everything right, but just in-case here's a screenshot of my computer in safe mode. And as you can see, the "virus icon" is still there. It's the question mark, but it changes to a yellow X inside of a blue circle.

I also added another error that AVG gave me after scanning. (I don't think it found anything. When I got back to my computer the scan was done and I saw those 2 errors at the top)

Sounds like it might be lodged in your system folder. Did you try this program? Update it after you install it and do a complete system scan.

http://www.ewido.net/en/download/

Also look in this folder and see if it's in there:

C:\Documents and Settings\All Users\Start Menu\Programs

Downloaded it, just used it and deleted over 350 infections. The icon is STILL there. -_-


Here's the report after scanning and removing.

Checked it... most of them are just tracking cookies from firefox. Open the program and go in "analysis" check the "processes", "connections" and "auto start". Check and see if that program shows up anywhere there.. If so go to the path and delete the folder. Terminate the process first. Post a screenshot if you can.

Do this with which program?

EDIT: Nevermind. I'm looking for funny looking processes and checking them at www.processlibrary.com

Sorry, use the same program AVG Anti-Spyware.

Ok, I checked all the processes and none are considered dangerous on www.processlibrary.com. Everyone said "Do not disable unless necessary" or something similar. This is my auto-start programs. I can't find anything out of the ordinary with them...

That looks clean. Did you look in your add/remove programs list in your control panel to see if there is anything weird isntalled?

Ok after some searching I think I found the problem! There's a manual and program baised way to remove it.

If your comfortable around your computer try the manual way as well just to make sure its gone. You have to go into your registry to remove them. Go to "start" then "run" and type "regedit" to access the registry. Read it over before you do any of the steps on the first link.

Here's a few links:

http://www.bleepingcomputer.com/forums/topic63896.html

http://www.google.ca/search?hl=en&safe...earch&meta=

Let me know how it goes.

Thanks alot for the help, man. Thank everyone who tried to help as well.


That last link you posted, I just found the link myself a few minutes ago. And guess what? It worked!

So, Irish, go here: http://www.bleepingcomputer.com/forums/topic63896.html

Happy I could help. After running all those other programs your computer is REALLY clean now! Great info for anyone else with the same problem.

Score!

I checked out that link... my word they had to do some work for that one!! Sorry I disappeared on ya, Zero, busy couple days. Nice find on the link ghostboy!