Jump to content

Weird icon occasionally appearing on toolbar, but scan shows no infection


Recommended Posts

A couple of times in the last few days, a strange icon has appeared on my toolbar. I don't know what it is that triggers it to show up. I'm posting an image here to see if anyone recognizes it and can tell me what it augers!

 

It's the little black and white icon (looks like a malevolent Lego) between the Firefox and the McAfee icons bottom right. Although it has an X in the upper right corner, clicking it does nothing. I can close the browser and it will go away for a while, but eventually returns. I've run a quick Malwarebytes scan, which shows nothing. I'm also attaching the logs from running dds.scr

 

One of your Forum Community Managers has looked at the logs and doesn't see anything amiss (https://forums.malwarebytes.org/index.php?showtopic=134855#entry741822). The only thing I've noticed since this icon began to appear is that occasionally the browser will stall momentarily and eventually a pop-up window will appear with a message that some script has stopped running and would I like to wait for it or cancel. I cancel and things go back to operating normally.

 

Any ideas for me? Thanks!

 

 

post-67089-0-23469400-1381772520_thumb.j

dds.txt

attach.txt

Link to post
Share on other sites

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin

Link to post
Share on other sites

Here's the report - I don't know what I should uncheck to keep it from cleaning, so I'd appreciate your advice:

 

# AdwCleaner v3.007 - Report created 14/10/2013 at 13:18:35
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Diana Britt - DIANABRITT-PC
# Running from : C:\Users\Diana Britt\Desktop\Virus scan stuff\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k8k9okah.default\.autoreg

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Diana Britt\AppData\Roaming\Mozilla\Firefox\Profiles\nceht235.default\prefs.js ]


[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k8k9okah.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1095 octets] - [14/10/2013 13:18:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1155 octets] ##########
 

Link to post
Share on other sites

Logfile follows - will post Security Check results in next post

:

# AdwCleaner v3.007 - Report created 14/10/2013 at 13:40:04
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Diana Britt - DIANABRITT-PC
# Running from : C:\Users\Diana Britt\Desktop\Virus scan stuff\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k8k9okah.default\.autoreg

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Diana Britt\AppData\Roaming\Mozilla\Firefox\Profiles\nceht235.default\prefs.js ]


[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k8k9okah.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1235 octets] - [14/10/2013 13:18:35]
AdwCleaner[s0].txt - [1164 octets] - [14/10/2013 13:40:04]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1224 octets] ##########
 

Link to post
Share on other sites

Security Check opineth thus:

 

 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
 Mozilla Thunderbird (24.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Diana Britt Desktop Virus scan stuff SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

When you`ve updated Java and made sure the old version is gone re-boot your PC. Has the strange icon gone from the Taskbar?

Link to post
Share on other sites

Thank you! I've uninstalled version 25 and updated to the new - interestingly the Java site wasn't able to verify if I had Java, either before the uninstall or after the reinstall. I seem to recall this from the last time I tried to use that feature - maybe my firewall blocks the function? Anyway, the Lego has not reappeared so far, but I will keep you posted.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Yes, the weird icon appeared on the toolbar again shortly after the thread was closed. I'm not sure what else to do. I have a script-blocker, NoScript, and since the icon appears after the browser stalls and gives a "script on the page has stopped running" message, I've also posted in their forum. Any other thoughts?

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.