Jump to content

antispyware xp still listed in task bar>customize


Recommended Posts

I got an AntiSpyware XP Alert infection (there was no 2009 or 2010) last night; finally able to run free Malwarebytes' AntiMalware and get items removed. I never clicked on any of the alerts; all I did was right click and close. This morning I purchased protection, ran another full scan which shows clean (same as last night), but I see there is "antispyware xp" still listed in the customize area of the task bar. Do I need to do anything else to ensure this laptop is safe?

I apologize for being ignorant, and thank you for your help.

Link to post
Share on other sites

Hello louanna27, and welcome to Malwarebytes.org

If you would like an expert to make sure that the malware has been completely removed, please print out, read and follow the directions here:

http://www.malwarebytes.org/forums/index.php?showtopic=9573

Try to complete all the steps, but you can skip any steps you are unable to complete. Then post a NEW topic here:

http://www.malwarebytes.org/forums/index.php?showforum=7

If your computer is un-bootable and you cannot run any of the steps, just post a description of the problems you are having there.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

If the icon is there in color as it was, then follow marktreg instructions as the infection is still there. If the color is out of it simply right click and delete it.

I truly do not know enough to follow marktreg's instructions.

There is no icon per se; it is the little cord & plug figure (like with the 'one AC power') with the words "antispyware xp" and then the three options of hide when inactive, always hide, always show. I am getting to it by right clicking taskbar, click properties, taskbar tab, and under notifications then click customize.

This is the log that was produced last night after infection:

Malwarebytes' Anti-Malware 1.44

Database version: 3922

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/28/2010 12:05:31 AM

mbam-log-2010-03-28 (00-05-19).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 229959

Time elapsed: 52 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 7

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\jcb.PC272393594253\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\jcb.PC272393594253\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\jcb.PC272393594253\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Two subsequent full scans since the items being quarantined have produced clean results. A full scan with free AVG 9 is clean now also after having removed to the virus vault 1) virus Exploit 2)trojan horse generic AFAC 2)trojan horse generic 17 AFAC. Webroot SpySweeper is clean also.

Thank you.

Link to post
Share on other sites

This is your only other option , as described by marktreg if you think you still have an infection -

If you have run a Full Scan with Malwarebytes and it is clear then you May have removed the problems -

We don't work on Malware removal or diagnostics in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Thank You - :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.