Jump to content

I think it's malware but...


Recommended Posts

For over 10 years now I've been trying to remove this - permanently - from my computer. But however many times I remove it, it always comes back.

I've tried 'em all: McAfee hosed my system in '86 - never again; AVG's a joke; Nod doesn't recognize it; Spybot S&D, Uniblue and others are really good at removing cookies I want to keep; Norton - well, can't afford 256GB RAM to run it; Symantec Endpoint protection - useless; Trend makes my system crawl; MSE catches nasties only after others' get there first. I'm at the end of my tether. I just don't know what to do?

I'm certainly the first to admit my lack of thoroughness in not using Kaspersky or Norman which I hear are, like most others, "the best". Are they?

It seems that every 3 weeks or so over the last decade I get this unrequited and undesired square shaped red thing on my desktop. I'm afraid to click it in case it either bogs down my system or introduces vulnerabilities. So, I just delete it and then delete it from Recycle. After those procedures my system runs fine but, again, after three weeks or so it always re-appears. I really don't want it there. What can I do?

I've tried MBAM, I've tried Combofix, I've tried the MaryJane site and HiJack this, CWShredder and all the rest. Alas - to no avail.

Any help would be really appreciated on this one please...

It's a rich red garnet/ruby type of color and square in shape. It also appears to bring along a friend of late (maybe the last 2 years or so) - which I also don't want as it really looks suspicious. The square shaped friend is kind of a coconut white/grey color - and I really really think this installs unrequited, money-grabbing software on my system.

Can you help me please? The only real clue that I can give you is that both of these unrequited aesthetic disturbances both begin with the same name...

something about "Adobe...." Reader and Air I think - didn't pay attention. Maybe I should!!!

Link to post
Share on other sites

Screenshot? :)

Screenshot! Funny you should mention that. I just looked on my half dozen or so home computers - even my 4 year old daughter's laptop. Couldn't find it! (You don't think it's "network aware" do you?). I then remotely logged on to a couple of my enterprise clients Terminal Servers - Couldn't find it there either. I'm flummoxed :)

Sorry, no screen shot available here - yet. Not from lack of trying tho'! Never mind, I'm sure it'll be back in a couple of days. Sure!

Hang tough and I'll be able to give more accurate and precise info. soon :blink:

Link to post
Share on other sites

MSE catches nasties only after others' get there first.

Not from my point of view - MSE has always been the first to catch them and a few others will agree with that -

I run SUPERAntiSpyware as a quick backup - There may also be an overload of tracking cookies if you have not removed them -

(Live link in my signature) -

Link to post
Share on other sites

Not from my point of view - MSE has always been the first to catch them and a few others will agree with that -

I run SUPERAntiSpyware as a quick backup - There may also be an overload of tracking cookies if you have not removed them -

(Live link in my signature) -

I am pleased that your experience with MSE has been entirely - positive.

Further, I apologize that my intentionally exaggerated comments above - written only to solicit response - offended your perception of MSE.

You can be sure that I will probably not be running SAS - altho' I thank you for the well intentioned advice. Do you think it will solve my "Red Square" problem?

In the words of Kurt Vonnegut Jr. "may the lies we live by make us strong, healthy, happy and wise"

Link to post
Share on other sites

Hello Kernel Krumpet: Have you ever sought an Expert's opinion, that is readily available in this thread I'm infected - What do I do now?

Ah. I do respect Advanced Setup indeed - always ready to keep me "balanced". And, although it's been a while since I read the article you link to I remember it well now that you've refreshed my jaded memory.

Perhaps I should try that for my "Red Square" issue? Thank you for your direction.

I know there must be a solution out there somewhere...

Link to post
Share on other sites

Do you think you can find an image on the web that matches your description? Be careful though, you don't want to get infected, so if you don't feel comfortable doing this by all means don't do it.

This is Adobe's website if you think it's related:

http://www.adobe.com/

Link to post
Share on other sites

@ Kernel K,

To help all of us to get a better understanding of what the "system" is and what the "square red" thing may be:

1) What Windows version / edition is this? (in case someone needs to give more targeted advice)

2) Is ESET AV installed and up-to-date on this system? or other AV app.... which ?

3) Have you scanned system with MBAM and your AV and what were the results ?

To get a better clue on the name & properties of this square shaped red thing

Use My Computer {Windows Explorer} to view contents of your Desktop folder

what does it show for this "thing"? date/stamp -- file size --- name

You can also do a Right-click on that icon, then select Properties

get the file name and other details

The Shortcut Tab will provide the folder name and name of the thing

Is it just a link? or an EXE ?

General inquiry: Are there more than one user that use this system? anyone do random surfing? visit "social network sites"? like Facebook.

P.S. You mentioned using Combofix at top of thread. Using it on your own is quite risky. The tool is intended only for use with trained expert guidance.

Link to post
Share on other sites

Ah. It's back again. I knew it would return soon.

Finally I am able to get a screen shot of these unrequited and unwelcome guests in the all users desktop folder.

redsquare.jpg

shall I just delete them again? Do you think they'll be back? I've never seen such a relentless icon as this....

Thanks for all your help!

============================================

On a way more SERIOUS note, just in case others' had the same problem as above and attempted to solve it by downloading the "free" PDFCreator, please please please make sure you do not have the - bundled with - PDFForge toolbar installed (Control Panel - Remove Programs). This really is an insidious piece of work; fairly well documented on the web and, I'm sure, an embarassment to the SourceForge community.

Last week I had to remove this from 5 client PC's and MBAM (free download x4 - paid for x1) had not tagged it as malicious. I'm not complaining about that as Sym. Endpoint Prot. - a corp. standard - had been living with the naughty PDFForge toolbar for about 2 years!!

Curious about whether the PDFForge toolbar (in MBAM's view) is "overlooked", "judged innocent" or "not enough hours a day" or, "first time heard about it" or other?

Link to post
Share on other sites

This is really weird... the first looks almost like shortcut to Adobe Reader... and the second looks almost like I think Adobe Acrobat.

My Adobe Reader shortcut looks like the attached picture. The top image is when it's in the shortcut folder I made for all my shortcuts, the bottom picture is when I drag the icon to the desktop.

Do you have Adobe Reader or Acrobat installed?

Also the words under the icons look cut off... click on the icon if you can (just a single click, you don't need to double click), and does it say anything other than Shortcut to ?

Also please answer any questions that Maurice asked if you haven't already so that if anyone else has any ideas they can help you better.

post-13640-1283619326_thumb.jpg

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.