DelphiFAQ Home Search:

Red circle with white cross in taskbar tray - saying 'Your computer is infected'

 

comments72 comments. Current rating: 4 stars (13 votes). Leave comments and/ or rate it.
Belorussian Translation

Question:

My computer was infected a while ago with Spysheriff and I got rid of it. But I discovered a red circle with a white cross in my taskbar. When I move my mouse over it, it says 'Your computer is infected':


Answer:

This one is easy to get rid off.
  1. Open the task manager (press Control+Alt+Del)
  2. Select Processes and look for a process named 13242.exe or similar (a pattern of numbers) and kill this process.
    Look for a process named Archive.exe and kill it as well.
    Note that the name of this other program may be different in your case - a known other name is tool2.exe .

  3. Search your hard disk for the file name 13242.exe (or whatever number it may have been in your case). In my case this was in:
    \Documents and Settings\user1\Lokale Einstellungen\Temp
    Other users reported to have found these files in c:\Windows.

    As you can see in the screenshot, I found a LOT of executable files there, most of them the length 0. I could not delete those files until I had killed process 'Archive.exe'.

    The file archive.exe was entered as an auto-start in the registry here:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    I deleted the file Archive.exe from C:\Program Files\Archive:

     Directory of C:\Program Files\Archive
    
    11/24/2004  04:21p      <DIR>          .
    11/24/2004  04:21p      <DIR>          ..
    11/24/2004  04:21p             106,496 archive.exe
                   1 File(s)        106,496 bytes
                   2 Dir(s)   3,235,689,984 bytes free
    


Belorussian Translation

Comments:

You are on page 2 of 5, other pages: 1 [2] 3 4 5
2006-02-18, 03:00:27
Jappie from Netherlands  
I had a variant: 2 files in my root dir:

njc.exe
winstall.exe

winstall.exe was also in the registry (can be removed with regedit, search and remove).

Hope it's useful! Greetz Jappie
2006-02-20, 04:41:10
anonymous from United States  
HELP !!!! I've got spysheriff on my computer (not the one I am on currently) but I cant get to the task manager in XP to try to get rid of it !! anyone please help
2006-02-24, 08:59:56
anonymous  
Thanks for the help
2006-03-01, 17:39:12
anonymous from United States  
I'm having the problem with the red circle and white x but when I try to open task manager I get the message that it was disabled by the administrator.
What do I do now?
2006-03-02, 14:00:03
anonymous from United States  
I had a variant. it said weather.exe when nothing was runnng a weather program. You can delete it in the task manager and the registry.
2006-03-25, 16:40:42
anonymous from United Kingdom  
rating
got the same problem and then some, i have tool2.exe but i cant figure out which one is the other, the other possible ones are:
paytime.exe
ati2evxx.exe
mmqoa.exe
mmqol.exe
mmqom.exe
msmsn8.exe(i dont have msn installed)
newfrn.exe
whsurvey.exe
winis32.exe

2006-04-08, 18:32:40
anonymous from United States  
to enable task manager
regedit
Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
Name: DisableTaskMgr
Type: REG_DWORD
Value: 1=Enablethis key, that is DISABLE TaskManager
Value: 0=Disablethis key, that is Don't Disable, Enable TaskManager

hope it helps
2006-04-17, 02:59:48
anonymous from United Kingdom  
I went in task manager as suggested and non of the processes could be seen, and furhter suggestions on how to get rid of this unwanted program would be welcome, I'm no computer expert could any one give me some advice.
2006-05-31, 16:35:33
anonymous from Mexico  
I had an adware that infected my computer, I kill it with Spyware Doctor, and it really worked, but it left a red circle with a white cross in the system tray, when Windows starts there is a message saying, 'Windows detected spyware click here to get rid of it' if I click it, it installs Trust Cleaner, which does not makes a difference because you have to buy it. Either way Im certain I dont have any adware or spyware but that of the white cross. I cannot get rid of it, I have Windows XP Professional in the task mangaer I dont does not appear processes how do I get rid of it?
2006-06-01, 15:11:03
anonymous from Canada  
rating
like many others, i could not find the specified files you mentionned.
2006-06-01, 17:26:39
bix_131@hotmail.co.uk from United Kingdom  
rating
BTW if u cany find it in procceses as tool2 etc. etc.

try..

n.exe,
mmqol.exe,
154653.exe.
2006-06-16, 12:22:27
anonymous from Mexico  
rating
Firs of All THANKS!!! Because your opinions help me to find the solution to this problem, Only that the name of the file that it was cousing me troubles was WINSTALL.EXE

┬┐What did I Do! I got it running and the annoying red circle appears, so I stopped it from the task manager and deleted it.. and that was all


THANKS again
2006-06-21, 11:47:24
anonymous from United Kingdom  
Hi there,
Just reading what was written here as I have the same problem, but I had two of the things. I stopped them in task manager (thanks for letting me know how to start it again as these things had stopped task manager). I these security deleted the .exe for both of them. Then went into msconfig and stopped them from starting and guess what? Rebooted and one of them came back. In my task manager one of them was called xpupdater.
2006-06-21, 18:09:36
anonymous from United Kingdom  
i cnt rid of the stupid c:\secure32.html thing i tryed deleting it from ie options i tryed ssytme re store i tryed deleting it from local c i even emthy the rubish bin to stoop it its still thee its pisin em of because as an online gamer it sned ing my conncetion to new levels help please
2006-06-21, 22:55:59
anonymous from Malaysia  
thanks dudes. my variant exe was bikini.exe
it just suddenly appear in my system tray and i wasnt even searching for you know what.
You are on page 2 of 5, other pages: 1 [2] 3 4 5

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: