DelphiFAQ Home Search:

Red circle with white cross in taskbar tray - saying 'Your computer is infected'

 

comments70 comments. Current rating: 4 stars (13 votes). Leave comments and/ or rate it.
Belorussian Translation

Question:

My computer was infected a while ago with Spysheriff and I got rid of it. But I discovered a red circle with a white cross in my taskbar. When I move my mouse over it, it says 'Your computer is infected':


Answer:

This one is easy to get rid off.
  1. Open the task manager (press Control+Alt+Del)
  2. Select Processes and look for a process named 13242.exe or similar (a pattern of numbers) and kill this process.
    Look for a process named Archive.exe and kill it as well.
    Note that the name of this other program may be different in your case - a known other name is tool2.exe .

  3. Search your hard disk for the file name 13242.exe (or whatever number it may have been in your case). In my case this was in:
    \Documents and Settings\user1\Lokale Einstellungen\Temp
    Other users reported to have found these files in c:\Windows.

    As you can see in the screenshot, I found a LOT of executable files there, most of them the length 0. I could not delete those files until I had killed process 'Archive.exe'.

    The file archive.exe was entered as an auto-start in the registry here:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    I deleted the file Archive.exe from C:\Program Files\Archive:

     Directory of C:\Program Files\Archive
    
    11/24/2004  04:21p      <DIR>          .
    11/24/2004  04:21p      <DIR>          ..
    11/24/2004  04:21p             106,496 archive.exe
                   1 File(s)        106,496 bytes
                   2 Dir(s)   3,235,689,984 bytes free
    


Belorussian Translation
Content-type: text/html

Comments:

You are on page 3 of 5, other pages: 1 2 [3] 4 5
2006-07-06, 18:59:08
anonymous from United States  
i don't have any of these files and i have the 'your computer is Infected' I don't download??
2006-07-07, 15:20:07
anonymous from United Kingdom  
post up the names of the processes here
2006-07-13, 00:34:35
anonymous from United States  
I purchased Spyware Doctor, ran it, and all my troubles are gone!! It is $29.95 but worth every penny.
2006-07-23, 18:17:12
anonymous from United States  
rating
winstall.exe was my variant. After removing it from my task manager, I performed a simple search for the file 'winstall.exe' and came up with two files. I didn't know which one to delete so I highlighted both files and clicked on 'properties.' One file was created a very long time ago but the other file was created the same day that I was attacked by the spyware. I deleted that file and now my computer is back to normal.

A thousand thanks!
2006-07-30, 23:43:22
anonymous from United States  
rating
use this site http://www.spywared..y-sheriff/ it found mine and i got that damn annoying thing off
2006-08-10, 12:59:17
anonymous from Peru  
In my computer the file was called AOEOSCU.EXE
2006-08-13, 05:13:14
budapest from Hungary  
Thank you, winstall.exe was the issue for me. Does anyone know why products like Norton don't protect against this?
2006-08-15, 13:00:30
anonymous from United Kingdom  
hello can you help me please i cant find any of those archive or 13242.exe so can you tel me what to do??
2006-08-21, 02:12:43
anonymous from Hong Kong  
I am using win me and i gone to some adult site and there i got this virus Spysheriff and i got this Red circle with white cross in taskbar tray ca9396ef.exe.i already rid of that spysheriff but i couldn't delete that red circle,as u mention delete the file with numbers,so i deleted but the file keeps coming back,what should i do,pls help,thanks.
2006-09-02, 07:09:22
anonymous from United States  
the latest avg antivirus and windows defender removed it for us norton does not catch half of the viruses avg is the best there is a free version but you have to search for it get it from only the grisoft web site
2006-09-12, 17:36:52
anonymous from Australia  
i saw one that was xpupdate.exe as well
2006-09-12, 23:07:32
anonymous from United States  
my version was in the C;/Program Files as a folder named 'Pest Trap'
2006-09-14, 20:56:34
anonymous from United States  
To get rid of the annoying red circle with the white X:
Select run type in MSCONFIG. Go to startup. Find wistall.exe and delete the X from the box.
Wistall is the cause of the spyware FALSE information.
All will be well.
2006-10-05, 07:15:17
anonymous from United States  
Go to the following website and follow instructions. It might actually take 2 or 3 tries to complete removal as well as manually removing winstall, bikini and n. Good luck.

http://greatis.com/..l_gviz.htm
2006-10-10, 06:24:49
anonymous from Ireland  
showed as xpupdate.exe here, thanks for all the info - finally killed it
You are on page 3 of 5, other pages: 1 2 [3] 4 5

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: