Red circle with white cross in taskbar tray - saying 'Your computer is infected'

70 comments. Current rating: (13 votes). Leave comments and/ or rate it.

Question:

Answer:

1. Open the task manager (press Control+Alt+Del)
2. Select Processes and look for a process named 13242.exe or similar (a pattern of numbers) and kill this process.
   Look for a process named Archive.exe and kill it as well.
   Note that the name of this other program may be different in your case - a known other name is tool2.exe .
   

   

3. Search your hard disk for the file name 13242.exe (or whatever number it may have been in your case). In my case this was in:
   \Documents and Settings\user1\Lokale Einstellungen\Temp
   Other users reported to have found these files in c:\Windows.

   

   As you can see in the screenshot, I found a LOT of executable files there, most of them the length 0. I could not delete those files until I had killed process 'Archive.exe'.

   The file archive.exe was entered as an auto-start in the registry here:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

   I deleted the file Archive.exe from C:\Program Files\Archive:
   

    Directory of C:\Program Files\Archive
   
   11/24/2004  04:21p      <DIR>          .
   11/24/2004  04:21p      <DIR>          ..
   11/24/2004  04:21p             106,496 archive.exe
                  1 File(s)        106,496 bytes
                  2 Dir(s)   3,235,689,984 bytes free
   

Comments:

You are on page 3 of 5, other pages: 1 2 [3] 4 5

2006-07-06, 18:59:08

anonymous from United States

i don't have any of these files and i have the 'your computer is Infected' I don't download??

2006-07-07, 15:20:07

anonymous from United Kingdom

post up the names of the processes here

2006-07-13, 00:34:35

anonymous from United States

I purchased Spyware Doctor, ran it, and all my troubles are gone!! It is $29.95 but worth every penny.

2006-07-23, 18:17:12

anonymous from United States

winstall.exe was my variant. After removing it from my task manager, I performed a simple search for the file 'winstall.exe' and came up with two files. I didn't know which one to delete so I highlighted both files and clicked on 'properties.' One file was created a very long time ago but the other file was created the same day that I was attacked by the spyware. I deleted that file and now my computer is back to normal. A thousand thanks!

2006-07-30, 23:43:22

anonymous from United States

use this site http://www.spywared..y-sheriff/ it found mine and i got that damn annoying thing off

2006-08-10, 12:59:17

anonymous from Peru

In my computer the file was called AOEOSCU.EXE

2006-08-13, 05:13:14

budapest from Hungary

Thank you, winstall.exe was the issue for me. Does anyone know why products like Norton don't protect against this?

2006-08-15, 13:00:30

anonymous from United Kingdom

hello can you help me please i cant find any of those archive or 13242.exe so can you tel me what to do??

2006-08-21, 02:12:43

anonymous from Hong Kong

I am using win me and i gone to some adult site and there i got this virus Spysheriff and i got this Red circle with white cross in taskbar tray ca9396ef.exe.i already rid of that spysheriff but i couldn't delete that red circle,as u mention delete the file with numbers,so i deleted but the file keeps coming back,what should i do,pls help,thanks.

2006-09-02, 07:09:22

anonymous from United States

the latest avg antivirus and windows defender removed it for us norton does not catch half of the viruses avg is the best there is a free version but you have to search for it get it from only the grisoft web site

2006-09-12, 17:36:52

anonymous from Australia

i saw one that was xpupdate.exe as well

2006-09-12, 23:07:32

anonymous from United States

my version was in the C;/Program Files as a folder named 'Pest Trap'

2006-09-14, 20:56:34

anonymous from United States

To get rid of the annoying red circle with the white X: Select run type in MSCONFIG. Go to startup. Find wistall.exe and delete the X from the box. Wistall is the cause of the spyware FALSE information. All will be well.

2006-10-05, 07:15:17

anonymous from United States

Go to the following website and follow instructions. It might actually take 2 or 3 tries to complete removal as well as manually removing winstall, bikini and n. Good luck. http://greatis.com/..l_gviz.htm

2006-10-10, 06:24:49

anonymous from Ireland

showed as xpupdate.exe here, thanks for all the info - finally killed it

You are on page 3 of 5, other pages: 1 2 [3] 4 5

NEW: Optional: Register   Login Email address (not necessary): Rate as Off-topic Very Helpful Helpful Ok article Not useful Very bad	Hide my email when showing my comment. Please notify me once a day about new comments on this topic. Please provide a valid email address if you select this option, or post under a registered account.
	Show city and country Show country only Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:
Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity. The owner of this web site reserves the right to delete such material. Add a picture: