DelphiFAQ Home Search:

Red circle with white cross in taskbar tray - saying 'Your computer is infected'

 

comments72 comments. Current rating: 4 stars (13 votes). Leave comments and/ or rate it.
Belorussian Translation

Question:

My computer was infected a while ago with Spysheriff and I got rid of it. But I discovered a red circle with a white cross in my taskbar. When I move my mouse over it, it says 'Your computer is infected':


Answer:

This one is easy to get rid off.
  1. Open the task manager (press Control+Alt+Del)
  2. Select Processes and look for a process named 13242.exe or similar (a pattern of numbers) and kill this process.
    Look for a process named Archive.exe and kill it as well.
    Note that the name of this other program may be different in your case - a known other name is tool2.exe .

  3. Search your hard disk for the file name 13242.exe (or whatever number it may have been in your case). In my case this was in:
    \Documents and Settings\user1\Lokale Einstellungen\Temp
    Other users reported to have found these files in c:\Windows.

    As you can see in the screenshot, I found a LOT of executable files there, most of them the length 0. I could not delete those files until I had killed process 'Archive.exe'.

    The file archive.exe was entered as an auto-start in the registry here:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    I deleted the file Archive.exe from C:\Program Files\Archive:

     Directory of C:\Program Files\Archive
    
    11/24/2004  04:21p      <DIR>          .
    11/24/2004  04:21p      <DIR>          ..
    11/24/2004  04:21p             106,496 archive.exe
                   1 File(s)        106,496 bytes
                   2 Dir(s)   3,235,689,984 bytes free
    


Belorussian Translation
Content-type: text/html

Comments:

You are on page 5 of 5, other pages: 1 2 3 4 [5]
2008-03-11, 01:01:26
anonymous  
first of all you install firewall avg security centre and when red x will appear you need to click on ballone showing your computer is infected windows has dected spyware so firewall will show you the file name.exe you need to stop the process form task manager if it wont run windows in safe mode and delete filename.exe from c:\windows\system32 and delete the entry fr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersiosion\Run
i hope this will help you and i have gone through this process and get rid against it

Cheers
Asif email:asifiqbal786@gmail.com


Keywords:
2008-08-18, 09:32:06
from United States  
All,

I got the same issue yesterday and fought it for about 2 hours with all the suggestions of this form, to no avail. Finally it struck me that I should just try my system restore settings. Luckily I did have the configuration set up to create a restore point every couple of days. I selected the last system restore point, rebooted and no virus anymore.

-Sean
2008-10-14, 02:59:49
anonymous from Australia  
rating
I LOVE YOU SO MUCH :D i was piss farting around with this thing for like 4-5 hours freaking out then i came to this thread it it explained everything ! ill restart my pc and come back and tell u the results, but so far so good thank you!
2008-11-03, 20:17:28
anonymous from United States  
I had this problem as well, but the file/process that was causing it was brastk.exe. I killed the whole process tree, then searched the computer for the file and deleted it. Once i killed the process, the red circle on my vptray stopped popping up, and deleting the file seems to have taken care of it.
2009-01-01, 10:46:48
anonymous  
I SOLVED IT AND IT'S EASY!!!!

Okay
as hard as you think it is
it is very Easy to get rid of the fuckin thing designed by an asshole

gogle - unlocker
download it
what it does is allows you to delete files which say - Acces is denied or give other message and dont let you delete it!
run the setup and everything.

That thing is actually a malware in disguise of an anti-spyware.
it gives a message your computer isn't safe.
then there is a button on it's window - recommended programs
it actually leads you to a site which autmatically downloads stuff on your computer without your permission (i dont know what kinda stuff - may be viruses may be adult stuff)

What you need to do is this -
Go to c drive then program files

find this file - malware remover
delete it. it wont delte. it will give a message acces denied. use unlocker.
unlocker wont be able to delete it but will give an option - delete it on next reboot. choose that and restart your computer
and that fuckin thing will be gone! SWISH!
i got rid of it that way
unlocker never fails to delete any such thing! but this almost beat unlocker!
anyways, hope i helped!
2009-01-02, 12:27:20
anonymous from United States  
i simply just went to the task manager and then to the tab processes. One said malwareremoval. So i ended it and the flashing icon went away. Then i searched for maleware removal.exe and deleted every file.
2009-02-10, 15:56:50
anonymous from Ireland  
Came across the same problem. Identified the programs as the ones that would not delete out of my temp files in C:\Documents and Settings\Name\Local Settings\Temp. They were perce.jpg and systeminit.exe .......
Disabled in windows task manager and deleted from hard drive. HEY Presto evil red circle gone!

Cheers for posting this :-)

2009-02-26, 12:39:45
pratheesh.v1@gmail.com from United Arab Emirates  
Just have to download and install 'Microsoft Windows Defender' and run the programme..it will delete the spyware..Worked perfectly for me...
2009-05-04, 15:37:13
anonymous from United States  
What is tovebogi? I keep seeing an error message upon startup that says RUNDLL 32/tovebogi module cannot be found?
2009-09-02, 18:34:35
anonymous from United States  
malwarebytes load it, run it. Problem solved. It's free.
2013-02-07, 11:52:18
anonymous from United States  
Hello,
Glad to met you,hope to come with you at a later time


Anthony Phelps
(773)-226-3536
2017-07-22, 15:59:34
anonymous from Indonesia  
Ass,,,Saya Ibu Fatimah Di Singapore - Saya Mengutarakan Kalau Saya Menang Togel Lagi,Itu Atas Bantuan NYAI RONGGENG Terimah Kasih Banyak Yaa NYAI YAng Telah Memberikan Angka Jitu Nya Kepada Saya Yaitu 6053 Dan Alhamdulillah Berhasil,Berkat Bantuan NYAI Saya Sudah Bisa Membahagiakan Kedua Orang Tua Saya,Bahkan Semua Hutang-Hutang Saya Bersama Hutan Kedua Orang Tua Saya Semuanya Pada Lunas Dan Bahkan Saya Juga Sudah Bisa Membuka Usaha Kecil-Kecilan,Bagi Anda Yg Ingin Seperti Saya Silahkan Hub Nomor NYAI RONGGENG Di : 0821 8948 1547,,Karena Cuma Angka Ghoib NYAI RONGGENG Saja Yg Memberikan Bukti YAng Lain Maa Cuma Menghabiskan Uang Saja,Nomor Ritual NYAI RONGGENG Memang Selalu Tepat Dan TerBukti.;';';';';'
You are on page 5 of 5, other pages: 1 2 3 4 [5]

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: