|
Post by thedomicron on Mar 26, 2007 16:50:51 GMT
ok so i got some malware on my computer, spylocked to be specific, and went through the steps to remove it. adaware, spybot, spywareblaster, then i rebooted into safe mode and went w/ the smitfraudfix that's suggested to fix it.
but there's still a flashing system tray icon that won't go away. google turned up a related forum post somewhere about a corrupt dll file, but i can't find it on my computer. any ideas on how to search for corrupt dlls or other fies which i can delete to get rid of this obnoxious icon?
thanks
|
|
|
Post by bort on Mar 26, 2007 16:59:25 GMT
Assuming you're using Windows XP (or possibly NT):
If you've got something in your system tray, i'd try CTRL ALT DEL to load task manager then click the processes tab and try and suss out which process is your malicious flashing tray icon. I'd probably use google to run a search on each Image Name i didn't recognize to see what belongs to windows and what doesn't. Once you've found the perpetrator by the process of elimination, end the process and wave your cursor over the system tray to make sure it refreshes (the icon might remain otherwise). If that all works, you'll know the filename of the obnoxious program.
Next step is to stop it from reloading when you next boot up. Go Start > Run then type "msconfig" (minus the quotes) and run it. Try and find the filename of the program under the Services or Startup tab and untick the box.
There's also the unlikely possibility that there's a shortcut to the file in the Startup folder on your startmenu... worth checking just in case.
|
|
|
Post by thedomicron on Mar 26, 2007 17:02:37 GMT
unfortunately i run win2k, so no msconfig. i WILL try the process of elimination bit though. using google, thanks
|
|
|
Post by bort on Mar 26, 2007 17:07:51 GMT
Running services.msc from the Run part of start menu will give you another way to access Services (and set options for disable/enable, stop/start etc)... ...No idea if that's available in 2k; might be.
As for the Startup section of msconfig, i think it accesses either the registry or some ini file (probably the former). Might be worth looking that up on google. (You can access your Registry in 2k, right?)
|
|
|
Post by Ironfang on Mar 26, 2007 17:42:07 GMT
A better alternative to MSCONFIG is Hijackthis type that in google. I usuallly type "Hijack This MG" and this will usually put the "MajorGeeks.com" links to the file at the top.
There are also lots of forums where you can post the log of your Hijack This file to be anaylzed by uber geeks.
|
|
|
Post by gruntgruntson on Mar 26, 2007 19:20:07 GMT
It is possible to download a copy of the msconfig.exe from somewhere. Can't remember best place off-hand, but Google knows. msconfig is a good tool to use alongside ad-aware, spybotS&D and HijackThis. Boot in Safe Mode (by tapping F8 as PC boots), run msconfig, and remove pretty much everything apart from anti-virus,firewall. Reboot to safemode, clean up with hijackthis, ad-aware, spybot.
|
|
|
Post by illandous on Mar 26, 2007 19:49:21 GMT
I would go the HiJack this route myself. I like it a bit better than MSConfig.
But then agian. I'm an Uber Geek.
|
|
|
Post by hiryuu on Mar 27, 2007 2:37:24 GMT
HiJack is pretty reliable. MS Config was fine for its time, but SysInternals AutoRuns gives you a better look at what launches and where it comes from.
|
|
|
Post by thedomicron on Mar 27, 2007 2:42:03 GMT
i used hijack this and the logs turned up safe processes.
i'm stumped, probably format/reinstall next weekend, or the weekend after when i have some time
|
|