Sneaky little bugger!
 

It seems I've been infected with an obnoxious little vermin. Not sure exactly how I picked it up, in that I haven't been to any sites that I hadn't used many times before.

The remaining artifact is a persistent bubble that pops up from the system tray saying:

System Alert!
System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution.

Yeah. right! I may have been born at night, but I wasn't born last night!

Of course at the same time, Internet Explorer had become the lucky recipient of a half dozen new "security" plug-ins. I have, of course, eliminated the unwanted plug-ins, but the system tray vermin persists.

Here's what I've done:

- run adaware twice, second run completely clean
- run AVG twice, both runs clean
- run security task manager twice, first time eliminated plug-ins, second run clean
- run HijackThis!, which also looks pretty clean (logfile below)

If these tools can't squish it, then it's beyond my ability. Any help would be appreciated. Thanks in advance.

Burnsy

Logfile of HijackThis v1.99.1
Scan saved at 1:35:23 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\packages\VerminTools\JackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\John\Application Data\Mozilla\Profiles\default\sh27cbaj.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\John\Application Data\Mozilla\Profiles\default\sh27cbaj.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9obg\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Re: Sneaky little bugger!
 

Please show me a screenhot of your add/remove programs window

Re: Sneaky little bugger!
 

An interesting request... when I started pulling this together it struck me that there was something a little personal about revealing what software you actually use. No worries though, I don't really have any secrets in my personal life...

As for installed packages that might be likely culprits, I think it's unlikely. I checked with my teenage daughter (the only other user of this system) and we're certain that nothing has been INTENTIONALLY installed in the last month. Furthermore, after scanning the list, I don't see anything I don't recognize.

(Let me also point out I'm a fairly technical person... I've designed, developed and maintained hundreds of thousands of lines of code including past work on OS internals for IBM, HP, Sun, NCR, Microsoft, etc... as well as having written over a dozen mutli-tasking operating systems and aided in the development numerous custom computers and ASICs... The only reason I point this out is to boost your confidence that I'm more proficient at checking the "likely suspects" than the average user.)

Still, in order to eliminate this as a suspect, I've provided the list of installed packages on my system below. Alas, no two or three screenshots can capture the list, so it was simpler just to type them in... I've tried to reproduce it as faithfully as possible. Thanks for the help.



2Wire Wireless Client
AccessDirect
Actiontec MD56ORD V92 MDC Modem
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe SVG Viewer
ALPS Touch Pad Driver
AVG Anti-Spyware 7.5
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker
CCleaner (remove only)
Dell | Support
Dell Picture Studio - Dell Image Expert
Easy CD Creator 5 Basic
eTools
FSHED
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hp deskjet 5550 series (remove only)
HP PrecisionScan
InterActual Player
InterVideo WinDVD
iTunes
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
Macromedia Dreamweaver 4
Macromedia Extension Manager
Macromedia Fireworks 4
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft FrontPage 2002
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office XP Professional
Microsoft Picture It! Photo 2002
Microsoft Project Professional 2002
Microsoft Publisher 2002
Microsoft SQL Server 2005
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visio Professional 2002 SR-1 [English]
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual Keyboard
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSXML 6.0 Parser
MUSICMATCH Jukebox
Netscape (7.0)
Neverwinter Nights
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
QuickTime
Qwest QuickCare
Qwest QuickNetworking
RealPlayer
Security Task Manager 1.7
Shockwave
Sierra Utilities
SmartFTP
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SPSS 11.0 for Windows
The Sims 2
TrueMobile 1150 Client Manager
Ultimate Mahjongg 5
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Safety Alert
Windows XP Service Pack 2

Re: Sneaky little bugger!
 

Duh. You wanted screenshots so that you could make sure I wasn't intentionally omitting something... I'm slow sometimes but give me enough time and I'll come around. I actually got it to fit in three screenshots. I'll try to attach them (the last time I tried this I was unsuccessful) as JPG files. Hope this helps. Thanks again.

Re: Sneaky little bugger!
 

Windows Safety Alert is the malware.

Its malware which pretends to be windows defender to trick you into installing it. Remove it.

Read this thread here:

http://help.lockergnome.com/windows/...ict561512.html

Re: Sneaky little bugger!
 

are you seeing a little "no-smoking" red circle with a slash in the taskbar with the message?

Re: Sneaky little bugger!
 

jbennet,

that was it... SmitFraudFIX did the job... trivial fix.
My sincerest thanks.

steosaur,

the icon in the tray was not a no smoking symbol, but one flashing between a blue circle with a question mark and a red circle with an X


Thanks again everyone for all the help.