Hi there...
PLease help,
I have a machine that is infected malware calleng itself "Windows XP Security Center". It runs as an icon on the systam tray that continuosly pops up a message, that tells you, that window has detected a spyware infection, and to click on the message to protect your computer. if you click on the message it installs the malware app in question.The software scans you machine and then comes up with supposed spyware files that it detects .these are haox files that the software creates in order to con you into buying the payware version of the product.
Ad aware detects and removes the files for "Windows XP Security Center", but it does not remevove whatever is generating the system tray message..
so the popup message still keeps appearing.
Is there any way to find out what process is generating this message , so I can kill tthe process and delete the related files..
anyone please help
malware problem
malware problem
A little havoc never hurt nobody
-
- Registered User
- Posts: 2618
- Joined: 26 Apr 2007, 02:00
- Location: Westcliff, Johannesburg
- Contact:
-
- Registered User
- Posts: 2618
- Joined: 26 Apr 2007, 02:00
- Location: Westcliff, Johannesburg
- Contact:
Re: malware problem
The message you are getting is it a Net send message ?
A net send message is just a message box with an OK button.
If you right click my computer and select manage on the context menu the MMC console will open.
Right at the bottom you should have 'services and applications' in that you will find 'Service'
Find the service called messenger and disable or stop it.
But this wont remove the actual problem.
click start then run and type regedit click ok. and browse to the following registry folders.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In here you will find paths to applications that runs at startup.
See if you can find something suspect in there use google to find the application names.
also check Start-Programs-Startup via your explorer and make sure the folder options is set to show hidden files and folders and system files.
You can aslo click start run and type msconfig en check the startup tab for weir programs that runs at startup and try to find the problem maker.
A net send message is just a message box with an OK button.
If you right click my computer and select manage on the context menu the MMC console will open.
Right at the bottom you should have 'services and applications' in that you will find 'Service'
Find the service called messenger and disable or stop it.
But this wont remove the actual problem.
click start then run and type regedit click ok. and browse to the following registry folders.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In here you will find paths to applications that runs at startup.
See if you can find something suspect in there use google to find the application names.
also check Start-Programs-Startup via your explorer and make sure the folder options is set to show hidden files and folders and system files.
You can aslo click start run and type msconfig en check the startup tab for weir programs that runs at startup and try to find the problem maker.