My boss, who has Win XP, has apparently been carousing on the web. Embarassingly enough for him, he now has an app that we can not get rid of. It appears as a small red heart in the task tray on startup and opens as a black box with what look like links. I haven't tried any of the links for fear of making things worse. It opens right in the middle of the screen, blocking whatever else is there, and will not allow itself to be minimized. Since it's clever designers disabled any right mouse key functionality, we can't get any "Properties" info, i.e., a file name. We can't find anything recognizable in any start folders, in the system startup configuration, in the registry, via a search, etc. While we have figured out how to close it during the current session, we can't uninstall it. We can't make it go away by closing any running "tasks." I have searched the web and while I can find the sites associated with the apparently Polish (sorry for the smear if I'm wrong) terms available to us, i.e., Najlepsze strony erotyczne, appearing when I hover the mouse over the cute little red heart, I can't find anything in English that I can follow to get rid of the thing for good. It must be in the registry or elsewhere under an "assumed" file name. I hope someone can supply one to search for. Or give us suggestions. Thanks for your time and consideration.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Can't remove strange bad site "app"
- Thread starter avmva
- Start date
- Thread starter
- #3
Yeah, I've searched for all the text that's available to me. As part of file names or as text. By date? Since my boss can't remember when he did whatever he did that resulted in this app, I can't really search by date. There must be something, though. In all my years of computing, I've never run across something like this that I couldn't find evenutally. It's just got me stumped.
Thanks for your suggestions.
Thanks for your suggestions.
Did you run the System Configuration Utility , MSCONFIG ?
You will probably find a pirate program in Services or Startup. As the name of the pirate program is unknown, you may have to compare the names of the startup programs of the infected computer with the names in another machine running XP. From MSCONFIG, you can uncheck or disable one or more programs.
You will probably find a pirate program in Services or Startup. As the name of the pirate program is unknown, you may have to compare the names of the startup programs of the infected computer with the names in another machine running XP. From MSCONFIG, you can uncheck or disable one or more programs.
It is certainly polish because a friend of mine who's polish says it is.
If the designers of the program were clever enough, they could have made it a virtual driver, in which case it is not trivial to find it or shut it down. Maybe a spy killer could do the job because many spy programs are implemented as virtual drivers. A search on Google for vxd spy killer generates lots of results.
Also, anti-virus software such as McAfee VirusScan may be able to detect and remove it.
If the designers of the program were clever enough, they could have made it a virtual driver, in which case it is not trivial to find it or shut it down. Maybe a spy killer could do the job because many spy programs are implemented as virtual drivers. A search on Google for vxd spy killer generates lots of results.
Also, anti-virus software such as McAfee VirusScan may be able to detect and remove it.
Ad-aware? Have you tried the key on the left of the right Ctrl key on most keyboards (it will often let you into a contect menu when right mouse click has been disabled).
You've probably looked here - but just check all files in root of C:
You've probably looked here - but just check all files in root of C:
- Thread starter
- #7
Everything that runs needs a process.. one way to kill it .. is to open Taskmgr and kill its process.
Then look into the start up section in the start menu -- to see if its there.
THEN...
Look inside this following folder:
C:\winnt\prefetch
(or whatever drive the winnt folder resides)
See if there is anything in that folder that looks remotely like the offending app. These pain-in-the-arse apps tend to put crap in that folder so that the app launches at startup. Delete it, if it's there.
Alshrim
System Administrator
MCSE, MCP+Internet
Then look into the start up section in the start menu -- to see if its there.
THEN...
Look inside this following folder:
C:\winnt\prefetch
(or whatever drive the winnt folder resides)
See if there is anything in that folder that looks remotely like the offending app. These pain-in-the-arse apps tend to put crap in that folder so that the app launches at startup. Delete it, if it's there.
Alshrim
System Administrator
MCSE, MCP+Internet
Jesuspower
Programmer
If I were you, I'd bother your boss endlessly with this. Anyway, ad-aware should take care of this. Try looking in the Dr. Watson snapshot file. Hopefully the file did not attach itself to another exe on startup; if it did not, then it'll have a task and a startup item in msconfig. -God Bless
debonairOne
MIS
Go into the registry and look in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run key... you may find your offending app there... debonairOne
"I look in the mirror and what do I see..."
"I look in the mirror and what do I see..."
![[profile]](/data/assets/smilies/profile.gif "[profile] [profile]")
Jesuspower
Programmer
Take a screenshot and send it to his wife!
ok, sorry... not very helpful, but i could not resist. -God Bless
ok, sorry... not very helpful, but i could not resist. -God Bless
- Thread starter
- #14
- Thread starter
- #15
- Status
Similar threads
- Locked
- Question
- Locked
- Question