Spyware, Viruses, & Security forum

General discussion

Help to remove trojan which cause VIRUS ALERT! to display

by artypoe / September 10, 2008 8:19 PM PDT

My PC has been infected with a trojan which causes VIRUS ALERT! to appear beside the time. It also blocks the accessing of My Computer and the desktop properties. Would appreciate it very much if someone could help me out by telling me what i can do to remove it. Thanks.

Discussion is locked
You are posting a reply to: Help to remove trojan which cause VIRUS ALERT! to display
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Help to remove trojan which cause VIRUS ALERT! to display
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Hi, artypoe
by Bugbatter / September 10, 2008 10:14 PM PDT

(For Operating Systems: Microsoft

Collapse -
Thanks for the help
by artypoe / September 12, 2008 8:04 AM PDT
In reply to: Hi, artypoe

Unfortunately, I believe the malware has blocked off access to these sites. Whenever i try to go to an antivirus website, i can't load the page but i can surf every other websites. Anyone out there knows which virus/worm/malware this is and how can I remove it? The prominent point of this is that there is a permanant VIRUS ALERT! beside the time displayed, and it replaces my wallpaper with something else(currently a blank wallpaper).

Collapse -
Grateful thanks to Bugbatter
by Mark HL / October 6, 2008 6:50 PM PDT
In reply to: Hi, artypoe

I came across this thread when in desperation I Googled for "Virus alert trojan" in the hope that I would find some clue as to how to remove this pernicious bit of malware. I have to say that Bugbatter's method worked perfectly -- even better than described, in fact. My computer is now clean and I am so grateful.

I had spent some time trying to remove it with McAfee and Spyware Doctor, but although they found some components they never found the source, even when the infected hard drive was connected to another computer as an external drive.

Perhaps it was because I had already used these programs, but I found that the removal was even more effective than described. Because the infected computer was continually trying to access the net to download yet more trouble, I didn't get any updates to Malwarebytes orSuperantispyware. Even so they removed everything without any difficulty. This is, I guess, because the trojan is now sufficiently old to be contained the databases downloaded with the programs in the first instance.

I also found that Malwarebytes restored my start menu, access to My computer and Control Panel and removed the 'VIRUS ALERT' message in the clock. All I had to do was to reinstate my desktop backround image.

Many thanks again to all who have contributed to this thread, but particularly Bugbatter.

Collapse -
You're Welcome :)
by Bugbatter / October 29, 2008 9:35 AM PDT

Mark HL, you are most welcome.

Collapse -
To Bugbatter
by Satyendr7 / October 24, 2008 6:01 AM PDT
In reply to: Hi, artypoe

Hey Friend I followed ur Steps Regarding Malware Bytes & Problem was solved . So Should I follow The 2nd process too ??? i.e SuperAntisyware Also ???? Plz HReply Me My E-mail : Satyendr7@yahoo.com

& ThankYou Again For Ur Solution Happy

Collapse -
To satyendr7
by Mark HL / October 24, 2008 8:48 AM PDT
In reply to: To Bugbatter

Yes. I would advise the use of Superantispyware. Like you I found that the problem was largely solved by the Malwarebytes software. But Superantispyware found a few more infected files. Since I used both these programs I have had no further problems.

Collapse -
virus alert!
by boolaroo639 / October 27, 2008 11:51 AM PDT
In reply to: Hi, artypoe

that virus alert has hijacked my sons computer. i had it on mine and got rid of it following your instructions. his won't let me go to the download page or any other spware/malware virus removal site. now i'm having trouble booting it and it won't let me start it in safe mode. he has a pentium 1.5ghz windows xp. please help

Collapse -
Then You Use A Friend Or Family Member's Computer...
by Grif Thomas Forum moderator / October 27, 2008 2:49 PM PDT
In reply to: virus alert!

...to download the Malwarebytes installer and update files, copy them to a CD or flash drive, then transfer the files to the problem machine and use them.. I use the sites below to download the installer file and the manual updater:

Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

Hope this helps.

Grif

Collapse -
help
by boolaroo639 / October 28, 2008 10:13 AM PDT
In reply to: virus alert!

it won't let me start the computer it just keeps rebooting without loading windows xp professional, how can i get it started so i can load the software neede to fix it? it wont start in safe mode either

Collapse -
If It Won't Start Into Windows....
by Grif Thomas Forum moderator / October 28, 2008 11:43 AM PDT
In reply to: help

..by using either Safe Mode or "normal" Windows, then you may be out of luck.. It may be so badly infested you need to do a complete reformat and reinstall..

There are methods for using the Windows XP Recovery Console and attempt to run a "FixMBR" from the console command prompt.. Or you might even try using the "Last Known Good Configuation" option by restarting the computer, then immediately start pressing the F8 key, once per second, till it loads a selection screen. At the selection screen, use the up/down arrows to select "Last Known Good Configuration", then press the Enter key..

If you're lucky, it will boot to normal Windows.. If you're not lucky, then there are too many system files damaged.

In such a case, you bite the bullet and use your Recovery Discs to start from scratch.

Hope this helps.

Grif

Collapse -
Thank you!
by atactula / October 29, 2008 8:33 AM PDT
In reply to: Hi, artypoe

Dear Bugbatter,

Thank you very much for your precious help.My computer is now clean and safe.
Do you have in mind a good antivirus to intall to my computer, so that i will be fully protected?

Thanks again
Atactula

Collapse -
You're Welcome
by Bugbatter / October 29, 2008 9:31 AM PDT
In reply to: Thank you!

You are most welcome. I'm glad we could help.

Collapse -
For Atactula: Lists of Free Anti-Virus Programs
by Bugbatter / October 30, 2008 11:57 PM PDT
In reply to: Thank you!
Collapse -
VIRUS ALERT ! in clock.........
by Marianna Schmudlach / September 12, 2008 11:12 AM PDT
Collapse -
This Worked!
by floorman / September 13, 2008 10:55 PM PDT

Just wanted to respond to let people know this worked. I read this thread and had very similar problems with my laptop. The biggest problem was that I could not connect to the internet to download any antispyware programs. They were blocked by the trojan even microsoft update was blocked, but I could connect to regular sites. This was first discovered when I tried microsoft update and that was blocked. What I did was copy bugbatters instructions to word. Then I used my OTHER computer to download mbam and superantispyware and burn to a CD.

http://www.besttechie.net/tools/mbam-setup.exe
http://www.superantispyware.com/

I put the CD into my infected laptop and was able to then install both programs and followed bugbatters instuctions precisely! The scans took a long while on my laptop BUT when I was done everything was back to normal! Windows update works and I can now go to any antispyware sites. A BIG THANK YOU to bugbatter! I really did not want to reformat my C drive and reinstall XP. Thanks.

Collapse -
An addition.
by Aitrusskyy / September 15, 2008 4:51 AM PDT

Just to add to this. (THE FOLLOWING IS TO BE DONE AFTER REMOVAL OF THE MALWARE AND ONLY IF YOU HAVE THIS LEFTOVER PROBLEM) If you do wind up removing the troublesome malware, sometimes it leaves behind that message near the clock that says VIRUS INFECTION, or VIRUS ALERT.

To rid yourself of the message simply click Start > Run (if windows vista click the start windows button and type "run" into the search field) then type in "regedit".

When reg edit opens, first click file then export to backup your registry (save it under back in my documents or something).

Once backed up browse to this registry key.

HKEY_CURRENT_USER/CONTROL PANE/INTERNATIONAL

Look for the key (usually on the bottom) that says "sTimeFormat" and on the far right you should see h:mm:ss tt (or you will see h:mm:ss VIRUS INFECTION)

Simply double click that entry and erase what it says and replace it with "h:mm:ss tt" which is the correct data for that entry. Close regedit and restart the pc.

This will rid you of the VIRUS INFECTION message after your clock time.

NOTE:
I am talking about this message in this image next to the clocks time
http://www.spywareremove.com/images/virus-alert-task-bar.gif

I am not talking about the box or window that pops up on the actual systray.

I had the same issue before, used the malware bytes program and spybot, they both removed it but that registry entry was left behind so my clock still said VIRUS ALERT.

Collapse -
1 more thing...
by Aitrusskyy / September 15, 2008 5:04 AM PDT
In reply to: An addition.

If you can't access regedit or taskmanager.

Go to http://www.dougknox.com/ and click "Win XP Utilities" then download

Doug's Windows XP Security Console

When you run it, it basically allows you to change some security settings and preferences. You can use it to re-enable regedit and task manager which will allow you more access to finish fixes on your pc.

To make it easy when you open the program in all sections the only box that should be checked off by default is "Do not allow shutdown without logoff".

So if you don't know what you're doing, you can un-check all but the "Do not allow shutdown without logoff" box and your computer will be at default settings.

Note: If you reboot after making those changes and once again task manager and regedit are disabled, this means you are not rid of the malware and it is still making changes on your pc.

PS: Worst idea I hear so far in this post is that System Restore will fix malware issues. Like the first thing anyone will tell you is to turn system restore off, else you remove the malware and its been backed up into the sys restore only to be restored on next reboot.

Collapse -
Trg AVG and Spybot
by swifttec / September 15, 2008 7:40 AM PDT

I have seen several instances of this in recent months on various customer machines. I have found that AVG internet security very good in dealing with it, also Spybot S&D. Sometimes a combination is needed.

Collapse -
AVG & Spybot
by floorman / September 15, 2008 8:19 AM PDT
In reply to: Trg AVG and Spybot

FYI for my infection I had AVG and Spybot already installed on my laptop but they did not fix the problem. I like both programs and I ran both in normal mode then in safe mode and they did not solve the connection problem to any spyware or microsoft update sites while other sites worked fine. Only when I burned Mbam and superantispyware to CD on my other computer, installed them on my laptop and ran them (in normal mode) then the infection was fixed. Now I have all 4 programs on both computers.

Collapse -
Virus alert next to time
by rickbail51 / September 15, 2008 11:42 PM PDT

yeah, I had the same problem and my access to my control panel was hijacked, blue screens, lapses in cursor control, and many other problems. I followed the advice given and got rid of the problem.. Thanks a lot for the help...C-net just got my vote cuz they helped me without trying to make me buy something, so when I do buy something of my own free will, I will look to them first!

Collapse -
1 last problem unsolved
by artypoe / September 16, 2008 1:33 AM PDT

Thanks to the great advice given by u guys, i've managed to remove the malware n trojans according to Malwarebytes. Only 1 problem remain which is my wallpaper. It's still a white screen. I've tried loading other wallpapers but to no avail. Apparently all other problems have been fixed. Any suggestions?

Collapse -
Answer to enable wallpaper change.
by Aitrusskyy / September 16, 2008 1:48 AM PDT

Yes, your wallpaper changing ability is probably disabled in the registry.Click "Start" then "Run" type in "regedit" and hit enter.

Then browse to the following key.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]

You can click any of the following keys (that appear in your list), then just hit the delete key on your keyboard.

"NoChangingWallPaper"
"NoAddingComponents"
"NoComponents"
"NoDeletingComponents"
"NoEditingComponents"
"NoCloseDragDropBands"
"NoMovingBands"
"NoHTMLWallPaper"=

Then restart your computer.

Collapse -
Unresolved - wallpaper change
by kf9009 / October 7, 2008 5:22 PM PDT

I have a similar issue.Afer the clean-up, I am left with the issue of being unable to change the desktop. I see a white backdrop masking my actual desktop. I followed your instruction but i dont have an " ActiveDesktop" key. It stops at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies". There are no keys/directories following "Policies". What do you suggest that I do?
Thanks in advance

Collapse -
Wallpaper
by Aitrusskyy / October 7, 2008 11:13 PM PDT
Collapse -
No success
by kf9009 / October 8, 2008 10:16 AM PDT
In reply to: Wallpaper

Hi thanks for the reply. I ran the vbscript rebooted it (twice). But still no success.The desktop cannot be changed.What do you suggest next?

Thanks for your help

Collapse -
Next thought
by Aitrusskyy / October 8, 2008 12:07 PM PDT
In reply to: No success

Yes. You mentioned you had a similar issue but not the exact spyware listed in this topic. If you cannot change your active desktop via those entries this means there is probably an active spyware still upon your computer.

Head to geekstogo.com and post in their malware section. Read their topic on how to post a hijack log. You will learn a lot, its easier than it sounds, and you will be safer surfing the net. You will also most likely have your issue fixed.

Collapse -
Did you try..
by Carol~ Moderator / October 8, 2008 1:52 PM PDT

going to Start>Control Panel>Display>Desktop Tab? If not, click on the Customize Desktop button, at the bottom of the Desktop Tab. Once there click on the Web Tab and uncheck the box next to My Current Home Page. If you see any other web items checked, make sure to uncheck them too. The "Lock desktop items" should also be unchecked. Hit OK. Under certain conditions, the above helps. Your information is a little vague, so it's hard to tell. If you're using XP, give the above a try.

You might also look for any "suspicious or unfamiliar" web items, while you're there.

Best of luck..
Carol

Collapse -
Thanks to All of you...Issue resolved
by kf9009 / October 9, 2008 9:36 AM PDT
In reply to: Did you try..

Thanks Carol...That worked for me. My thanks to all of you in helping me resolve this.

Thanks again

Collapse -
(NT) You're quite welcome, kf. Glad to hear it helped :)
by Carol~ Moderator / October 9, 2008 10:17 AM PDT
Collapse -
I Do It this Way...
by Grif Thomas Forum moderator / October 9, 2008 2:59 AM PDT

Unfortunately, you haven't told us which operating system you have installed but if you're using Windows XP, see the information below:

For XP PRO:

At this link, since you've already got the malware removed, and IF you've got XP PRO on your computer, then pick up in the lower part of the page where it discusses the "gpedit.msc" instructions.
Remove Antivirus XP 2008


For XP HOME:

Gpedit.msc Isn't Available On XP Home.. Pro Only....
http://forums.cnet.com/5208-6122_102-0.html?forumID=44&threadID=288404&messageID=2816976#2816976

And To Determine More Of Gpedit.msc Registry Edits..
http://forums.cnet.com/5208-6122_102-0.html?forumID=44&threadID=288404&messageID=2816979#2816979

Hope this helps.

Grif

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?