"Your computer has been infected with malware" windows update icon

"Your computer has been infected with malware" windows update icon: Posted by Joe on January 9th, 2006; I recently had a computer that was infected with the spyware "Spy Sheriff".
I removed it, or I'm pretty sure I did, but I am still getting this annoying
pop-up every
5-10 seconds. It is the windows update icon (the world) down in the lower
left hand corner by the time and blicks from the world to the red "x". It
says that the computer is infected with Malware and to click here to remove
it. When I click on the bubble the message dissapears, nothing happens, and
then it reappears 5 seconds later. Get's really annoying. I'm pretty sure
the PC is clean, now how do I get rid of this warning. Thanks!; Posted by Ted Zieglar on January 9th, 2006; The PC is not clean.

You cannot remove spyware by yourself. That requires specialized removal
software. Unfortunately, you can impair the effectiveness of removal
software when you try to remove spyware manually.

Often you need to try several different spyware removers before finally
finding the one that works in your situation. Start here, and good luck:

Trend Micro Housecall
http://housecall.trendmicro.com

--
Ted Zieglar
"You can do it if you try."

"Joe" <Joe@discussions.microsoft.com> wrote in message
news:0BC1EB59-657B-470B-A49B-002912366232@microsoft.com...
> I recently had a computer that was infected with the spyware "Spy
Sheriff".
> I removed it, or I'm pretty sure I did, but I am still getting this
annoying
> pop-up every
> 5-10 seconds. It is the windows update icon (the world) down in the lower
> left hand corner by the time and blicks from the world to the red "x". It
> says that the computer is infected with Malware and to click here to
remove
> it. When I click on the bubble the message dissapears, nothing happens,
and
> then it reappears 5 seconds later. Get's really annoying. I'm pretty
sure
> the PC is clean, now how do I get rid of this warning. Thanks!; Posted by Ron Martell on January 9th, 2006; Joe <Joe@discussions.microsoft.com> wrote:

>I recently had a computer that was infected with the spyware "Spy Sheriff".
>I removed it, or I'm pretty sure I did, but I am still getting this annoying
>pop-up every
>5-10 seconds. It is the windows update icon (the world) down in the lower
>left hand corner by the time and blicks from the world to the red "x". It
>says that the computer is infected with Malware and to click here to remove
>it. When I click on the bubble the message dissapears, nothing happens, and
>then it reappears 5 seconds later. Get's really annoying. I'm pretty sure
>the PC is clean, now how do I get rid of this warning. Thanks!

SpySheriff is especially tough to get rid of. Here is a (lengthy)
procedure posted by David H. Lipman to
microsoft.public.windowsxp.general on 30 Dec 2005 that has worked for
me:

******
Perform Part 1 then perform Part 2.

It is suggested that you execute each tool in Normal Mode then in Safe
Mode.

If you are using any version of Sun Java that is prior to JRE Version
5.0, then
you are are strongly urged to remove any/all versions that are prior
to JRE
Version 5.0. There are vulnerabilities in them and they are actively
being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions
of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version
5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp

Use the alternate if the first two parts are ineffective...
Note: Alternate only for Win2K, WinXP and Win2003 Server

Part 1
-----------

Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click...click.php?id=1

http://www.bleepingcomputer.com/forums/topic36868.html

Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of
C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE
to go through your
FireWall to enable WGET.EXE to download the needed McAfee related
files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be
generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox
or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before
performing another scan.

Alternate:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal
tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072

*****

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP (1997 - 2006)
On-Line Help Computer Service
http://onlinehelp.bc.ca

"Anyone who thinks that they are too small to make a difference
has never been in bed with a mosquito."; Posted by BobL on January 10th, 2006; I had the same problem and ended up doing a destructive recovery from the
recovery CDs. I took notice of your instruction to remove the Java versions
prior to version 5.0 update 6. I have already installed that update but in
add/remove mode I see, "Java 2 Runtime Environment, SE vol1.4.2_03". Is this
a file that needs to be removed?? Please advise.

"Ron Martell" wrote:

> Joe <Joe@discussions.microsoft.com> wrote:
>
> >I recently had a computer that was infected with the spyware "Spy Sheriff".
> >I removed it, or I'm pretty sure I did, but I am still getting this annoying
> >pop-up every
> >5-10 seconds. It is the windows update icon (the world) down in the lower
> >left hand corner by the time and blicks from the world to the red "x". It
> >says that the computer is infected with Malware and to click here to remove
> >it. When I click on the bubble the message dissapears, nothing happens, and
> >then it reappears 5 seconds later. Get's really annoying. I'm pretty sure
> >the PC is clean, now how do I get rid of this warning. Thanks!
>
> SpySheriff is especially tough to get rid of. Here is a (lengthy)
> procedure posted by David H. Lipman to
> microsoft.public.windowsxp.general on 30 Dec 2005 that has worked for
> me:
>
> ******
> Perform Part 1 then perform Part 2.
>
> It is suggested that you execute each tool in Normal Mode then in Safe
> Mode.
>
> If you are using any version of Sun Java that is prior to JRE Version
> 5.0, then
> you are are strongly urged to remove any/all versions that are prior
> to JRE
> Version 5.0. There are vulnerabilities in them and they are actively
> being exploited.
> It is possible that is how you got infected with malware.
>
> Therefore, it is highly suggested that if there are any prior versions
> of Sun Java
> to Version 5 on the PC that they be removed and Sun Java JRE Version
> 5.0 Update 6
> be installed ASAP.
>
> http://www.java.com/en/download/manual.jsp
>
>
>
>
> Use the alternate if the first two parts are ineffective...
> Note: Alternate only for Win2K, WinXP and Win2003 Server
>
> Part 1
> -----------
>
> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> http://noahdfear.geekstogo.com/click...click.php?id=1
>
> http://www.bleepingcomputer.com/forums/topic36868.html
>
>
> Part 2
> -----------
>
> Download SmitFraud.exe from the URL --
> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>
> Execute; SmitFraud.exe { Note: You must accept the default of
> C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE
> to go through your
> FireWall to enable WGET.EXE to download the needed McAfee related
> files.
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be
> generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox
> or Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before
> performing another scan.
>
> Alternate:
>
> Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal
> tool.
>
> http://secured2k.home.comcast.net/tools/AntiPuper.exe
>
> http://forums.mcafeehelp.com/viewtopic.php?t=65072
>
>
> *****
>
> Good luck
>
> Ron Martell Duncan B.C. Canada
> --
> Microsoft MVP (1997 - 2006)
> On-Line Help Computer Service
> http://onlinehelp.bc.ca
>
> "Anyone who thinks that they are too small to make a difference
> has never been in bed with a mosquito."
>; Posted by Joe on January 10th, 2006; What if I do all this and I still have the red x popping up? Is there anyway
to get rid of this or disable the warning? I have ran about 5 spyware
removers and most of them come back clean or have removed the stuff they
found. I'll try the directions below, but I was just wondering if there is
something the computer thinks it is finding that isn't there. I downloaded
the Dec version of the Microsoft Spyware Removal tool and that scan came back
clean, so I'm really wondering why the popup is even happening at all?
Thanks!

"Ron Martell" wrote:

> Joe <Joe@discussions.microsoft.com> wrote:
>
> >I recently had a computer that was infected with the spyware "Spy Sheriff".
> >I removed it, or I'm pretty sure I did, but I am still getting this annoying
> >pop-up every
> >5-10 seconds. It is the windows update icon (the world) down in the lower
> >left hand corner by the time and blicks from the world to the red "x". It
> >says that the computer is infected with Malware and to click here to remove
> >it. When I click on the bubble the message dissapears, nothing happens, and
> >then it reappears 5 seconds later. Get's really annoying. I'm pretty sure
> >the PC is clean, now how do I get rid of this warning. Thanks!
>
> SpySheriff is especially tough to get rid of. Here is a (lengthy)
> procedure posted by David H. Lipman to
> microsoft.public.windowsxp.general on 30 Dec 2005 that has worked for
> me:
>
> ******
> Perform Part 1 then perform Part 2.
>
> It is suggested that you execute each tool in Normal Mode then in Safe
> Mode.
>
> If you are using any version of Sun Java that is prior to JRE Version
> 5.0, then
> you are are strongly urged to remove any/all versions that are prior
> to JRE
> Version 5.0. There are vulnerabilities in them and they are actively
> being exploited.
> It is possible that is how you got infected with malware.
>
> Therefore, it is highly suggested that if there are any prior versions
> of Sun Java
> to Version 5 on the PC that they be removed and Sun Java JRE Version
> 5.0 Update 6
> be installed ASAP.
>
> http://www.java.com/en/download/manual.jsp
>
>
>
>
> Use the alternate if the first two parts are ineffective...
> Note: Alternate only for Win2K, WinXP and Win2003 Server
>
> Part 1
> -----------
>
> Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> http://noahdfear.geekstogo.com/click...click.php?id=1
>
> http://www.bleepingcomputer.com/forums/topic36868.html
>
>
> Part 2
> -----------
>
> Download SmitFraud.exe from the URL --
> http://www.ik-cs.com/programs/virtools/SmitFraud.exe
>
> Execute; SmitFraud.exe { Note: You must accept the default of
> C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE
> to go through your
> FireWall to enable WGET.EXE to download the needed McAfee related
> files.
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be
> generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox
> or Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before
> performing another scan.
>
> Alternate:
>
> Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal
> tool.
>
> http://secured2k.home.comcast.net/tools/AntiPuper.exe
>
> http://forums.mcafeehelp.com/viewtopic.php?t=65072
>
>
> *****
>
> Good luck
>
> Ron Martell Duncan B.C. Canada
> --
> Microsoft MVP (1997 - 2006)
> On-Line Help Computer Service
> http://onlinehelp.bc.ca
>
> "Anyone who thinks that they are too small to make a difference
> has never been in bed with a mosquito."
>; Posted by Ron Martell on January 10th, 2006; "BobL" <BobL@discussions.microsoft.com> wrote:

>I had the same problem and ended up doing a destructive recovery from the
>recovery CDs. I took notice of your instruction to remove the Java versions
>prior to version 5.0 update 6. I have already installed that update but in
>add/remove mode I see, "Java 2 Runtime Environment, SE vol1.4.2_03". Is this
>a file that needs to be removed?? Please advise.
>
Yes. You should remove it after you have updated to the current Java
release.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP (1997 - 2006)
On-Line Help Computer Service
http://onlinehelp.bc.ca

"Anyone who thinks that they are too small to make a difference
has never been in bed with a mosquito."; Posted by Ron Martell on January 10th, 2006; Joe <Joe@discussions.microsoft.com> wrote:

>What if I do all this and I still have the red x popping up? Is there anyway
>to get rid of this or disable the warning? I have ran about 5 spyware
>removers and most of them come back clean or have removed the stuff they
>found. I'll try the directions below, but I was just wondering if there is
>something the computer thinks it is finding that isn't there. I downloaded
>the Dec version of the Microsoft Spyware Removal tool and that scan came back
>clean, so I'm really wondering why the popup is even happening at all?
>Thanks!
>

If this procedure fails for you then I will get you whatever
additional advice is necessary in order to clean it up.

Please post a reply back here with your results. I will be watching
for responses for the next 7 days.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP (1997 - 2006)
On-Line Help Computer Service
http://onlinehelp.bc.ca

"Anyone who thinks that they are too small to make a difference
has never been in bed with a mosquito."; Posted by yogi on January 10th, 2006; Hi,
Don't want to interrupt your tshoot of this problem but for all that its
worth the Microsoft Anti-Spyware is a *beta* program which means it is
intended for testing purposes only. If you are testing it on your system
great, if not, remove it.

~~~
yogi

"Joe" wrote:

> What if I do all this and I still have the red x popping up? Is there anyway
> to get rid of this or disable the warning? I have ran about 5 spyware
> removers and most of them come back clean or have removed the stuff they
> found. I'll try the directions below, but I was just wondering if there is
> something the computer thinks it is finding that isn't there. I downloaded
> the Dec version of the Microsoft Spyware Removal tool and that scan came back
> clean, so I'm really wondering why the popup is even happening at all?
> Thanks!
>
> "Ron Martell" wrote:
>
> > Joe <Joe@discussions.microsoft.com> wrote:
> >
> > >I recently had a computer that was infected with the spyware "Spy Sheriff".
> > >I removed it, or I'm pretty sure I did, but I am still getting this annoying
> > >pop-up every
> > >5-10 seconds. It is the windows update icon (the world) down in the lower
> > >left hand corner by the time and blicks from the world to the red "x". It
> > >says that the computer is infected with Malware and to click here to remove
> > >it. When I click on the bubble the message dissapears, nothing happens, and
> > >then it reappears 5 seconds later. Get's really annoying. I'm pretty sure
> > >the PC is clean, now how do I get rid of this warning. Thanks!
> >
> > SpySheriff is especially tough to get rid of. Here is a (lengthy)
> > procedure posted by David H. Lipman to
> > microsoft.public.windowsxp.general on 30 Dec 2005 that has worked for
> > me:
> >
> > ******
> > Perform Part 1 then perform Part 2.
> >
> > It is suggested that you execute each tool in Normal Mode then in Safe
> > Mode.
> >
> > If you are using any version of Sun Java that is prior to JRE Version
> > 5.0, then
> > you are are strongly urged to remove any/all versions that are prior
> > to JRE
> > Version 5.0. There are vulnerabilities in them and they are actively
> > being exploited.
> > It is possible that is how you got infected with malware.
> >
> > Therefore, it is highly suggested that if there are any prior versions
> > of Sun Java
> > to Version 5 on the PC that they be removed and Sun Java JRE Version
> > 5.0 Update 6
> > be installed ASAP.
> >
> > http://www.java.com/en/download/manual.jsp
> >
> >
> >
> >
> > Use the alternate if the first two parts are ineffective...
> > Note: Alternate only for Win2K, WinXP and Win2003 Server
> >
> > Part 1
> > -----------
> >
> > Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> > http://noahdfear.geekstogo.com/click...click.php?id=1
> >
> > http://www.bleepingcomputer.com/forums/topic36868.html
> >
> >
> > Part 2
> > -----------
> >
> > Download SmitFraud.exe from the URL --
> > http://www.ik-cs.com/programs/virtools/SmitFraud.exe
> >
> > Execute; SmitFraud.exe { Note: You must accept the default of
> > C:\McAfee }
> > Choose; Unzip
> > Choose; Close
> >
> > NOTE: You may have to disable your software FireWall or allow WGET.EXE
> > to go through your
> > FireWall to enable WGET.EXE to download the needed McAfee related
> > files.
> >
> > Execute; c:\mcafee\clean.bat
> > { or Double-click on 'Clean Link' in c:\mcafee }
> >
> > A final report in HTML format called C:\mcafee\ScanReport.HTML will be
> > generated. At the
> > end of the scan, it will be displayed in your browser (Opera, FireFox
> > or Internet Explorer).
> > It is suggested that you move the report out of c:\mcafee before
> > performing another scan.
> >
> > Alternate:
> >
> > Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal
> > tool.
> >
> > http://secured2k.home.comcast.net/tools/AntiPuper.exe
> >
> > http://forums.mcafeehelp.com/viewtopic.php?t=65072
> >
> >
> > *****
> >
> > Good luck
> >
> > Ron Martell Duncan B.C. Canada
> > --
> > Microsoft MVP (1997 - 2006)
> > On-Line Help Computer Service
> > http://onlinehelp.bc.ca
> >
> > "Anyone who thinks that they are too small to make a difference
> > has never been in bed with a mosquito."
> >; Posted by Joe on January 11th, 2006; Ron,

It worked. It is gone! Thanks a lot. Boy that thing is a toughy
to get rid of. Thanks again.

Joe

"Ron Martell" wrote:

> Joe <Joe@discussions.microsoft.com> wrote:
>
> >What if I do all this and I still have the red x popping up? Is there anyway
> >to get rid of this or disable the warning? I have ran about 5 spyware
> >removers and most of them come back clean or have removed the stuff they
> >found. I'll try the directions below, but I was just wondering if there is
> >something the computer thinks it is finding that isn't there. I downloaded
> >the Dec version of the Microsoft Spyware Removal tool and that scan came back
> >clean, so I'm really wondering why the popup is even happening at all?
> >Thanks!
> >
>
> If this procedure fails for you then I will get you whatever
> additional advice is necessary in order to clean it up.
>
> Please post a reply back here with your results. I will be watching
> for responses for the next 7 days.
>
> Good luck
>
> Ron Martell Duncan B.C. Canada
> --
> Microsoft MVP (1997 - 2006)
> On-Line Help Computer Service
> http://onlinehelp.bc.ca
>
> "Anyone who thinks that they are too small to make a difference
> has never been in bed with a mosquito."
>; Posted by BobL on January 11th, 2006; I removed the other version of Java Runtime per your suggestion. So far so
good. Thanks.

"BobL" wrote:

> I had the same problem and ended up doing a destructive recovery from the
> recovery CDs. I took notice of your instruction to remove the Java versions
> prior to version 5.0 update 6. I have already installed that update but in
> add/remove mode I see, "Java 2 Runtime Environment, SE vol1.4.2_03". Is this
> a file that needs to be removed?? Please advise.
>
> "Ron Martell" wrote:
>
> > Joe <Joe@discussions.microsoft.com> wrote:
> >
> > >I recently had a computer that was infected with the spyware "Spy Sheriff".
> > >I removed it, or I'm pretty sure I did, but I am still getting this annoying
> > >pop-up every
> > >5-10 seconds. It is the windows update icon (the world) down in the lower
> > >left hand corner by the time and blicks from the world to the red "x". It
> > >says that the computer is infected with Malware and to click here to remove
> > >it. When I click on the bubble the message dissapears, nothing happens, and
> > >then it reappears 5 seconds later. Get's really annoying. I'm pretty sure
> > >the PC is clean, now how do I get rid of this warning. Thanks!
> >
> > SpySheriff is especially tough to get rid of. Here is a (lengthy)
> > procedure posted by David H. Lipman to
> > microsoft.public.windowsxp.general on 30 Dec 2005 that has worked for
> > me:
> >
> > ******
> > Perform Part 1 then perform Part 2.
> >
> > It is suggested that you execute each tool in Normal Mode then in Safe
> > Mode.
> >
> > If you are using any version of Sun Java that is prior to JRE Version
> > 5.0, then
> > you are are strongly urged to remove any/all versions that are prior
> > to JRE
> > Version 5.0. There are vulnerabilities in them and they are actively
> > being exploited.
> > It is possible that is how you got infected with malware.
> >
> > Therefore, it is highly suggested that if there are any prior versions
> > of Sun Java
> > to Version 5 on the PC that they be removed and Sun Java JRE Version
> > 5.0 Update 6
> > be installed ASAP.
> >
> > http://www.java.com/en/download/manual.jsp
> >
> >
> >
> >
> > Use the alternate if the first two parts are ineffective...
> > Note: Alternate only for Win2K, WinXP and Win2003 Server
> >
> > Part 1
> > -----------
> >
> > Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
> > http://noahdfear.geekstogo.com/click...click.php?id=1
> >
> > http://www.bleepingcomputer.com/forums/topic36868.html
> >
> >
> > Part 2
> > -----------
> >
> > Download SmitFraud.exe from the URL --
> > http://www.ik-cs.com/programs/virtools/SmitFraud.exe
> >
> > Execute; SmitFraud.exe { Note: You must accept the default of
> > C:\McAfee }
> > Choose; Unzip
> > Choose; Close
> >
> > NOTE: You may have to disable your software FireWall or allow WGET.EXE
> > to go through your
> > FireWall to enable WGET.EXE to download the needed McAfee related
> > files.
> >
> > Execute; c:\mcafee\clean.bat
> > { or Double-click on 'Clean Link' in c:\mcafee }
> >
> > A final report in HTML format called C:\mcafee\ScanReport.HTML will be
> > generated. At the
> > end of the scan, it will be displayed in your browser (Opera, FireFox
> > or Internet Explorer).
> > It is suggested that you move the report out of c:\mcafee before
> > performing another scan.
> >
> > Alternate:
> >
> > Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal
> > tool.
> >
> > http://secured2k.home.comcast.net/tools/AntiPuper.exe
> >
> > http://forums.mcafeehelp.com/viewtopic.php?t=65072
> >
> >
> > *****
> >
> > Good luck
> >
> > Ron Martell Duncan B.C. Canada
> > --
> > Microsoft MVP (1997 - 2006)
> > On-Line Help Computer Service
> > http://onlinehelp.bc.ca
> >
> > "Anyone who thinks that they are too small to make a difference
> > has never been in bed with a mosquito."
> >

Similar Posts

Get "Search", not "Open", if click drive on "My Computer" screen (Microsoft Windows) by Bill
Computer "locked" after XP Update (Microsoft Windows) by Steve D
accessing "my computer" icon. (Basics) by Greg's Grooves
Re: Slow response when i click on "My Computer" Icon (Help and Support) by Hooligan
Re: Problem after removing malware. Involves "My Computer->C Drive" (Customizing) by S. Taylor