I'm on Vista Ultimate.. all of a sudden I get this message on lower
right-hand corner of my computer saying something like "to protect
against malware install such-and-such.." I clicked cancel, closed all
apps, and restarted the machine..
then when it rebooted it looked like it was installing something.. I
managed to get a screenshot before it disappeared.. I have no idea what
this is or where it is installed...
does anybody know what this is and how to un-install it? (if I need to..)
I didn't find anything in CP -> remove programs that I didn't
recognize.. the icon in the system tray you see in the screenshot has
disappeared completely....
Have you checked to see if there are any changes to Device Manager?
--
Andre
Blog: http://adacosta.spaces.live.com
My Vista Quickstart Guide: http://adacosta.spaces.live.com/blog...3DB!9709.entry
"maya" <maya778899@yahoo.com> wrote in message news:fh5dv7$onn$1@aioe.org...
> hi,
>
> I'm on Vista Ultimate.. all of a sudden I get this message on lower
> right-hand corner of my computer saying something like "to protect against
> malware install such-and-such.." I clicked cancel, closed all apps, and
> restarted the machine..
>
> then when it rebooted it looked like it was installing something.. I
> managed to get a screenshot before it disappeared.. I have no idea what
> this is or where it is installed...
>
> http://www.mayacove.com/misc/ss_unknown.gif
>
> does anybody know what this is and how to un-install it? (if I need to..)
> I didn't find anything in CP -> remove programs that I didn't recognize..
> the icon in the system tray you see in the screenshot has disappeared
> completely....
>
>
> thank you very much..
>
>
>
maya wrote:
> hi,
>
> I'm on Vista Ultimate.. all of a sudden I get this message on lower
> right-hand corner of my computer saying something like "to protect
> against malware install such-and-such.." I clicked cancel, closed all
> apps, and restarted the machine..
>
> then when it rebooted it looked like it was installing something.. I
> managed to get a screenshot before it disappeared.. I have no idea what
> this is or where it is installed...
>
> http://www.mayacove.com/misc/ss_unknown.gif
>
> does anybody know what this is and how to un-install it? (if I need to..)
> I didn't find anything in CP -> remove programs that I didn't
> recognize.. the icon in the system tray you see in the screenshot has
> disappeared completely....
This is not enough information to get you focused help but the message
you got about installing "such-and-such" (and it would have been most
helpful to tell us the name of "such-and-such") is classic malware
behavior. Without knowing the name of the culprit, I can't give you a
link to its removal but follow these general malware removal steps:
Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.
The site is in German but David's tool is in English so don't let that
worry you. Scroll all the way down to almost the bottom of the page and
you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".
You'll see "Download von www pctipp.ch" and the live link to download
Multi_AV.
When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).
Not all tools used will work in Vista and you will need to run them
elevated. Since Vista is so new, it will be a while before removal
techniques and tools are developed. If you are unable to remove the
infection by following the general steps, register at one of the
HijackThis forums as suggested.
Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may
be so infested that Windows will need to be clean-installed. Have all
your data backed up before you take the machine into a shop.
Andre Da Costa[ActiveWin] wrote:
> Have you checked to see if there are any changes to Device Manager?
yes I looked in device manager but have no idea what is new there and
what isn't... (it's devided into many subsections (computer, keyborads,
dvd/cd-rom drives, port, processors, portable devices, etc.. lots
more... wouldn't know where to look and wouldn't recognize anything new..)
Andre Da Costa[ActiveWin] wrote:
> Have you checked to see if there are any changes to Device Manager?
I just found a 'drivers' folder in C drive, all the dirs inside show
they were last modified last July... I hope this is a good sign....
HOWEVER: I just saw something unexpected in my machine that may have to
do with this and maybe it's not malware.. I just opened Windows Media
Center, which I hadn't used in about two or three weeks, and there's a
whole new section in the menu, "internet TV" -- with movies, and other
stuff, this is totally new... I have no idea if this is related to this
thing.. but asking just in case..
Media Center regularly downloads new content, so thats normal. The Drivers
folder is also normal, I would follow the advice provided by Malke posted
earlier.
--
Andre
Blog: http://adacosta.spaces.live.com
My Vista Quickstart Guide: http://adacosta.spaces.live.com/blog...3DB!9709.entry
"maya" <maya778899@yahoo.com> wrote in message news:fh5oku$lg7$1@aioe.org...
> Andre Da Costa[ActiveWin] wrote:
>> Have you checked to see if there are any changes to Device Manager?
>
> I just found a 'drivers' folder in C drive, all the dirs inside show they
> were last modified last July... I hope this is a good sign....
>
> HOWEVER: I just saw something unexpected in my machine that may have to do
> with this and maybe it's not malware.. I just opened Windows Media
> Center, which I hadn't used in about two or three weeks, and there's a
> whole new section in the menu, "internet TV" -- with movies, and other
> stuff, this is totally new... I have no idea if this is related to this
> thing.. but asking just in case..
>
> thanks again....
>
>
>
>
Hello,
If it's a device driver it will more than likely use setupapi to install.
you can look in the c:\windows\inf\setupapi.dev.log for entries recorded at
or close to that time.
Some applications can use setupapi as well.
So you may want to check c:\windows\inf\setupapi.app.log for entries
recorded at or close to that time
If there was an OS update installed, most of those should be recorded in
one of the following logs
First look at c:\windows\windowsupdate.log to see if any updates were
pushed down, their install may have been pended awaiting the reboot.
More detailed and quite noisy however but most OS updates are recorded in
here.
C:\windows\logs\cbs\cbs.log
If it's not an OS update or a driver update then the OS may not log the
installation.
Thanks,
Darrell Gorter[MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|> From: maya <maya778899@yahoo.com>
|> Newsgroups: microsoft.public.windows.vista.general
|> Subject: Re: unknown device installed....
|> Date: Sat, 10 Nov 2007 21:15:28 -0500
|> Organization: Aioe.org NNTP Server
|> Lines: 18
|> Message-ID: <fh5oku$lg7$1@aioe.org>
|> References: <fh5dv7$onn$1@aioe.org>
<uDKLvG$IIHA.4272@TK2MSFTNGP05.phx.gbl>
|> NNTP-Posting-Host: 2zTrUBLpxpqICCdRtd3zvQ.user.aioe.org
|> Mime-Version: 1.0
|> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
|> Content-Transfer-Encoding: 7bit
|> X-Complaints-To: abuse@aioe.org
|> In-Reply-To:
|> User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
|> Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TFEEDS01.phx.gbl!TK2MSFTFE
EDS02.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!news.karotte.org!news2.
arglkargh.de!news.mixmin.net!aioe.org!not-for-mail
|> Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.general:203081
|> X-Tomcat-NG: microsoft.public.windows.vista.general
|>
|> Andre Da Costa[ActiveWin] wrote:
|> > Have you checked to see if there are any changes to Device Manager?
|>
|> I just found a 'drivers' folder in C drive, all the dirs inside show
|> they were last modified last July... I hope this is a good sign....
|>
|> HOWEVER: I just saw something unexpected in my machine that may have to
|> do with this and maybe it's not malware.. I just opened Windows Media
|> Center, which I hadn't used in about two or three weeks, and there's a
|> whole new section in the menu, "internet TV" -- with movies, and other
|> stuff, this is totally new... I have no idea if this is related to this
|> thing.. but asking just in case..
|>
|> thanks again....
|>
|>
|>
|>
|>
thank you all very much for your responses.. will try advice given here
tomorrow, when have a clearer head... it's about midnight in my neck
of the woods now... (did look a bit at one of the urls provided
(http://www.elephantboycomputers.com/...moving_Malware))
thank you ..... maya...
Darrell Gorter[MSFT] wrote:
> Hello,
> If it's a device driver it will more than likely use setupapi to install.
> you can look in the c:\windows\inf\setupapi.dev.log for entries recorded at
> or close to that time.
> Some applications can use setupapi as well.
> So you may want to check c:\windows\inf\setupapi.app.log for entries
> recorded at or close to that time
>
> If there was an OS update installed, most of those should be recorded in
> one of the following logs
> First look at c:\windows\windowsupdate.log to see if any updates were
> pushed down, their install may have been pended awaiting the reboot.
> More detailed and quite noisy however but most OS updates are recorded in
> here.
> C:\windows\logs\cbs\cbs.log
>
> If it's not an OS update or a driver update then the OS may not log the
> installation.
>
> Thanks,
> Darrell Gorter[MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights
> --------------------
> |> From: maya <maya778899@yahoo.com>
> |> Newsgroups: microsoft.public.windows.vista.general
> |> Subject: Re: unknown device installed....
> |> Date: Sat, 10 Nov 2007 21:15:28 -0500
> |> Organization: Aioe.org NNTP Server
> |> Lines: 18
> |> Message-ID: <fh5oku$lg7$1@aioe.org>
> |> References: <fh5dv7$onn$1@aioe.org>
> <uDKLvG$IIHA.4272@TK2MSFTNGP05.phx.gbl>
> |> NNTP-Posting-Host: 2zTrUBLpxpqICCdRtd3zvQ.user.aioe.org
> |> Mime-Version: 1.0
> |> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> |> Content-Transfer-Encoding: 7bit
> |> X-Complaints-To: abuse@aioe.org
> |> In-Reply-To:
> |> User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
> |> Path:
> TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TFEEDS01.phx.gbl!TK2MSFTFE
> EDS02.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!news.karotte.org!news2.
> arglkargh.de!news.mixmin.net!aioe.org!not-for-mail
> |> Xref: TK2MSFTNGHUB02.phx.gbl
> microsoft.public.windows.vista.general:203081
> |> X-Tomcat-NG: microsoft.public.windows.vista.general
> |>
> |> Andre Da Costa[ActiveWin] wrote:
> |> > Have you checked to see if there are any changes to Device Manager?
> |>
> |> I just found a 'drivers' folder in C drive, all the dirs inside show
> |> they were last modified last July... I hope this is a good sign....
> |>
> |> HOWEVER: I just saw something unexpected in my machine that may have to
> |> do with this and maybe it's not malware.. I just opened Windows Media
> |> Center, which I hadn't used in about two or three weeks, and there's a
> |> whole new section in the menu, "internet TV" -- with movies, and other
> |> stuff, this is totally new... I have no idea if this is related to this
> |> thing.. but asking just in case..
> |>
> |> thanks again....
> |>
> |>
> |>
> |>
> |>
>
Unfortunately, you have unwittingly installed malware on your machine.
Whenever yo get popups like this, do not click anywhere on them. Instead,
close them down by using the Task Manager. I suggest that you run a full
system scan with your anti-virus software and Windows Defender and also do a
check using an on-line virus check such as provided by Kaspersky. Allow these
to fix any problems they find.
Dwarf
> hi,
>
> I'm on Vista Ultimate.. all of a sudden I get this message on lower
> right-hand corner of my computer saying something like "to protect
> against malware install such-and-such.." I clicked cancel, closed all
> apps, and restarted the machine..
>
> then when it rebooted it looked like it was installing something.. I
> managed to get a screenshot before it disappeared.. I have no idea what
> this is or where it is installed...
>
> http://www.mayacove.com/misc/ss_unknown.gif
>
> does anybody know what this is and how to un-install it? (if I need to..)
> I didn't find anything in CP -> remove programs that I didn't
> recognize.. the icon in the system tray you see in the screenshot has
> disappeared completely....
>
>
> thank you very much..
>
>
>
>
Further to my previous post, you would be advised to disconnect from the
internet and boot up into SAFE mode to run the first 2 scans that I
suggested. You can then boot up into normal mode, reconnect your Internet,
and then carry out the on-line check.
Dwarf
"Dwarf" wrote:
> Hi maya,
>
> Unfortunately, you have unwittingly installed malware on your machine.
> Whenever yo get popups like this, do not click anywhere on them. Instead,
> close them down by using the Task Manager. I suggest that you run a full
> system scan with your anti-virus software and Windows Defender and also do a
> check using an on-line virus check such as provided by Kaspersky. Allow these
> to fix any problems they find.
> Dwarf
>
> http://www.kaspersky.co.uk/virusscanner
>
> "maya" wrote:
>
> > hi,
> >
> > I'm on Vista Ultimate.. all of a sudden I get this message on lower
> > right-hand corner of my computer saying something like "to protect
> > against malware install such-and-such.." I clicked cancel, closed all
> > apps, and restarted the machine..
> >
> > then when it rebooted it looked like it was installing something.. I
> > managed to get a screenshot before it disappeared.. I have no idea what
> > this is or where it is installed...
> >
> > http://www.mayacove.com/misc/ss_unknown.gif
> >
> > does anybody know what this is and how to un-install it? (if I need to..)
> > I didn't find anything in CP -> remove programs that I didn't
> > recognize.. the icon in the system tray you see in the screenshot has
> > disappeared completely....
> >
> >
> > thank you very much..
> >
> >
> >
> >
unknown device installed.... 
Linear Mode
