PDA

View Full Version : Undeletable icons!


Anubis_AF
30-12-04, 19:15
There are icons on my computer than appeared by themselves. I cannot deleted them or even Right-click them. What should I do??? :( :( :( :(

http://img.photobucket.com/albums/v429/Anubis_AF/Problem%20Screenies/Annoying.jpg

Geck-o-Lizard
30-12-04, 19:25
Looks like a nice helping of adware/spyware to me.

Search Google/Yahoo/MSN for these programs:
Ad-aware SE
Spybot S&D
HijackThis
AVG Free

Download and run the programs. Ad-Aware will search for and remove any adware it finds on your computer, including registry entries/registry keys, files, programs and running processes. Spybot will do the same but searching for spyware rather than adware. HijackThis will give you a list of all the processes running on your computer to help you detect and stop some illegitimate programs. And AVG Free is an antivirus program.

Of course if you already have a preference in antivirus/adware removal/spyware removal tools, please feel free to use those instead, this list is just the most widely used easy-to-get programs for the required purposes.

Anubis_AF
30-12-04, 19:33
I've runned the full System Scan on Spyware Doctor 3.1, and it didn't detect anything. Do you think I should install Ad-aware?

Neteru
30-12-04, 19:34
Adaware SE HERE (http://www.download.com/3000-2144-10045910.html)

Spybot S & D HERE (http://www.safer-networking.org/index.php?page=download)

Stick with these two for the time being. They may be enough before going on to more complicated methods like analysing a HijackThis log.

Make sure you have both programs updated before running their respective scans. Once they have been run and removed what they have found, perform secondary scans with both programs.

It will also be useful for you to download and install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) which will help prevent these problems in the first place.

Neteru
30-12-04, 19:36
Spyware Doctor is useless to you unless you pay for it.

Anubis_AF
30-12-04, 19:41
Thanks both.

Anubis_AF
31-12-04, 10:30
Here's the thing. I un-installed Spyware Doctor yesterday, and they disappeared. Now today they appeared again, and after 15 minutes, they disappeared again. :confused:

I've runned Ad-aware Smart scan, and it didn't find them. They are still there.

[ 31. December 2004, 11:25: Message edited by: Anubis_AF ]

Anubis_AF
31-12-04, 13:27
I've just installed Spybot S & D and nothing! What can they be? :( :( :( :( :( :(

Joseph
31-12-04, 13:34
Have you after install of Spybot S&D first updated, and then run the program to scan your entire pc?

Anubis_AF
31-12-04, 13:48
Yes, I always run Update 1st.

Joseph
31-12-04, 14:02
And it has found nothing, but the icons are still there?

Joseph
31-12-04, 14:03
Have you tried System Restore yet?

Joseph
31-12-04, 14:05
Can you find, and uncheck these items in msconfig?
Start / Run... type in
msconfig
click OK.
Go to the tab Starting up items (or something similar, i'm translating from dutch)?
Maybe you can post a printscreen of all items you have in there?

Foamy
31-12-04, 14:57
I had the same trouble.
Anubis_AF : Did you get the toolbar on your browser window and undelteable link in your favourites too? and have u managed to get rid of them yet?

Joseph: I ran a system restore after i scanned my entire PC with norton and it did nothing. The dissapeared at first then reappeared a little later.

Any other suggestions would be good.

Red_Rain
31-12-04, 15:05
I suggest you run all your spywere removers and so forth in safe mode and also turn off your system restore before scanning.

You might also like to use Hijackthis (http://www.spychecker.com/program/hijackthis.html)

use this webpage to desipher your findings Logfile page. (http://www.hijackthis.de/index.php?%20langselect=english)

Joseph
31-12-04, 15:35
This is recommended:
1) Adaware SE from here (http://www.download.com/3000-2144-10045910.html)

2) Spybot S & D from here (http://www.safer-networking.org/index.php?page=download)

3) Install both, update both, run both one after another.
Only if that doesn't help turn off System Restore (you will lose all restore points, but they obviously were infected so they've become worthless anyway), and run AdAwareSE and Spyboy S&D in safe mode.

4) After you cleaned your system, install SpywareBalster (http://www.javacoolsoftware.com/spywareblaster.html) , update it, and enable all protection, to prevent these baddies to sneak into your system in the future.

[ 31. December 2004, 15:36: Message edited by: joseph ]

Joseph
31-12-04, 15:37
Foamy: Norton doesn't recognize these spyware. The other programs recommended in this thread are specialised for the task.

Anubis_AF
31-12-04, 15:42
Joseph:

1st part,

http://img.photobucket.com/albums/v429/Anubis_AF/Problem%20Screenies/1.jpg
_ _ _ _ _ _

2nd part,

http://img.photobucket.com/albums/v429/Anubis_AF/Problem%20Screenies/2nd.jpg
_ _ _ _ _ _

3rd part,

http://img.photobucket.com/albums/v429/Anubis_AF/Problem%20Screenies/3rd.jpg
_ _ _ _ _ _ _

4th part,

http://img.photobucket.com/albums/v429/Anubis_AF/Problem%20Screenies/4th.jpg

Anubis_AF
31-12-04, 15:44
Where is System Restore?

Joseph
31-12-04, 16:23
Right-click "This Computer"/ Properties / tab "System Restore". Shut off S R for all drives.

Joseph
31-12-04, 16:34
Anubis, you should have slided the bar a bit to the right so the Commands for the items are more readable, see pic:

http://joseph.tombraiderforums.com/Images/4th.jpg

But, when you are sure which items are responsible for your problem, you can use the descriptions which are under Location to find them in your Registry. There, you can delete them.

http://joseph.tombraiderforums.com/Images/regedit-run1.jpg

This is the exact adress where you will find the startup items:

http://joseph.tombraiderforums.com/Images/regedit-run2.jpg

[ 31. December 2004, 16:35: Message edited by: joseph ]

Joseph
31-12-04, 16:59
1 - 4 of your items is mcAfee. Let them stay.
5 - MSN messenger. Let stay.
6 Real Player? If yes, let stay.
7 i Tunes. Let stay.
8 Quicktime. Let stay.
9 Ante ? This one i don't know, it says license, so something about registration.
10 Spystopper. Like Net said, this is no use to you unless you buy the program, so uninstall Spystopper. Don't delete this item now, it probably will be gone after you uninstalled the program.
11 MSN messenger. Let stay.
12 Amen 4 ? suspicious to me.
13 ctfmon = related to you Creative soundcard. Let stay.
14 Adobe Gamma Loader. Related to Photoshop. Let stay.
15 ufaveds = very suspicious to me, it is an .exe.
16 ashmaisv = dunno, looks suspicious to me.
17 amen 4 again...
18 ctfmon = Creative soundcard again, let stay.
19 dsn = suspicious to me, it is again an .exe.
20 fdm = dunno, Free what?
21 ICQ = ICQ, if you like it, let stay.
22 irct = suspicious to me, is again an .exe.
23" /WinStart = looks very suspicious to me.
24 Messweb = suspicious to me
25 msnappau and
26 msnmsgr = MSN messenger. Can stay.
27 qrqtstmr = dunno.
28 qttask = Quicktime, can stay.
29 ineimap.exe = very suspicious to me.
30 salm.exe = very suspicious to me. You can delete it also from C:\temp.
31 StealthPrivacyProtection = don't know it, isn't it a fake?
32 jusched = some Java thing, suspicious.
33 svsjkpkn = so far, suspicious.
34 soap = not needed on a computer. :D Suspicious.
35 realsched = again: Realplayer? If yes, can stay.
36 Launchpad - can stay.
37 Scheduler, from "SpyC..."? dunno? What program is it? Anti-spy?
38 Webhosts= i don't have it, why should you.

[ 31. December 2004, 17:01: Message edited by: joseph ]

burninglight
31-12-04, 17:03
anubis, by any chance do you have messenger plus?

Joseph
31-12-04, 18:14
I showed you how you can delete the keys in the Registry which allow these programs to Run each time Windows starts. But that doesn't mean the programs themselves are deleted.
So, what to do.
All the items i found suspicious, you have to look them up, look under Command in msconfig (as shown in your pictures), where they are located. Some may be in Program Files, others in Documents and Settings / Anubis / Local settings / Temp ... andsoforth. Then YOU decide if they are in fact baddies or one of your dear regular programs you use willfully.

Once you are SURE about what is bad and can be deleted, you write down all these bad items' names from msconfig. This is important. Also, from their directories (in Program Files or Temp folders etc. exe's names and repeated obvious names related to the items.

First check in Control Panel / Software if any of these programs you found, are regular programs that can be uninstalled normal way via "uninstall'.

When done, you open Explorer and search for all these items. Now you can delete everything it finds. Items that will not go away and you get warnings that they are in use, reboot in safe mode and try again. To reboot in safe mode: hold down the F8 key during startup, just after the bios info and before Windows.

Note, that in cases when your Windows is infected with serious trouble, it is often easier to format your hdd and reinstall Windows completely, than be busy with tedious removing actions without being sure if you got rid of the problem.

Simulation
31-12-04, 18:15
Hi Anubis_AF,

It looks like it is salm.exe. I found this on the web :-

What Is It?
180Search Assistant - salm.exe

What Does it Do?
180Search Assistant is generally installed by some other piece of spyware. This not only displays ads but logs your browsing habits to send back to 180! If you have this you most likely have several other programs that you need to uninstall.

Download this program Startup Control Panel (http://www.mlin.net/StartupCPL.shtml) (similar to msconfig, but more controls) and disable salm.exe. Once you reboot you should be able to delete the file and the Icons. More Info..... (http://www.iamnotageek.com/a/394-p1.php)

[ 31. December 2004, 18:20: Message edited by: Simulation ]

burninglight
31-12-04, 19:34
sim, i used to have anubisis problem and it something to do with spyware in messenger plus. uninstall messenger plus, do a scan with spybot and norton (presuming you use them.
then reinstall make sure you do not want info from yahoo! or anything ( go through the setup slowly)

Anubis_AF
01-01-05, 00:46
OK thanks joseph and Simulation.
mattioz, no I don't have MSN plus.

Olvidarse
01-01-05, 00:46
What's C-Dilla? Sounds suspicious http://www.tombraiderforums.com/images/smilies/privateeye.gif .

http://img.photobucket.com/albums/v608/Sausagewithteeth/Webbings/cdilla.jpg

Anubis_AF
01-01-05, 01:02
There is no salm.exe Sim. :confused:

Anubis_AF
01-01-05, 01:32
The icons have disappeared after I've runned the full scan with Ad-aware. But I think they'll come back.

Q: When Hijackthis finds suspected files, should all be deleted? It warns that deleting some files will cause problems.

Joseph
01-01-05, 01:43
Originally posted by Olvidarse:
What's C-Dilla? Sounds suspicious http://www.tombraiderforums.com/images/smilies/privateeye.gif .

http://img.photobucket.com/albums/v608/Sausagewithteeth/Webbings/cdilla.jpghttp://www.auditmypc.com/freescan/readingroom/cdilla.asp

Simulation
01-01-05, 02:37
Originally posted by Anubis_AF:
There is no salm.exe Sim. :confused: It was displayed in your msconfig

http://simulation.tombraiderforums.com/forum/anubis.jpg

Simulation
01-01-05, 02:45
C-dilla is a licensing program used on such products as Autodesk AutoCAD and Inventor.

Foamy
01-01-05, 11:01
I don't have salm.exe either. I looked through mosta the tabs in msconfig and it's not there. Here are screenies of mine.

Part 1
http://img.photobucket.com/albums/v475/foamy222/msconfig1.bmp

Part 2
http://img.photobucket.com/albums/v475/foamy222/msconfig2.bmp

This is so annoying. It's like there not even there in menus. http://www.tombraiderforums.com/images/smilies/c-1.gif

burninglight
01-01-05, 11:14
has it changed your homepage yet?
it will to mysearchnow.com or something

Foamy
01-01-05, 11:40
http://www.tombraiderforums.com/images/smilies/hug.gif Thankyou so much forposting about the MSNplus thing.I uninstalled it and it got rid of them and so far they haven't come back. Yeah it did change my home page to that mysearchnow.com and put a whole load of stuff in my favourites and gave me this wierd toolbar on my browser window that appeared to do absolutley nothing. Thanks again. :D :D :D

Anubis_AF
01-01-05, 13:46
New Year old problem. Any new ideas guys about how to solve this problem?

[ 01. January 2005, 13:49: Message edited by: Anubis_AF ]

Joseph
01-01-05, 13:56
NEW ideas??? Are you crazy, Anubis?! As i posted on page 1: Originally posted by joseph:
1 - 4 of your items is mcAfee. Let them stay.
5 - MSN messenger. Let stay.
6 Real Player? If yes, let stay.
7 i Tunes. Let stay.
8 Quicktime. Let stay.
9 Ante ? This one i don't know, it says license, so something about registration.
10 Spystopper. Like Net said, this is no use to you unless you buy the program, so uninstall Spystopper. Don't delete this item now, it probably will be gone after you uninstalled the program.
11 MSN messenger. Let stay.
12 Amen 4 ? suspicious to me.
13 ctfmon = related to you Creative soundcard. Let stay.
14 Adobe Gamma Loader. Related to Photoshop. Let stay.
15 ufaveds = very suspicious to me, it is an .exe.
16 ashmaisv = dunno, looks suspicious to me.
17 amen 4 again...
18 ctfmon = Creative soundcard again, let stay.
19 dsn = suspicious to me, it is again an .exe.
20 fdm = dunno, Free what?
21 ICQ = ICQ, if you like it, let stay.
22 irct = suspicious to me, is again an .exe.
23" /WinStart = looks very suspicious to me.
24 Messweb = suspicious to me
25 msnappau and
26 msnmsgr = MSN messenger. Can stay.
27 qrqtstmr = dunno.
28 qttask = Quicktime, can stay.
29 ineimap.exe = very suspicious to me.
30 salm.exe = very suspicious to me. You can delete it also from C:\temp.
31 StealthPrivacyProtection = don't know it, isn't it a fake?
32 jusched = some Java thing, suspicious.
33 svsjkpkn = so far, suspicious.
34 soap = not needed on a computer. :D Suspicious.
35 realsched = again: Realplayer? If yes, can stay.
36 Launchpad - can stay.
37 Scheduler, from "SpyC..."? dunno? What program is it? Anti-spy?
38 Webhosts= i don't have it, why should you. Originally posted by joseph:
I showed you how you can delete the keys in the Registry which allow these programs to Run each time Windows starts. But that doesn't mean the programs themselves are deleted.
So, what to do.
All the items i found suspicious, you have to look them up, look under Command in msconfig (as shown in your pictures), where they are located. Some may be in Program Files, others in Documents and Settings / Anubis / Local settings / Temp ... andsoforth. Then YOU decide if they are in fact baddies or one of your dear regular programs you use willfully.

Once you are SURE about what is bad and can be deleted, you write down all these bad items' names from msconfig. This is important. Also, from their directories (in Program Files or Temp folders etc. exe's names and repeated obvious names related to the items.

First check in Control Panel / Software if any of these programs you found, are regular programs that can be uninstalled normal way via "uninstall'.

When done, you open Explorer and search for all these items. Now you can delete everything it finds. Items that will not go away and you get warnings that they are in use, reboot in safe mode and try again. To reboot in safe mode: hold down the F8 key during startup, just after the bios info and before Windows.

Note, that in cases when your Windows is infected with serious trouble, it is often easier to format your hdd and reinstall Windows completely, than be busy with tedious removing actions without being sure if you got rid of the problem.Also, Sim looked up on the internet what salm.exe stands for. So you know what you have to do now, don't you.

Anubis_AF
01-01-05, 14:03
No joseph, I'm not crazy. :rolleyes:
I checked the ones you said and disabled them. And about the ones you said look suspisious, the command isn't shown, and neither is the location. How am I suposed to know where are they? http://www.tombraiderforums.com/images/smilies/c-3.gif

EDIT: Sim, I know it is found in the screenshot, but when I downloaded the thign u asked me to, there was no slam.exe there, that's what I meant. http://www.tombraiderforums.com/images/smilies/wave.gif

[ 01. January 2005, 14:14: Message edited by: Anubis_AF ]

Joseph
01-01-05, 14:53
Anubis. Disabling the items by unchecking them is not enough. These items have to be removed, or they will keep enabling themselves.
Yes, the commands are shown. See pic:

http://joseph.tombraiderforums.com/Images/3rd-command.jpg

1. = Command. Take with your mousepoint the border between 'Command' an 'Location' and slide this bar to the right so that the complete Command-line becomes visible.
2. = there is salm.exe. As you can read, it is in C:\temp. So you can find it. So you can delete it.

Indeed, you have no "slam.exe". We are talking about salm.exe.

[ 01. January 2005, 14:57: Message edited by: joseph ]

Anubis_AF
01-01-05, 15:05
I typed the command and it gave me this:

http://img.photobucket.com/albums/v429/Anubis_AF/Problem%20Screenies/Salm.jpg

BTW, the location, it starts with HKLM or SOFTWARE etc... where are they found? In C or D ?

Joseph
01-01-05, 15:10
HKLM = HKEY_LOCAL_MACHINE. It's a department in The Registry. You come there via Start / Run... type in
regedit
and click OK.
As i mentioned on page 1, Anubis.
So, please read the replies in this thread.

[ 01. January 2005, 15:10: Message edited by: joseph ]

Joseph
01-01-05, 15:16
Originally posted by Anubis_AF:
I typed the command and it gave me this:

Which 'command', Anubis!? That picture shows! :rolleyes: Please DON'T TYPE IN COMMANDS like that. In this picture:

http://joseph.tombraiderforums.com/Images/3rd-command.jpg

"Command" stands for: "this is the WINDOWS - command that belongs to this item". It is just for your information. Next thing you can do is navigate to that place, to be able to delete the folder in which the executable (.exe) of this baddie is seated. So, you open "This Computer", open your "C", look (with your eyes) for a folder named "temp" -which does not belong there in Windows XP-, and delete it.

[ 01. January 2005, 15:24: Message edited by: joseph ]

Anubis_AF
01-01-05, 15:19
Listen, why do you keep offending me joseph? Excuse me for not understanding and knowing everything about computers. :confused: http://www.tombraiderforums.com/images/smilies/privateeye.gif

[ 01. January 2005, 15:21: Message edited by: Anubis_AF ]

Joseph
01-01-05, 15:23
The last thing i ever wanted is offend you Anubis. I got a little impatient that's all. Please forgive me. Only trying to help, you know. http://www.tombraiderforums.com/images/smilies/hug.gif

Anubis_AF
01-01-05, 15:29
Oh ok. I just felt like it. I'm also little angry for not being able to remove them.
Sorry for the misunderstanding. http://www.tombraiderforums.com/images/smilies/hug.gif

Anubis_AF
01-01-05, 15:33
OK I'm deleting all the things you meantioned suspicious.. This may take a while.

[ 01. January 2005, 15:37: Message edited by: Anubis_AF ]

Joseph
01-01-05, 15:39
Be careful Anubis! Not ALL the things i found suspicious are bad till you have sorted out what they are!!!
Use the "Command" -info to look where they are located on your C:\ -drive, study a bit on their identity. If it is a regular program you recognise, let it stay.

Joseph
01-01-05, 15:45
Oh, and when i said: So, you open "This Computer", open your "C", look (with your eyes) for a folder named "temp" -which does not belong there in Windows XP-, and delete it.
i meant exactly (yes, always be careful!) "C:\temp" does not belong there in Windows XP. But DON'T confuse it with C:\Windows\Temp; or C:\Documents and Settings\Anubis\Local Settings\Temp; because those DO belong there, and should NOT be deleted!

Anubis_AF
01-01-05, 15:47
OK, I looked in command. http://www.tombraiderforums.com/images/smilies/smile.gif http://www.tombraiderforums.com/images/smilies/wave.gif

Anubis_AF
01-01-05, 15:59
I restarted my PC, and they aren't there. http://www.tombraiderforums.com/images/smilies/privateeye.gif
Maybe they are gone for good, maybe they're hiding. I'll let you know if they appear again.

Joseph
01-01-05, 17:08
Hey that sounds really good Anubis! :D http://www.tombraiderforums.com/images/smilies/thumb.gif Fair chance you crushed them in this 'sledge-hammer' way.
Best is to re-enable System Restore, as soon as you have good impression everything is all right again.

Anubis_AF
01-01-05, 19:22
OK, I'll wait 2 more days just to be sure. Thanks.

BTW, I installed the Spyware Blaster to stop problems form happening in the 1st place.

[ 01. January 2005, 19:30: Message edited by: Anubis_AF ]

Joseph
01-01-05, 21:09
That's a very good tool (SpywareBlaster). Each time you have booted Windows, look for updates, and enable All Protection before you go surfing. http://www.tombraiderforums.com/images/smilies/thumb.gif

Anubis_AF
01-01-05, 21:12
Thankies. http://www.tombraiderforums.com/images/smilies/hug.gif

Joseph
01-01-05, 21:28
Welcome Anubis. http://www.tombraiderforums.com/images/smilies/hug.gif

Anubis_AF
02-01-05, 12:45
http://www.tombraiderforums.com/images/smilies/hug.gif

1 day without them and still counting! http://www.tombraiderforums.com/images/smilies/jumper.gif :D

Joseph
02-01-05, 13:32
Good Beginning of the New Year! http://www.tombraiderforums.com/images/smilies/thumb.gif :D

Anubis_AF
05-01-05, 13:25
It's been more than 3 days since their disappearance. They're gone for good hopefully. Thanks for the help jo. http://www.tombraiderforums.com/images/smilies/wave.gif

Joseph
05-01-05, 13:41
http://www.tombraiderforums.com/images/smilies/thumb.gif I'm glad for you! Now have you enabled System Restore yet?
http://www.tombraiderforums.com/images/smilies/wave.gif

Anubis_AF
05-01-05, 14:01
Yep. http://www.tombraiderforums.com/images/smilies/smile.gif