Green Check Icon Virus

Dell / Dell dv051...
March 22, 2010 at 18:20:52
Specs: Microsoft Windows XP Professional, 3.059 GHz / 1014 MB
Hey, starting late last night I noticed a strange green check icon on my toolbar that kept telling me to download it's anti-spyware/virus product. It repeatedly kept trying to scan my computer for "problems." It wouldn't let me run or download ANY anti-virus products.

I finally downloaded rkill, and had to renamed it explorer to use the program, but it stopped the malware. I was then able to run Malwarebytes and SuperAntiSpyware and they found and supposedly fixed the problem. When it asked me to reboot to permanently remove the problem, I did, but when my computer started back up the virus was back on there. They didn't actually get rid of it.

I repeated the process with my computer in safe mode with the same results.

I desperately need help getting this thing off my computer and I have a hijack this log file if anyone needs it.


See More: Green Check Icon Virus

Report •

March 22, 2010 at 19:08:56
Please post the follow scan results.

Download DDS and save it to your desktop.

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.

Report •

March 22, 2010 at 19:20:06
Took this post down because it had detailed information about my system on it. Since my problem is fixed, it's no longer necessary to have it up. Better safe than sorry.

Report •

March 22, 2010 at 19:20:41
Took this post down because it had detailed information about my system on it. Since my problem is fixed, it's no longer necessary to have it up. Better safe than sorry.

Report •

Related Solutions

March 22, 2010 at 19:49:12
Go to start> control panel> add/remove programs and uninstall these programs at least until we get the computer clean.

Java 2 Runtime Environment, SE v1.4.2_03 (old open port)
Java(TM) 6 Update 2 (old open port)
Java(TM) SE Runtime Environment 6 Update 1 (old open port)
LimeWire 4.16.6 (harbors spyware)
Viewpoint Manager (Remove Only)
Viewpoint Media Player (harbors spyware)

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your AVG antivirus and Spybot's TeaTimer must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:


Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Report •

March 22, 2010 at 21:08:51
Thank you! That appears to have fixed the problem! I can stop pulling my hair out now....heh.....

Once again, thanks.

Report •

March 23, 2010 at 03:46:05
A little clean-up to do.

Delete DDS from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.

Report •

Ask Question