Green Shield Icon Virus

April 11, 2010 at 16:38:40
Specs: Windows XP SP2 Proffesional
Why hello fine gentlemen,

So to sum this up: A few hours ago I got the so called "Green Check Icon Virus" that is referred to in this thread (
I followed the steps from the scanning on, suposing it'd be a similar problem, that means the whole "delete java related programs, then run combofix properly" part. Everything went fine, I'd say, even though eventually I had to remove the actual virus files manually.
Then I rebooted but I couldn't boot back on properly, since after loading windows I got a flash of a blue screen (not the infamous BSoD) and the comp was rebooted. I recall seeing before, so it might be an old problem which has resurfaced somehow. Be how it be, every time I've tried to start in normal mode I've gotten my comp rebooted.
As you can imagine, this is a major pain in the neck, your help would be greatly apreciated.

Thanks in advance.


See More: Green Shield Icon Virus

Report •

April 11, 2010 at 18:27:49
"Everything went fine, I'd say, even though eventually I had to remove the actual virus files manually.
Then I rebooted but I couldn't boot back on properly, since after loading windows I got a flash of a blue screen
(not the infamous BSoD) and the comp was rebooted.

This sounds like you deleted the userinit.exe file. these are the instructions for reinstalling it.

1.Insert the original Windows XP CD (Windows XP with Service Pack 2 is preferred, but not required any xp CD should work) and reboot the computer. You may need to configure your computer to boot from the CD-ROM drive.
2.When the Windows XP Setup has started, press "R" to "repair the Windows XP installation using Recovery Console".
3.Select the Windows installation to repair (generally this is C:\Windows) by typing its number and then pressing ENTER.
4.Type the Administrator password (usually blank or nothing at all) and press ENTER.
5.Type the following commands:
NOTE: If your CD-ROM drive has a different letter assigned to it, enter "X:" instead, where X is the appropriate drive letter.
After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.

Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer. You should now be able to log on normally.

Report •

April 12, 2010 at 17:31:05
Wonderful, everything seems to be back to normal now.
Gentleman, I'm in debt with you.

Still, two questions, if too offtopic please ignore them:

1- Are Firefox' markers/favorite listed pages stored anywhere they can really be taken from? I mean, does it create something like a listfile that can be replaced in another computer for them to appear without manually adding them? If so, the usual file name would be wonderful to have it'd help massively with future formats.

2- What is the technic name for those fake antivirus programs?

Thanks again for all your help.


Report •

April 12, 2010 at 19:09:09
This is not much of an answer but for what it is worth here it is.

1. I use firefox but cannot answer that question and it may be better answered at the Mozilla site...some of the guru's around here may know.
2. There are hundreds maybe thousands of fake antivirus programs and want-to-be's so a name is practically invalid although there are two or three more infamous than others and can be easily googled ...there are many and getting tougher to remove.

Wish I could provide you with better answers.

Number one thing you need to do this:

Download ATF Cleaner from this link:
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

FYI ...I do not solicit the Spywareblaster program, many help forums suggest it that's why I do.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.

Report •

Related Solutions

April 13, 2010 at 14:51:31
SpywareBlaster doesn't even run in the background. What it does is put kill bits in the registry to stop malware ridden websites from being able to function.

The only time it uses any resources is while you are updating its data base, a matter of seconds every fortnight. It's a worthwhile program which acts as a "preventative".

Apart from updates you do absolutely nothing. The only negative is that it won't trap anything that has arrived in the fortnight since its last update.

Sorry if I was being a bit pedantic above - just clarifying.

I don't know the correct name for those scams. I call them "bogus Anti-Malware programs" but your "fake antivirus" is pretty good. If one pops up use Alt+F4 keys to close the window (or Ctrl-Alt-Delete and End Task) because using the mouse on the corner X is like saying yes. After that, to be on the safe side, clear your Temporary Internet Files - you are then most unlikely to get infected.

What's the time?

Report •

Ask Question