Hi,

I have a huge problem. My PC which is running Windows XP Home has become infected with a weird virus. It is NOT the red circle white cross which deposits itself in the tray.

When Xp Home boots up the welcome screen appears a grey box with a white square in the upper left and a greyed out red close button in the upper right corner. In the main body is a red cirdle with a white cross in it and two buttons one marked "Yes" and the other "No".

At this point the boot up stops if you click on the "No" button the "Profile Page" appears and when you select the user a blank desktop appears and it returns to the profile page and proceeds to log off, then the grey box apppears again, the same thing happens if you choose "Yes". There is a couple of instances of the "Illegal Operation" tone sounding during boot up just before the grey box appears.

The only way I can get into Windows is "Safe Mode" I can't even get into "Safe Mode with Network". I've scanned for viruses and found nothing. I've restored to an earlier time and it still appears. I can only run "HiJackThis" from "Safe Mode" and the resulting logfile provide no relevant information. i've spent hours searching for some reference to this problem and found nothing.

If anyone has a fix or a link to a site that has a fix I'd appreciate it or if anyone knows the name of the problem it would be great.

Regards Kopie

Re: Red Circle, White Cross Malware

Good luck. Sometimes a format is best. Ghost the disk so you can recover your files later. However, let us see if we can fix it first. In safe mode, click Start, Run, and type sfc /scannow. Note the space between sfc and /. You will need your XP disk. Reboot and see if this helped. No? Safe mode again. Start, Run, type msconfig. Untick everything in the startup tab. Will it start? It should, but maybe not. Turn off system restore (since it didn't help anyway), and ensure that all restore point data is deleted. You will have to show system files to see the restore file data. Delete all temp files - Internet cache, C:Temp, Windows temp, Documents and Settings, Username, Local Settings, Temp (for each user) and Internet files whilst you are here. Run a service like Trend Micro's Housecall (online virus scan). Do a full scan with your onboard AV. Run HijackThis again. Post the logfile to http://www.hijackthis.de/ and fix suggested. Run Adaware or Spybot. Post back with progress.

Chris B

Re: Red Circle, White Cross Malware

Hi Chris,

Many thanks for your suggestions I tried nearly everything you set out in your reply. The sfc /scannow didn't appear to do anything, briefly a "Command Prompt" window appeared the Hard drive light flickered for 30secs or so then nothing. I used "msconfig" unticked everything still made no difference. "Sytem Restore" was turned off all temp files deleted.

I couldn't run the Trend online virus scan as I can only get into Safe Mode and DialUp Networking is not installed in Safe Mode. I'm using AVG7 Free Edition and it picks up nothing except an error in the MBR could this be where this malicious code resides? I ran "HijackThis" but again as I'm in Safe Mode I see nothing Malicious in the log file. Can I install Adaware or Spybot in Safe Mode?

Finally a format does look good at this stage lol.

Regards PAUL

Re: Red Circle, White Cross Malware

Mate, I think you are right. The point comes where it just isn't worth it any more. Save My Documents, mail messages, address book, mail accounts, etc., and format it. A new system is fun anyway. You can activate XP as many times as you like provided there are no hardware changes.

Chris B

Re: Red Circle, White Cross Malware

Hi Chris,

If no other members post a suggestion regarding this problem by early next week then I'll go ahead and reformat. It's my wife's computer and we aren't stuck regarding getting online etc, but I'm certainly getting grief about it. The galling thing is that I reinstalled everything a few weeks ago and forgot to install Zone Alarm but I ain't owning up to that one, lol. Thanks for your efforts in the meantime if you think of anything let me know.

Regards PAUL

Re: Red Circle, White Cross Malware

I did not look at the previous answers but can you run a "HijackThis" scan and paste the results here?

Re: Red Circle, White Cross Malware

Hi Tom,

I have run HijackThis but I can only run it from "Safe Mode" and it only reports on the basic system that is installed in Safe Mode. This problem has been a nightmare as I can't even use Safe Mode with Networking to give me some sort of internet connection to try and solve the problem. I thank you for your interest. I've decide to re-format and re-install everything sometimes it's quicker to do that. I'l make sure that the PC is properly Firewalled probably use Zone Alarm intead of trusting the Windows Firewall. I'd still like to know what the hell this thing is though as it's a real nasty.

Best Regards PAUL

Re: Red Circle, White Cross Malware

Paul.

I never heard of it either, but if you ever find out post back and let us know, I will do the same, as I am looking to find out myself. I like to collect causes and fix's, Bye

Tom

Re: Red Circle, White Cross Malware

Hi Tom,

I will do. Thanks again for your help.

Regards PAUL

In situations like this the best bet is to offload your important files and just do a clean OS install. This way you will be clean of all infection and you can load up some quality anti-malware software and prevent another infection in the future.