Re: Help.. "Noooh.. please try to open task manager etc" sys.exe

From: Malke <notreally@xxxxxxxxxxxxxxx>
Date: Wed, 23 May 2007 06:01:24 -0700

RedSnapper wrote:

Hi

I am getting a pop up from time to time (I think it is when I am using
my computer).

The pop up is headed 'Noooh' and says 'please try to open - task
manager - now' with a yes or no option.

I close it down with task manager then Win Patrol comes back with:

'A new start up program has been detected. c/windows/web/sys.exe'

I deny permission of course.

AVG is not picking anything up, any ideas what this is?

Certainly. A quick Google for "sys.exe" shows that you are infected with a Backdoor.ICR Trojan.

Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware (formerly Ewido - http://www.ewido.net/en/) and follow instructions to do all scans in Safe Mode.

When all else fails, run HijackThis and post your log in one of the specialty forums listed at the link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop (not your local version of BigStoreUSA). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. Have all your data backed up before you take the machine into a shop.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
.

References:
- Help.. "Noooh.. please try to open task manager etc" sys.exe
  - From: RedSnapper

Prev by Date: Help.. "Noooh.. please try to open task manager etc" sys.exe
Next by Date: Re: Removal of Password Protection When Starting Computer
Previous by thread: Help.. "Noooh.. please try to open task manager etc" sys.exe
Next by thread: Re: Removal of Password Protection When Starting Computer
Index(es):
- Date
- Thread

Relevant Pages

Re: Backdoor Win32/Vundo.G!dll
... Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. ... MS-MVP Windows - Shell/User ...
(microsoft.public.windowsxp.general)
Re: How do i get rid of Win32/zlob.zwc?
... Since Vista is so new, it will be a while before removal techniques and tools are developed. ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. ... MS-MVP Windows - Shell/User ...
(microsoft.public.security.virus)
Re: antispystorm
... Since Vista is so new, it will be a while before removal techniques and tools are developed. ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. ... MS-MVP Windows - Shell/User ...
(microsoft.public.security)
Re: pc security lab
... I can't find your exact malware entry but do find PC Cleaner, which is a variant of Vundo. ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. ... MS-MVP Windows - Shell/User ...
(microsoft.public.windowsxp.general)
Re: desktop, activex control
... I cannot change my desktop display, the pictures or selections to chose pictures were disabled, all in gray... ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. ... MS-MVP Windows - Shell/User ...
(microsoft.public.windowsxp.general)