Hi all, I cant get rid of this stupid program. I scanned all computer with NOD32, it found Win32/TrojanDownloader.Zlob.II trojan. I deleted it. I am attaching a screenshot. I just cant find out which program shows me this baloon popup. I had a look at RUN keys in registry (HKLM and HKCU). Of course, I checked STARTUP folder, but there were no shortcuts.. I tried "msconfig" tool but I didnt find any suspicious entries. Even, I tried killing programs via Task Manager but it didnt help me. I leave only windows programs (SYSTEM and explorer.exe and so on) running but it still appears in taskbar. Could somebody help me? Is there anything else what should I check? I am attaching STARTUP list, if somebody experienced has a time to look at it.. thank you in advance.. --- I scanned computer in SAFE MODE...
Looks like u may be infected with SpyAxe, http://castlecops.com/a6430-SpyAxe_Symptoms_of_Infection_and_Cleanup.html snowbound
Looks like your PC has been infected by a Trojan that has sort of disguised itself as some sort of Trojan warning you about infections etc. I just cant find out which program shows me this baloon popup. Does this baloon pop up everytime you power up the PC ? Even, I tried killing programs via Task Manager but it didnt help me. No it wont Task Manager will only close it down but it will re-appear next time you boot up your PC again, you need to physically delete it. I ams suggesting both these files are related, the one you deleted and this baloon one. Try the following:> C drive, Doc and settings, All Users, Start Menu, Progs and Startup. See if you see any thing suspicious in your startup menu and if so delete it. Also I would do a full scan using Ewido, Spybot S&D and also Adaware SE. Let me know how you go.
Thank you all! I ran scan with Spyware Doctor but since it was only trial version I couldn't remove it (there was SpyAXE, some other spyware programs and so on)... But it helped me because I found out which files are responsible for it. So I deleted them, removed registry entries from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run. Damn I didn't know that Windows runs files from this location.... THANK YOU once again.. I made copies of all that files and I am going to send them to ESET for further analyse and possible detection added...