Malware Undetected. This is a Richard Kennedy special... all hail Homer Simpson.

Hello:
On starting up the Windows XP PC today, I received following in a message box on the screen, with an OK button:
Window Title: This is a Richard Kennedy spacial… all hail Homer Simpson. Amen.
Window Content: Killed 0 processes that had loaded nnotes.dll

Would anyone know of this problem? I searched for above string in google, and found just one link at sunbeltsoftware.com, listing malware analysis.

Thanks in advance for any help you can provide.

more details here it seems, was already reported in April this year:
http://xml.ssdsandbox.net/index.php/8fa59261d20e70e9f8dcee41eb28cf77

Have you tried checking for malware ?

run full scan with avast and MBAM

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
you may post the scan log here

Thank you, Logos, it has been reported. But is there a remedy to remove it? What should I do to disinfect it?

first a boot scan with Avast, and if that doesn’t work do as Pondus suggested, a scan with MalwareByte. (a quick scan; don’t forget to update the software before scanning).

And if that still doesn’t work, someone here (Essexboy) might come to help you, he’s got special magic tools :wink:

Thank you Logos and Pondus. I ran MBAM and also Spybot S&D. Both did not report anything. Avast scan too was clear. What I got from MBAM is as below:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.

All else was clean. Do I need to undertake a detailed scan with MBAM?

Thank you.

no that won’t change anything, if MBAM in quick scan mode didn’t found this, a full one won’t do better ;D (the full scan in mbam is just there to please users).

It appears that MBAM only detected that you don’t want to be notified when your firewall/AV/windows updates are off. If you didn’t do that purposely, then a piece of malware did it. There’s still this pop up that you mentioned in your first post. So what I think is that should stay tuned until Essexboy comes around and help you to clean your system.

OK lets have a look see at your system - are you still getting this popup ?

http://www.geekstogo.com/misc/guide_icons/OTLI.gif
OTL - Download or alternative link here and here to your desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
drivers32
%SYSTEMDRIVE%*.*
%systemroot%\Fonts*.com
%systemroot%\Fonts*.dll
%systemroot%\Fonts*.ini
%systemroot%\Fonts*.ini2
%systemroot%\Fonts*.exe
%systemroot%\system32\spool\prtprocs\w32x86*.*
%systemroot%\REPAIR*.bak1
%systemroot%\REPAIR*.ini
%systemroot%\system32*.jpg
%systemroot%*.jpg
%systemroot%*.png
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%\Adobe\Update*.*
%ALLUSERSPROFILE%\Favorites*.*
%APPDATA%\Microsoft*.*
%PROGRAMFILES%*.*
%APPDATA%\Update*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu*.lnk /x
%systemroot%\system32\config\systemprofile*.dat /x
%systemroot%*.config
%systemroot%\system32*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch*.lnk /x
%USERPROFILE%\Desktop*.exe
%PROGRAMFILES%\Common Files*.*
%systemroot%*.src
%systemroot%\install*.*
%systemroot%\system32\DLL*.*
%systemroot%\system32\HelpFiles*.*
%systemroot%\system32\rundll*.*
%systemroot%\winn32*.*
%systemroot%\Java*.*
%systemroot%\system32\test*.*
%systemroot%\system32\Rundll32*.*
%systemroot%\AppPatch\Custom*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads*.*
%PROGRAMFILES%\Internet Explorer*.tmp
%PROGRAMFILES%\Internet Explorer*.dat
%USERPROFILE%\My Documents*.exe
%USERPROFILE%*.exe
%systemroot%\ADDINS*.*
%systemroot%\assembly*.bak2
%systemroot%\Config*.*
%systemroot%\REPAIR*.bak2
%systemroot%\SECURITY\Database*.sdb /x
%systemroot%\SYSTEM*.bak2
%systemroot%\Web*.bak2
%systemroot%\Driver Cache*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites*.url /x
%systemroot%\System32\Wbem*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Please attach both logs

Great. Essexboy, there is no window popup since the first time. Will post back after doing what you have posted.

Thank you.