winntify.exe

Viruses and worms
1

There’s a prompt on the taskbar “Windows Notification Software” that says 29xx attacks and what not on it. Ask me to click on the balloon to start or download the software. I checked the Task Manager and i noticed this process running ‘winntify.exe’

I located it in windows/system32 and deleted it.

Hope it works. Need your help to show me the proper way to get rid of this thing.

Thanks.

2

You did the right thing in not downloading it, this is a scam and the only thing wrong with your system is likely to be this rogueware.

Apart from the fact that deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete. It would have been better if you had first added it to the User Files section of the avast chest and then deleted the original. Since it was in the system32 folder, if you had system restore enabled then it is likely that a restore point was created and a copy of this file (now with a different name, like A0001234.exe, etc.), so you may not have completely removed it.

A new tool RogueRemover, available here http://www.malwarebytes.org/rogueremover.php, this is designed for these type of rogue programs and is worth running just to be sure.

3

thanks DavidR ,the new tool RogueRemover is great helpful! :wink:

4

But I can`t install the rogueremover into my computer?

5

Have you tried the usual free adware/spyware scanners?

AVG Anti-Spyware Free (Requires Win2k/XP)
Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free

6

THANKS.

7

This is very strange and the first occurrence of rogueremover not being able to be installed I have seen in the forums. It may be worth checking the MalwareBytes (RogueRemover) forums http://www.malwarebytes.org/forums/ and see if there is a similar problem and post if not.

8

:slight_smile: Hi all :

 To "install" Rogueremover, you need to "unzip" it, by means of an
 unzipping application, such as WinZip, etc .
9

I think xiaochugang image would appear to indicate that he did ???

Or that the downloaded file wasn’t a zip file, http://files4.majorgeeks.com/…/…/spyware/rr-free-setup.exe that would appear to be an installation file not a zip file.

10

OMG!
Indicate What I did?
I dont know... :'( and I cant download the file from the link that I gave(http://files4.majorgeeks.com/.../.../spyware/rr-free-setup.exe)
… ???

11

The URL was simply to indicate (to SpiritSongs) that rogueremover can come as an executable installation file or as a zip file and if you downloaded it as a zip file you had obviously unzipped it otherwise you wouldn’t see the images you posted.

You have pasted the shortened URL ‘name’ and the underlying URL (with a session code) when you hover the mouse you will see a full URL.

However, you can’t download directly from majorgeeks.com as it blocks direct download, you have to go to majorgeeks.com and and then download it (http://majorgeeks.com/RogueRemover_Free_d5360.html). This might be worth downloading again (assuming you didn’t get it from majorgeeks.com, use a different location from the original link I gave you) just to ensure that the installation files wasn’t corrupt.