[samurai_]

Got some new rogue anti-spyware dropped on my machine through what appeared to be a PDF exploit this morning, "Zinaps Antispyware 2008". I can't find anything useful through searching, but since most of these apps are just re-skins with minor modifications, I thought I'd post a screenshot in hopes that someone would recognize the UI and be able to give me the name of a related program so I can use the steps to clean that as a guideline.

Behavior so far is just constant reminders from the tray that "MY COMPUTER IS INFECTED!". At boot, the "Reminder" program, currently "qxyfr.exe", pops up as well as the Zinaps program itself, "zinaps7.exe". "zinaps7.exe" just hangs as soon as it's brought onto the screen, not sure if it always works that way or if that behavior is just because my wireless card has been turned off.


Here's a screenshot of the Zinaps program...


And here are the two tray icons.


Any help is much appreciated.

 

[samurai_]

Problem appears to be solved. The process name 'qxyfr.exe' may be different on each machine, if yours is different just replace every instance of 'qxyfr' with whatever it is named on yours.

1. Killed the processes in this order: zinaps7.exe, qxyfr.exe.
2. Removed entry from startup using msconfig: qxyfr.exe
3. Removed the following files:
C:\Documents and settings\USERNAME\installer.exe
C:\Documents and settings\USERNAME\Application Data\qxyfr.exe
C:\Documents and settings\USERNAME\Application Data\Zinaps 7\*

There are still traces in the registry, but the warnings have stopped and the application hasn't opened since reboot.

 

[tetonbob]

Hello and Welcome.

These rogues often have a pile of other junk along with them.

If you still require assistance for this issue:

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting in the HijackThis Log Help forum for assistance. There's a sticky at the top of this forum, and a

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

=====================

If you no longer require assistance, can you please Private Message me the URL where you think you caught this rogue?