# AmIcoSingLun



## tirta (Dec 18, 2008)

This has turned up in my 'PROGRAMS' folder - uninvited.
Can anyone tell me what it is and does, please?
If it's a 'nasty' - how do i get rid of it?
Thanks.


----------



## Cheeseball81 (Mar 3, 2004)

According to Google, it can be both legitamite or mailicious.

It seems to be associated with AlcorMicro Co., an Icon Utility

It also described it as "When different cards are inserted into the card reader, it shows different icons according to the inserted card type."

Do you use a memory card in your computer or have recently?

If not, we will further investigate the file.


----------



## tirta (Dec 18, 2008)

Thanks for this.
I have not used a memory card.
Any further help will be appreciated.


----------



## Cheeseball81 (Mar 3, 2004)

*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 

AND -

Run Hijack This and click *Open the Misc Tools* section.
Click Open Uninstall Manager > Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of this log.


----------



## tirta (Dec 18, 2008)

This looks good.
Thanks for all your trouble.
I've copied your instructions and will follow them off-line.


----------



## Cheeseball81 (Mar 3, 2004)

Okay


----------



## tirta (Dec 18, 2008)

Here's the info you required. Thanks for helping.


----------



## Cheeseball81 (Mar 3, 2004)

There it is....*Alcor Micro USB Card Reader* - so it's definitely legit.

Your log doesn't look too bad. Your* AVG* is outdated. 
I would recommend you upgrade to version *9*.

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

*R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O13 - Gopher Prefix: *

Close Hijack This and reboot.

Post a new log.


----------



## tirta (Dec 18, 2008)

I find it amazing that you can make sense of these results.
Thanks so very much.


----------



## tirta (Dec 18, 2008)

Here are the latest.


----------



## Cheeseball81 (Mar 3, 2004)

The entries are still there. Not that they are harmful. My feeling is SpyBot's TeaTimer is prohibiting the fixes.

*Temporarily disable SpyBot's TeaTimer*:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

http://russelltexas.com/malware/teatimer.htm

Now refix those same entries with HijackThis and reboot.

And here is the link to the newest *AVG*: http://free.avg.com/us-en/free-antivirus-download


----------



## tirta (Dec 18, 2008)

Thanks, once more.
I've done as adivsed.
I've attached the lastest files, in case you need to look.


----------



## Cheeseball81 (Mar 3, 2004)

Thank you. I see that SpyBot is off now. But did you recheck those entires in HijackThis afterwards?

And the old AVG is still there.


----------



## tirta (Dec 18, 2008)

Yep - all fine now thanks.
Will update AVG - asap.


----------



## Cheeseball81 (Mar 3, 2004)

Ok good.


----------

