Chip;
The Restoration would not remove files, only Registry entries, like startup spyware and Services. Those are really important items to control. You're ahead of the game now. Check for updates again for all anti-vermine software, then re-scan with everything, fix problems, reboot tapping F8 to enter Safe Mode and rescan with everything in Safe Mode.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 10 June 2006 at 10:27 AM.]</p></FONT>
SpyBot Registry Warning Flag - keeps popping up
Moderator: Wiz Feinberg
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
Wiz,
I forgot to mention (I think) I have XP as my OS.
Once this gets staightened out, what should I run for protection programs?
Here's what I have now: adaware; spybot; spywareblaster; avast; hijackthis; cwshredder;
a-squaredhijackfree; a-squaredfree (trojan); trendmicro 'housecall'.
Interestingly - I have to re-download the last 4 above, but curiously,HIJACKTHIS was not removed.
I'll continue on.
Chipper<font size="1" color="#8e236b"><p align="center">[This message was edited by CHIP FOSSA on 10 June 2006 at 11:10 AM.]</p></FONT>
I forgot to mention (I think) I have XP as my OS.
Once this gets staightened out, what should I run for protection programs?
Here's what I have now: adaware; spybot; spywareblaster; avast; hijackthis; cwshredder;
a-squaredhijackfree; a-squaredfree (trojan); trendmicro 'housecall'.
Interestingly - I have to re-download the last 4 above, but curiously,HIJACKTHIS was not removed.
I'll continue on.
Chipper<font size="1" color="#8e236b"><p align="center">[This message was edited by CHIP FOSSA on 10 June 2006 at 11:10 AM.]</p></FONT>
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Chipper;
Don't forget to grab a copy of Windows Defender, if your XP is properly licensed. It is good for protecting system settings and rfeversing the effects of a lot of malware, including some rootkits.
Here's the low-down on stacking security products.
Have only 1 anti-virus program to avoid system level conflicts and slowdowns.
Have only one protective program monitoring system changes. That means that if you install Defender you should disable the Spybot Tea Timer system monitor and let Windows Defender handle that job.
Have one paid anti-spyware program, that is updated frequently, and as many free ones as you can manage, since none of them will find 100% of the current threats by themselves.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
Don't forget to grab a copy of Windows Defender, if your XP is properly licensed. It is good for protecting system settings and rfeversing the effects of a lot of malware, including some rootkits.
Here's the low-down on stacking security products.
Have only 1 anti-virus program to avoid system level conflicts and slowdowns.
Have only one protective program monitoring system changes. That means that if you install Defender you should disable the Spybot Tea Timer system monitor and let Windows Defender handle that job.
Have one paid anti-spyware program, that is updated frequently, and as many free ones as you can manage, since none of them will find 100% of the current threats by themselves.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
-
Jack Stoner
- Posts: 22147
- Joined: 3 Dec 1999 1:01 am
- Location: Kansas City, MO
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
Wiz,
I'm not sure where to disable SB's TeaTimer. I forgot. I'll put on Windows Defender.
Here is the lowdown on "NOT IN SAFE MODE" scanning [less-Window Defender]:
AVAST: nothing infected
TRENDMICRO: not responding
ADAWARE: 13 negligible objects; 1 critical object [steelforum] - did nothing
SPYBOT: no immediate threats were found
a2FREE: malicious objects: 10 - all were removed successfully
a2HIJACK: REQUIRING ATTENTION: sunjava update
schedule; cthelper; quicktime task; 1025 UDP;
csrss.exe
CWSHREDDER: scan is complete. coolwebsearch was not found on this system
I'm not sure where to disable SB's TeaTimer. I forgot. I'll put on Windows Defender.
Here is the lowdown on "NOT IN SAFE MODE" scanning [less-Window Defender]:
AVAST: nothing infected
TRENDMICRO: not responding
ADAWARE: 13 negligible objects; 1 critical object [steelforum] - did nothing
SPYBOT: no immediate threats were found
a2FREE: malicious objects: 10 - all were removed successfully
a2HIJACK: REQUIRING ATTENTION: sunjava update
schedule; cthelper; quicktime task; 1025 UDP;
csrss.exe
CWSHREDDER: scan is complete. coolwebsearch was not found on this system
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
Thanks Jack. I missed your response on Zone Alarm, before. Yup, I have ZA. That seems to work well.
Well fellas, I'm gonna head out to the Knights of Columbus for a while, and throw back a few. This PC has taken it's toll on my brain; what with all the .coms, I'm starting to see real dots, now.
But, again, I want to thank Wiz, Jack and Dave for helping me here, and staying the course. If ya'll hadn't jumped in, I wouldn't no where to turn. This Forum is just the greatest [I didn't forget you either b0b - much thanks to you, too].
Chip
Well fellas, I'm gonna head out to the Knights of Columbus for a while, and throw back a few. This PC has taken it's toll on my brain; what with all the .coms, I'm starting to see real dots, now.
But, again, I want to thank Wiz, Jack and Dave for helping me here, and staying the course. If ya'll hadn't jumped in, I wouldn't no where to turn. This Forum is just the greatest [I didn't forget you either b0b - much thanks to you, too].
Chip
-
Jack Stoner
- Posts: 22147
- Joined: 3 Dec 1999 1:01 am
- Location: Kansas City, MO
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
Hello everyone,
I've been out of town working and was not able to keep up here for the past couple days.
I'd like to put on Windows Defender, but I don't know how to take out TeaTimer in Spybot.
Also, Wiz, I'm confused by "you'll have to run a HijackThis log and post it" that you mentioned in your thread on seeking help elsewhere. I haven't even opened up or installed HijackThis yet [it's a Winzip file]. What is a log, anyway? And how do you go about posting one?
Anyway, things this morning seem OK, and I re-checked a-SquareHijack and this is what is left of the BAD stuff:
SunJavaUpdateSchedule:
Name:
WMON added by AGOBOT-OW worm
SJUS added by ADBOT-AVX worm
" " " SDBOT-WI worm
QuickTimeTask:
QTT CoolWebSearch Parasite Variant
QTT Netvision Dialer
1025UPD: Netspy, Maverick's Matrix, Remote Storm
CSRSS.EXE:
Filename: Path:
csrss.exe %Winpath%\ worm transmitted via
email
csrss.exe %Winpath%\Winsecurity\
SOBER.Z worm
I've been out of town working and was not able to keep up here for the past couple days.
I'd like to put on Windows Defender, but I don't know how to take out TeaTimer in Spybot.
Also, Wiz, I'm confused by "you'll have to run a HijackThis log and post it" that you mentioned in your thread on seeking help elsewhere. I haven't even opened up or installed HijackThis yet [it's a Winzip file]. What is a log, anyway? And how do you go about posting one?
Anyway, things this morning seem OK, and I re-checked a-SquareHijack and this is what is left of the BAD stuff:
SunJavaUpdateSchedule:
Name:
WMON added by AGOBOT-OW worm
SJUS added by ADBOT-AVX worm
" " " SDBOT-WI worm
QuickTimeTask:
QTT CoolWebSearch Parasite Variant
QTT Netvision Dialer
1025UPD: Netspy, Maverick's Matrix, Remote Storm
CSRSS.EXE:
Filename: Path:
csrss.exe %Winpath%\ worm transmitted via
csrss.exe %Winpath%\Winsecurity\
SOBER.Z worm
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
Spoke too, soon I guess.
I was looking around in ADD/REMOVE to see if TeaTimer was listed, and saw that there were 2 entries for JAVA - SSE Runtime Environment 5.0 Update 5, and another for Update 6. Both were listed at around 120MB, so I decided to remove #5 and put back those 120MBs.
The PC feaked-out with one after another of those Spybot-padlocked boxes stating that "registry entry was denied". As soon as I clicked off one, another would pop up. They all had to do with ActiveX. Finally, I just turned off the PC, and now when I came back they stopped popping up. But something still isn't right, here.
<font size="1" color="#8e236b"><p align="center">[This message was edited by CHIP FOSSA on 15 June 2006 at 03:20 AM.]</p></FONT>
I was looking around in ADD/REMOVE to see if TeaTimer was listed, and saw that there were 2 entries for JAVA - SSE Runtime Environment 5.0 Update 5, and another for Update 6. Both were listed at around 120MB, so I decided to remove #5 and put back those 120MBs.
The PC feaked-out with one after another of those Spybot-padlocked boxes stating that "registry entry was denied". As soon as I clicked off one, another would pop up. They all had to do with ActiveX. Finally, I just turned off the PC, and now when I came back they stopped popping up. But something still isn't right, here.
<font size="1" color="#8e236b"><p align="center">[This message was edited by CHIP FOSSA on 15 June 2006 at 03:20 AM.]</p></FONT>
-
Wiz Feinberg
- Posts: 6113
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
Chip;
Your spyware problem requires more assistance than can be provided here. I advise you to visit one of the malware removal forums I provided links to. Once you pick one that uses HiJack This there should be a FAQs explaining how to use the program and how to Post the logs. You will have to learn how to use the program and post logs to a forum, if you want them to help you.
Without Hijack This logs it is doubtful that anybody will be able to help you online. Your only alternatives are purchasing Webroot's SpySweeper, updating it and trying to clean the infections with it, or re-formatting C: and starting a-fresh. You should start saving your personal data files, in case a re-format needs to be performed (scan for virii first).
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
Your spyware problem requires more assistance than can be provided here. I advise you to visit one of the malware removal forums I provided links to. Once you pick one that uses HiJack This there should be a FAQs explaining how to use the program and how to Post the logs. You will have to learn how to use the program and post logs to a forum, if you want them to help you.
Without Hijack This logs it is doubtful that anybody will be able to help you online. Your only alternatives are purchasing Webroot's SpySweeper, updating it and trying to clean the infections with it, or re-formatting C: and starting a-fresh. You should start saving your personal data files, in case a re-format needs to be performed (scan for virii first).
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices</small>
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
-
Richard Bass
- Posts: 864
- Joined: 5 Mar 1999 1:01 am
- Location: Sabang Beach, Philippines
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)