Re: [PCWorks] How do I get this out of my system tray?

  • From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
  • To: <pcworks@xxxxxxxxxxxxx>
  • Date: Tue, 19 Aug 2008 08:34:06 -0500

Ok but what happens when you go to the update tab and look for 
updates?  Does it download and install updates, or does it 
always say nothing is available?  If the latter, then that's 
the problem I described.  It hasn't had any definition updates 
in years.  Yes, ZA can really slow things down.  I haven't used 
it in a long time, but if it has any AV part to it, disable it 
(since it obviously doesn't work well either).

I can't help you with AVG since I never used it.  All I say is 
to go through ALL of its options, tools or settings, and make 
sure ALL files are scanned--not just exe files, the real-time 
active scanning or shield is on all the time for files and 
webpages, and any heuristics option is on and set to the max.

I'm not familiar with the "System performance monitor", did you 
add that?  What's it from, HP?  It could be an IM part of 
Messenger which should be disabled if you don't use it.  It 
could also be the infection you have.  See this for possible 
info on it:
http://www.itc.virginia.edu/desktop/docs/messagepopup/
http://forums.techguy.org/malware-removal-hijackthis-logs/494678-systray-virus-alert-your-computer.html
http://forums.cnet.com/5208-6132_102-0.html?hhTest=1&forumID=32&threadID=201375&messageID=2159757
It may go away once your PC is clean.
-Clint

God Bless
Clint Hamilton, Owner
http://www.OrpheusComputing.com
http://www.ComputersCustomBuilt.com


----- Original Message ----- 
From: "LarryB"


I don't see anything that says I can get updates to Sygate.

I did the immunization thing with SB and also with Spyware 
Blaster.
I don't see where it scans anything so it must just stop 
spyware from
getting in.

My AV program might not be set correctly either. If not then I 
be back
to get advice on what's good.

I use to have Zone Alarm but it seemed with every update things 
got
slower so I dumped it.

Now I understand that ZA's firewall it in the top 10.

I'm printing these emails out so if I lose the ability to reach 
the
Internet I will still have these emails.

I am getting a yellow triangle with System performance monitor
warnings and don't know if it is the Trojan telling me or my 
legit
system telling me. It suggests I click the balloon to download 
spyware
so it is probably bad.


Larry Browning
K & L Electronics
Anderson, SC



Clint Hamilton-PCWorks Admin wrote:
> SB is free, that's their only version.  So can you get 
> updates
> for Sygate?
>
> This is probably your problem: iebtm.exe & iebtmm.exe, these
> are backdoor Trojans.
> http://www.fileresearchcenter.com/I/IEBTM.EXE-13001.html
> http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html
> http://www.greatis.com/appdata/d/i/iebtmm.exe.htm
> http://www.bleepingcomputer.com/startups/iebtm.exe-23379.html
> Do a search on them for more info and how to remove it.
> Obviously AVG missed it and I would use another AV program.
>
> I wanted to post that now ASAP, I'll go over the rest next.
> -Clint
>
> God Bless
> Clint Hamilton, Owner
> http://www.OrpheusComputing.com
> http://www.ComputersCustomBuilt.com
>
>
> ----- Original Message ----- 
> From: "LarryB"
>
> I may be going off the air as I am getting many warnings.
> I will have to bring my computer from home to continue all I
> can.
>
> I am using the free version of SB and Sygate.
>
> I am also using FF and did what you said in blocking thru
> adblock in FF.
>
> I have tried to run a virus scan but it takes hours. (using
> AVG)
>
> I'll download spyware blaster now also and run it.
>
>
>
> I have run HiJackthis and here is the print out.
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 10:53:40 AM, on 8/18/2008
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
> Boot mode: Normal
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Sygate\SPF\smc.exe
> C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
> C:\WINDOWS\system32\LEXBCES.EXE
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
> C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
> C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
> C:\WINDOWS\system32\nvsvc32.exe
> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
> C:\Program Files\Applications\iebtm.exe
> C:\Program Files\Applications\iebtmm.exe
> C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
> C:\Program
> Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Logitech\MouseWare\system\em_exec.exe
> C:\Program Files\WordWeb\wweb32.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start 
> Page
> =
> about:blank
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local 
> Page
> =
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = localhost;<local>
> R3 - Default URLSearchHook is missing
> O2 - BHO: Adobe PDF Reader Link Helper -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
> O2 - BHO: (no name) - 
> {300CF5C9-F02D-4CB8-ABED-9C229DA56825} -
> C:\Program Files\Applications\iebt.dll
> O2 - BHO: Spybot-S&D IE Protection -
> {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
> Files\Spybot -
> Search & Destroy\SDHelper.dll
> O2 - BHO: SSVHelper Class -
> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
> O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} -
> C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
> O2 - BHO: SpyWarningBHO Class -
> {F58FF278-2198-403b-9170-C95022A194C6}
> - C:\Program Files\ASpyC\SpyWarning.dll (file missing)
> O3 - Toolbar: PrintMe -
> {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} -
> C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
> O3 - Toolbar: Internet Service -
> {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program
> Files\Applications\iebr.dll
> O4 - HKLM\..\Run: [SmcService]
> C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
> O4 - HKLM\..\Run: [AVG7_CC] 
> C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
> /STARTUP
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\system32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
> C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
> O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
> O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program
> Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
> /auto
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program
> Files\Applications\wcs.exe
> O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program
> Files\Applications\iebtm.exe
> O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
> C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL
> SERVICE')
> O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]
> C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK
> SERVICE')
> O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]
> C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
> O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]
> C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default
> user')
> O4 - Startup: WordWeb Pro.lnk = C:\Program
> Files\WordWeb\wweb32.exe
> O8 - Extra context menu item: &WordWeb... -
> res://C:\WINDOWS\wweb32.dll/lookup.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
> O9 - Extra button: (no name) -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
> - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.6.0_02\bin\ssv.dll
> O9 - Extra button: (no name) -
> {9034A523-D068-4BE8-A284-9DF278BE776E}
> - http://www.iexplorerfiles.com/redirect.php (file missing)
> O9 - Extra 'Tools' menuitem: IE Anti-Spyware -
> {9034A523-D068-4BE8-A284-9DF278BE776E} -
> http://www.iexplorerfiles.com/redirect.php (file missing)
> O9 - Extra button: Research -
> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
> O9 - Extra button: (no name) -
> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
> - (no file)
> O9 - Extra button: (no name) -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
> - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy
> Configuration
> - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program
> Files\Spybot -
> Search & Destroy\SDHelper.dll
> O9 - Extra button: (no name) -
> {e2e2dd38-d088-4134-82b7-f2ba38496583}
> - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
> Diagnostic\xpnetdiag.exe
> O9 - Extra button: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} 
> (Support.com
> Configuration Class) -
> http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
> O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8}
> (ActiveDataInfo
> Class) -
> https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
> O16 - DPF: {4798E9EE-4524-4149-A852-2021309A579D} (WebCamX
> Control) -
> http://74.239.177.61/WebCamX.cab
> O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} -
> http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
> O16 - DPF: {4BF2E7B7-69F4-4178-B669-257C7C8A4072} (WebCamX
> Control) -
> http://74.239.177.61/WebCamX.cab
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} 
> (WUWebControl
> Class)
> -
> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121684550851
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} 
> (MUWebControl
> Class)
> -
> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201700846590
> O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
> (InstallShield
> International Setup Player) -
> http://www.broderbund.com/IFW/Cabs/isetup.cab
> O16 - DPF: {9107A82A-248A-49E5-A7D2-4E12EAAD4DC2} (WebCamX
> Control) -
> http://69.15.111.218/WebCamX.cab
> O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} 
> (TLIEFlashObj
> Class)
> - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
> O16 - DPF: {95A161E7-F130-4BB6-A4A1-4241FD68B9ED} (WebCamX
> Control) -
> http://74.239.177.61/WebCamX.cab
> O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} 
> (SDCInstaller
> Class)
> -
> http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.277069091796875&file=stamps.cab
> O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader
> Class) -
> https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
> https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
> O20 - Winlogon Notify: avgwlntf -
> C:\WINDOWS\SYSTEM32\avgwlntf.dll
> O22 - SharedTaskScheduler: causes -
> {0fe36c74-667b-454b-828e-75e4e72cbef8} -
> C:\WINDOWS\system32\euwoeu.dll
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - 
> GRISOFT,
> s.r.o.
> - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,
> s.r.o. -
> C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) -
> GRISOFT,
> s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
> O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, 
> s.r.o. -
> C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
> O23 - Service: C-DillaSrv - C-Dilla Ltd -
> C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
> O23 - Service: InstallDriver Table Manager (IDriverT) -
> Macrovision
> Corporation - C:\Program Files\Common
> Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
> O23 - Service: LexBce Server (LexBceS) - Lexmark 
> International,
> Inc. -
> C:\WINDOWS\system32\LEXBCES.EXE
> O23 - Service: LiveUpdate - Logitech, Inc. - (no file)
> O23 - Service: NBService - Nero AG - C:\Program 
> Files\Nero\Nero
> 7\Nero
> BackItUp\NBService.exe
> O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
> Corporation - C:\WINDOWS\system32\nvsvc32.exe
> O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc -
> C:\Program
> Files\Visioneer\OneTouch 4.0\OtService.exe
> O23 - Service: Pml Driver HPZ12 - HP -
> C:\WINDOWS\System32\HPZipm12.exe
> O23 - Service: Sygate Personal Firewall Pro (SmcService) -
> Sygate
> Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
>
> --
> End of file - 8917 bytes

=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

  1. Home
  2. pcworks
  3. Archive
  4. 08-2008