Re: [PCWorks] How do I get this out of my system tray?

  • From: LarryB <larryb227@xxxxxxxxxxxxx>
  • To: pcworks@xxxxxxxxxxxxx
  • Date: Wed, 20 Aug 2008 11:45:34 -0400

I will be away for the next 4 or 5 days from that computer so won't be 
able to continue until Monday. I am forwarding all these email with 
instructions to another email address so I can open them again at the shop.

I don't know if it is new or not, can't tell. I only know it does what I 
said and keeps doing it.

I have to download all those programs as most of them I do not have. 
It's amazing what you have to have to keep these things running.

The only thing I did was to delete the Iebtm.exe and every thing that 
looked like it with HJT and I ran CCleaner twice. I ran Spybot and AVG. 
Spybot found a few things also so I deleted them.

Now that is what is left.
The yellow triangle I have always had since the beginning of this mess.

LarryB
Have a great day


Clint Hamilton-PCWorks Admin wrote:
> I don't understand, so you got the original problem fixed and 
> now secureonlinetags.com is another different problem?  That 
> doesn't even appear to be a valid website.
> 
> Have you run SpyBot, AdAware, Spyware Terminator, etc.?  If 
> not, you need to run ALL of them, and be sure they are setup 
> correctly to scan for everything and everywhere.  Run HJT, 
> CWShredder, and CCcleaner again.  Did you do a manual scan with 
> AVG, after getting it setup properly and updating it?  Before 
> you do any scans, under "Folder Options", and the "View" tab, 
> make sure "Show hidden files and folders" is dotted, and 
> UNCHECK "Hide protected OS files".  Did you examine **very 
> carefully** the Start Up tab in Msconfig?
> 
> Also scan your HD here and see if they find anything:
> 
> http://www.kaspersky.com/virusscanner
> http://www.ca.com/us/securityadvisor/virusinfo/scan.aspx
> http://www.bitdefender.com/ (bottom left)
> http://global.ahnlab.com/ (right side of page; virus and 
> malware scanners)
> http://www.commandondemand.com/
> http://support.f-secure.com/enu/home/ols.shtml
> http://us.mcafee.com/apps/vsfreescan/en-us/
> http://www.pandasecurity.com/activescan/index/
> http://www.pcflank.com/
> http://www.pcpitstop.com/antivirus/default.asp
> http://housecall.trendmicro.com/
> http://security.norton.com/sscv6/default.asp?productid=zdtv_cc&langid=ie&venid=zd
> http://www.windowsecurity.com/trojanscan/
> And there's probably more listed here: 
> http://www.johannrain-softwareentwicklung.de/e_online_antivirus_scan.htm
> 
> Hopefully these will find something odd on the PC.  NONE of 
> these will find EVERYTHING.  Some will miss what others will 
> find.
> -Clint
> 
> God Bless
> Clint Hamilton, Owner
> http://www.OrpheusComputing.com
> http://www.ComputersCustomBuilt.com
> 
> 
> ----- Original Message ----- 
> From: "LarryB"
> 
> I really appreciate all the information late or not and 
> obviously I
> will learn from all this.
> 
> Presently I have kinda got it our of the systray but still get 
> the
> yellow triangle with "System Alert: Trojan-Spy-Win32@mx"
> 
> Then the moment I try to go to the Internet I get railroaded to
> "secureonlinetags.com" and have to use Task Manager to stop the
> initiated system scan that also starts.
> 
> The site comes up with M$ colors and starts the scan.
> again the Task Manager stops it for the moment.
> 
> When and If I get this thing resolved I'll be back for other 
> setup
> instructions.
> 
> Again Thanks for your time and effort all.
> 
> Larry Browning
> K & L Electronics
> Anderson, SC
> 
> 
> 
> Clint Hamilton-PCWorks Admin wrote:
>> I can't find your post now, but yesterday you asked about
>> Spyware Blaster and SpyBot and how they block things.  I 
>> forgot
>> to answer that in my reply.  I thought I already said this, 
>> but
>> Spyware Blaster does not have to be running in the 
>> background,
>> in fact, it can't.  It works by simply placing thousands of 
>> bad
>> URL's and websites in the browser's Restricted Sites zone (FF
>> too), and using thousands of registry tags, downloaded 
>> program
>> files blockers, hosts file protection, etc., etc.  All these
>> things prevent its detected malware from ever getting on your
>> PC.  You have to be sure to "Enable all protection" with it,
>> and be sure to make backups with it.  It can make a "System
>> snapshot", and backup important things that can be restored.
>>
>> SpyBot does it BOTH ways.  In addition to what Spyware 
>> Blaster
>> does (using the "Immunize" button), it has two 'scanners'
>> so-to-speak.  One is some kind of DLL, "Resident SD Helper"
>> that blocks all downloads from sites in its database.  You 
>> did
>> not have it active, because like I said yesterday, I couldn't
>> even get to that website, it blocked me from it.  The other 
>> is
>> a great one, "Resident TeaTimer" which DOES have to be 
>> running
>> in the background.  It shows in the System Tray.  This 
>> protects
>> you from things being added to the Start Up folder, and that
>> "Run-" area in the registry where things are added to startup
>> in Msconfig's area, as well as many other forms of 
>> protection.
>> NEITHER of these are checked by default, you have to check 
>> both
>> boxes in SpyBot's Tools > Resident area.  Like a firewall,
>> TeaTimer will ask if you want to allow or deny action it
>> detects, and if you want it to remember the action.  Then
>> there's also the "IE Tweaks" area that can "Lock the Hosts
>> file........." as protection against hijacks.
>>
>> None of this ever would have happened if you would have had
>> those areas active.  But, now you know. ;-)  Even if you 
>> click
>> on something bad, nothing will happen with these programs and
>> ALL of their features active (as long as the malware or 
>> website
>> is in its def's and database of course).  But both the SD
>> Helper and TeaTimer also work off of heuristics and detection
>> of suspicious behavior, so even if something is not in their
>> def's, they can still protect you from the "actions" of said
>> malware.
>>
>> Regarding the firewall, regardless of how complicated they 
>> may
>> be, everyone should still use one.  Even at their default
>> settings they are still better than nothing.  Yes, like
>> anti-malware programs, one router is not enough.  I guess two
>> is enough, anymore than that could lead to conflicts.  A
>> hardware firewall (like from the router) is good for certain
>> things, but not for others.  You will also get no warnings 
>> from
>> it when it blocks or allows traffic.  A software firewall 
>> adds
>> another *configurable* layer of protection that protects
>> against far more things than just traffic.  Using both, and
>> having both setup CORRECTLY, you have the best chance of
>> protecting yourself.  It's sort of like a bulletproof vest;
>> level II is fine for most handguns (sort of like maybe the
>> router firewall), level III is fine for all but the most
>> powerful of handguns, and the new "dragon skin" type or level
>> III+ with the ceramic shield will stop anything except the 
>> .50
>> cal or magnum sniper rifles at close range, which is in a
>> manner of speaking what you want to achieve with your PC.
>> -Clint
>>
>>
>> ----- Original Message ----- 
>> From: "LarryB"
>>
>> Thanks for the input Hugh.
>> You are probably right in that I clicked on something that
>> triggered
>> this whole mess. Time pushing is often the culprit and 
>> slowing
>> down
>> would be the cure.
>> I have done the "immunize" in Spybot on all 3 of my computers
>> so that's
>> done. I have also installed Comodo Firewall Pro on just one 
>> so
>> we'll see
>> how that works. It appears to be easier to understand vs 
>> Sygate
>> so far.
>>
>>
>> LarryB
>> Have a great day
>>
>>
>> Hugh Vandervoort wrote:
>>> No firewall or router can protect you from packets you 
>>> allow.
>>> You were
>>> enticed, somehow, to click on something malicious, and no
>>> firewall can
>>> protect from that. The only protection is to be more 
>>> careful,
>>> and that's
>>> not always easy as these guys are very clever (Click here to
>>> Feed the
>>> Homeless!)
>>> I have found home firewalls to be a source of far more
>>> irritation than
>>> protection. While they have come a long way, they are still 
>>> a
>>> source of
>>> confusion and irritation to many, and not worth it for the
>>> average user.
>>> If you haven't used Spybot's "Immunize" feature yet, I
>>> encourage you to
>>> do so.
>>>
>>>
>>> It also got by my routers firewall! I remember someone 
>>> saying
>>> if you
>>> have a router you do not need a firewall on your computer
>>> also. At this
>>> point I might add another one then I'll have 3 of them  ;-)
=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

  1. Home
  2. pcworks
  3. Archive
  4. 08-2008