I will be away for the next 4 or 5 days from that computer so won't be able to continue until Monday. I am forwarding all these email with instructions to another email address so I can open them again at the shop. I don't know if it is new or not, can't tell. I only know it does what I said and keeps doing it. I have to download all those programs as most of them I do not have. It's amazing what you have to have to keep these things running. The only thing I did was to delete the Iebtm.exe and every thing that looked like it with HJT and I ran CCleaner twice. I ran Spybot and AVG. Spybot found a few things also so I deleted them. Now that is what is left. The yellow triangle I have always had since the beginning of this mess. LarryB Have a great day Clint Hamilton-PCWorks Admin wrote: > I don't understand, so you got the original problem fixed and > now secureonlinetags.com is another different problem? That > doesn't even appear to be a valid website. > > Have you run SpyBot, AdAware, Spyware Terminator, etc.? If > not, you need to run ALL of them, and be sure they are setup > correctly to scan for everything and everywhere. Run HJT, > CWShredder, and CCcleaner again. Did you do a manual scan with > AVG, after getting it setup properly and updating it? Before > you do any scans, under "Folder Options", and the "View" tab, > make sure "Show hidden files and folders" is dotted, and > UNCHECK "Hide protected OS files". Did you examine **very > carefully** the Start Up tab in Msconfig? > > Also scan your HD here and see if they find anything: > > http://www.kaspersky.com/virusscanner > http://www.ca.com/us/securityadvisor/virusinfo/scan.aspx > http://www.bitdefender.com/ (bottom left) > http://global.ahnlab.com/ (right side of page; virus and > malware scanners) > http://www.commandondemand.com/ > http://support.f-secure.com/enu/home/ols.shtml > http://us.mcafee.com/apps/vsfreescan/en-us/ > http://www.pandasecurity.com/activescan/index/ > http://www.pcflank.com/ > http://www.pcpitstop.com/antivirus/default.asp > http://housecall.trendmicro.com/ > http://security.norton.com/sscv6/default.asp?productid=zdtv_cc&langid=ie&venid=zd > http://www.windowsecurity.com/trojanscan/ > And there's probably more listed here: > http://www.johannrain-softwareentwicklung.de/e_online_antivirus_scan.htm > > Hopefully these will find something odd on the PC. NONE of > these will find EVERYTHING. Some will miss what others will > find. > -Clint > > God Bless > Clint Hamilton, Owner > http://www.OrpheusComputing.com > http://www.ComputersCustomBuilt.com > > > ----- Original Message ----- > From: "LarryB" > > I really appreciate all the information late or not and > obviously I > will learn from all this. > > Presently I have kinda got it our of the systray but still get > the > yellow triangle with "System Alert: Trojan-Spy-Win32@mx" > > Then the moment I try to go to the Internet I get railroaded to > "secureonlinetags.com" and have to use Task Manager to stop the > initiated system scan that also starts. > > The site comes up with M$ colors and starts the scan. > again the Task Manager stops it for the moment. > > When and If I get this thing resolved I'll be back for other > setup > instructions. > > Again Thanks for your time and effort all. > > Larry Browning > K & L Electronics > Anderson, SC > > > > Clint Hamilton-PCWorks Admin wrote: >> I can't find your post now, but yesterday you asked about >> Spyware Blaster and SpyBot and how they block things. I >> forgot >> to answer that in my reply. I thought I already said this, >> but >> Spyware Blaster does not have to be running in the >> background, >> in fact, it can't. It works by simply placing thousands of >> bad >> URL's and websites in the browser's Restricted Sites zone (FF >> too), and using thousands of registry tags, downloaded >> program >> files blockers, hosts file protection, etc., etc. All these >> things prevent its detected malware from ever getting on your >> PC. You have to be sure to "Enable all protection" with it, >> and be sure to make backups with it. It can make a "System >> snapshot", and backup important things that can be restored. >> >> SpyBot does it BOTH ways. In addition to what Spyware >> Blaster >> does (using the "Immunize" button), it has two 'scanners' >> so-to-speak. One is some kind of DLL, "Resident SD Helper" >> that blocks all downloads from sites in its database. You >> did >> not have it active, because like I said yesterday, I couldn't >> even get to that website, it blocked me from it. The other >> is >> a great one, "Resident TeaTimer" which DOES have to be >> running >> in the background. It shows in the System Tray. This >> protects >> you from things being added to the Start Up folder, and that >> "Run-" area in the registry where things are added to startup >> in Msconfig's area, as well as many other forms of >> protection. >> NEITHER of these are checked by default, you have to check >> both >> boxes in SpyBot's Tools > Resident area. Like a firewall, >> TeaTimer will ask if you want to allow or deny action it >> detects, and if you want it to remember the action. Then >> there's also the "IE Tweaks" area that can "Lock the Hosts >> file........." as protection against hijacks. >> >> None of this ever would have happened if you would have had >> those areas active. But, now you know. ;-) Even if you >> click >> on something bad, nothing will happen with these programs and >> ALL of their features active (as long as the malware or >> website >> is in its def's and database of course). But both the SD >> Helper and TeaTimer also work off of heuristics and detection >> of suspicious behavior, so even if something is not in their >> def's, they can still protect you from the "actions" of said >> malware. >> >> Regarding the firewall, regardless of how complicated they >> may >> be, everyone should still use one. Even at their default >> settings they are still better than nothing. Yes, like >> anti-malware programs, one router is not enough. I guess two >> is enough, anymore than that could lead to conflicts. A >> hardware firewall (like from the router) is good for certain >> things, but not for others. You will also get no warnings >> from >> it when it blocks or allows traffic. A software firewall >> adds >> another *configurable* layer of protection that protects >> against far more things than just traffic. Using both, and >> having both setup CORRECTLY, you have the best chance of >> protecting yourself. It's sort of like a bulletproof vest; >> level II is fine for most handguns (sort of like maybe the >> router firewall), level III is fine for all but the most >> powerful of handguns, and the new "dragon skin" type or level >> III+ with the ceramic shield will stop anything except the >> .50 >> cal or magnum sniper rifles at close range, which is in a >> manner of speaking what you want to achieve with your PC. >> -Clint >> >> >> ----- Original Message ----- >> From: "LarryB" >> >> Thanks for the input Hugh. >> You are probably right in that I clicked on something that >> triggered >> this whole mess. Time pushing is often the culprit and >> slowing >> down >> would be the cure. >> I have done the "immunize" in Spybot on all 3 of my computers >> so that's >> done. I have also installed Comodo Firewall Pro on just one >> so >> we'll see >> how that works. It appears to be easier to understand vs >> Sygate >> so far. >> >> >> LarryB >> Have a great day >> >> >> Hugh Vandervoort wrote: >>> No firewall or router can protect you from packets you >>> allow. >>> You were >>> enticed, somehow, to click on something malicious, and no >>> firewall can >>> protect from that. The only protection is to be more >>> careful, >>> and that's >>> not always easy as these guys are very clever (Click here to >>> Feed the >>> Homeless!) >>> I have found home firewalls to be a source of far more >>> irritation than >>> protection. While they have come a long way, they are still >>> a >>> source of >>> confusion and irritation to many, and not worth it for the >>> average user. >>> If you haven't used Spybot's "Immunize" feature yet, I >>> encourage you to >>> do so. >>> >>> >>> It also got by my routers firewall! I remember someone >>> saying >>> if you >>> have a router you do not need a firewall on your computer >>> also. At this >>> point I might add another one then I'll have 3 of them ;-) ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-