I am getting popups from teatimer where the "deny"-button is greyed out, so i can't select to deny the change and remember. If i use the close button, the same message keeps popping up. Is there a way to turn off all bho's (i am not really using internet explorer).

The content of the popup is:

Category: Browser Helper Ojbect
Change: Value deleted
Entry: (38AD6E71-D476-4F6A-84EE-8DF84BF8643C)
Old data:
New data:

At the same time internet explorer is popping up with fake security sites:

i.e. _ttp://amaena.com/securityworm5827/?p=3&h=10&ax=1&aid=nm_go_amnt6&lid=>
_ttp://202.67.220.227/trafc-2/rfe.php?cmp=amn14&nid=go&uid=4ba7a76e09ac11d...

I had reports from antivir about infection with Trojans (PCK.Klone.G.5 and Dldr.Zlob.NW.2). Those were supposedly fixed by Antivir. I scanned for malware (with Spybot S&D, Adaware, Antivir, Trendmicro Housecall) and i am not getting any reports.

Thanks for any Advice.

The "Deny change" option is grayed out (is not an option) on changes such as the removal of a Browser Helper Object (Value deleted). This is speculation but I assume that the "Deny change" is grayed out because by the time TeaTimer recognizes the Registry change the underlying code for the BHO has been deleted and therefore denying the change would do no good to save the BHO from being deleted. I also assume that the same would hold true for a "Value deleted" for an ActiveX process and possibly other changes. In this case the registry change dialog serves as a warning that something has changed.

I had reports from antivir about infection with Trojans (PCK.Klone.G.5 and Dldr.Zlob.NW.2). Those were supposedly fixed by Antivir. I scanned for malware (with Spybot S&D, Adaware, Antivir, Trendmicro Housecall) and i am not getting any reports.


Are you still getting the fake security sites popping up?

That seems to make sense, thanks for the info.

Are you still getting the fake security sites popping up?
Actually i do, it only happens a couple of times a day. For some reason now internet explorer starts in offline mode, so it will actually not connect to those sites, but the address is still there. I also have some stability issues like windows-explorer windows not closing anymore until i kill them in taskmanager.

In that case,you might want to ask for help in the malware removal forum,if you're not getting help elsewhere. :)

There are instructions here:
http://forums.spybot.info/showthread.php?t=288
Malware removal:
http://forums.spybot.info/forumdisplay.php?f=22

In that case,you might want to ask for help in the malware removal forum,if you're not getting help elsewhere. :)



Thanks, i'll try that

You're welcome.Good luck. :)