HI !!
Just wanted to let you know that work with ken545 Spybot Security Expert we were able to safely Remove using Combfix
the 3 locked files.
Spybot installed and running fine
Thanks for your help..
HR
HI !!
Just wanted to let you know that work with ken545 Spybot Security Expert we were able to safely Remove using Combfix
the 3 locked files.
Spybot installed and running fine
Thanks for your help..
HR
Last edited by ARCHellraiser; 2009-09-26 at 19:38.
Spybot Teatimer.exe registry monitor would not run, just like everything else. The security settings (Vista) were set to the fake "everyone" again. I deleted "everyone" and added "Administrators" and started Teatimer.exe. I set it to "paranoid" mode. Sure enough, there was immediately a registry "hit" that was trying to change an obscure key. I denied. I reset Security on Spybotsd.exe in the same manner and then was able to open it. It finally ran! It spotted a "win32" trojan and some other stuff which I deleted. When I rebooted, Teatimer notified me of several new registry entries, which were Deletions of the changes by Spybot -- I denied them all. At this point Malwarebytes and AVG antivirus ran properly, after I unistalled them and rebooted and ran a Spybot scan first, right before the reinstall. As a safety measure, I unplugged my internet connection, except when the updates were downloading, then immediately unplugged and performed the scans.
This took me 4 days of tinkering -- the first virus / malware I've ever had since 1986 -- that wasn't caught immediately by the anti-virus program resident in memory.
I"m not sure what to add here, except that I'm STILL having the same problem. I've now got FOUR Spybot installations, all with the directories renamed because I can't delete the files, and can't reinstall over the originals. The .exe are set RHSA and I can't delete them from XP Pro, Vista, or Safe Mode.
Has there been any progress finding a way to prevent whatever this is from clobbering Spybot and causing it to fail?
I've got a ComboFix log if that'll help.
So, where are things?
Oh, and how do I control the teatimer settings? I'd like to set it to "paranoid" and see with it turns up......
dkperez, you can always start by right clicking on the Teatimer icon in the Windows Taskbar.
I don't have any teatimer icon in the taskbar. Or in the system tray. Nor do I have any process running in the task manager that is obviously a teatimer. I thought at installation I told the teatimer to run, but how do I determine if that's true?
You could open Spybot,click Mode->Advanced Mode->Tools->Resident.Is there a checkmark beside Resident "Teatimer"?
Were you able to clear the other problems you were having before,besides your current problem uninstalling Spybot?
http://forums.spybot.info/showthread...235#post333235
Nope..... Advanced mode and checking/unchecking the box did NOT start teatimer..... Nothing did.
I finally had to find the file in the directory and start it manually. I also noticed I'm not the first person to encounter this problem, where teatimer won't start even from advanced mode..... What's going on?
As far as the other problem.... It's fixed for the moment, but I had to use ComboFix to do it..... It still makes a total mess of Spybot and Hijack This. Neither works when the problem occurs, neither can be uninstalled and/or reinstalled, and so on....
Be nice to get a solution that'll keep whatever's out there from clobbering Spybot...
Where you are still having problems with Hijackthis and Spybot,I suggest asking for help in Malware Removal,just to doublecheck that the problems are all gone.
Please read this first:
http://forums.spybot.info/showthread.php?t=288
Malware Removal:Originally Posted by tashi
http://forums.spybot.info/forumdisplay.php?f=22
If you do post in malware removal,tell your helper about your problems removing SpybotSD.exe,etc.,because they'll be able to help you with that.
I see now you were able to get the Spybot files deleted:
http://forums.spybot.info/showthread.php?t=52236
Still,you might want to consider getting checked out,just to be sure.