SpyAxe - Is it ever really gone?

O

Oppressed

New member
Hello :confused:

I am posting on these Forums because the one where I received assistance is closed for the Holidays and I would like some input on new issues with my XP SpyAxe infected computer.

I had believed that this scourge had been removed from my system but apparently this is not so.

After receiving a "Clean Bill of Health" I shut that computer down. Today when I turned it on my first action was to download updates for my various Security programs.

I started with Norton AntiVirus only to find on restart that my Norton had been sabotaged! I needed to Fix 5 issues but could not. Live Update seemed to work but Norton indicated this Fix had not been successful. None of my Auto Protect features could be turned on. I was also unable to complete a Full System Scan.

I next went to my start>Turn Off Computer and noticed that something resembling the SpyAxe Shield had attached itself to the "Turn Off" Option. The note reads, "Click Turn Off to install important updates and turn off your computer. Click here to turn off without installing updates."

Needless to say I have renewed concerns especially with regards to Shutting Down my Computer.

Also, I checked for Windows Updates and what I found was also alarming. Apparently there are 3 High-priority updates for my computer (KB910437, KB905915 and KB890830) but they all show 0KB to download with the message (Downloaded; ready to install) and all have a publish date of 12/13/2005. Call me paranoid but this all seems very odd! Can I even trust that I am at a legitimate site? Or is this, another SpyAxe trick? To be on the safe side I didn't do anything. I don't know for sure but I believe that at the time I had turned the computer off these updates would not have even been available. So how could I have even downloaded them? And not installed them? I know I only found them today and took NO action at all. I also know with my Windows 98 computer I have to authorize a download but I don't know about Windows XP. Would it automatically download but not install? And it is my belief that installs require a restart NOT a Shut Down?

Anyway, next I used ewido security suite; found and installed updates; did a scan which found "2" NEW Hijacker.SpyAxe files which had previously not been found. After cleaning these I did a restart and my Norton Status was once again green (Good).

I’m still afraid my computer is a lost cause. I’m afraid to do a Shut Down and it is now going to be scheduled for a reformat thanks to the malicious &*%$&# that thinks it is fun to cost innocents their hard earned money.

I just thought I would bring this further SpyAxe infection issue to everyones attention as well, if anyone can enlighten me regarding how exactly I should expect the Windows Update to work and if this patches/fixes are legit?

Thanks in advance for any help :)
 
Hi, Oppressed. Welcome to Safer Networking Forums. More than likely you had a newer variant of this infection on your computer. If you have the smitRem© fix tool on your computer, please remove it and download a new copy as shown in the thread below. The tool was updated the other night.

Please see the thread linked below for complete instructions.

As you have already posted a first HJThis log, just proceed with the remaining steps and post the other logs as reply to this topic for a final check.

Thank you.

http://forums.spybot.info/showthread.php?t=1316
 
Oppressed said:
… Also, I checked for Windows Updates and what I found was also alarming. Apparently there are 3 High-priority updates for my computer (KB910437, KB905915 and KB890830) but they all show 0KB to download with the message (Downloaded; ready to install) and all have a publish date of 12/13/2005. Call me paranoid but this all seems very odd! Can I even trust that I am at a legitimate site? Or is this, another SpyAxe trick? To be on the safe side I didn't do anything. I don't know for sure but I believe that at the time I had turned the computer off these updates would not have even been available. So how could I have even downloaded them? And not installed them? I know I only found them today and took NO action at all. I also know with my Windows 98 computer I have to authorize a download but I don't know about Windows XP. Would it automatically download but not install? And it is my belief that installs require a restart NOT a Shut Down? …
Click to expand...
This may be normal situation depending on your settings for Automatic Updates. Check your settings for Automatic Updates. In Windows XP if you have Automatic Updates set to "Download updates for me, but let me choose when to install them", then the updates will automatically download any time you are online after they are made available by Microsoft. Windows XP will normally notify you when the updates have been downloaded and are ready to be install.

As far as the rest of your questions, possibly someone can help you if you follow the scanning and posting instructions here:
 
Hello Corrine & md usa spybot fan,

Thanks for the prompt replies.

I will be away from my computer for the better part of today but will proceed with the instructions at my earliest opportunity.

md usa spybot fan,

Thanks for the information re: Windows Updates. That is most likely how the issue occurred. I received the update but not the advisory notice, probably do to SpyAxe.

Regards,
O

p.s. I sure would like to have ewido available retail in my area, it wins over Norton anyday! I'll have to check into this further :)
 
Before I Proceed ...

Hi Corrine,

Thank you in advance for your patience as I work to re-learn how to use some of the steps.

I have reviewed the instructions given on the Link provided and reacquainted myself with the procedures.

Before I continue I require some additional information.

What I need to know is:

a) I have version 1.99.01 of HijackThis.exe already installed in a Folder on my C Drive. Is this the correct version or do I need to upgrade? Also, I don't have an entry in my start menu or a Desktop shortcut; previously I just ran the program by double-clicking on the icon in the Folder. Is it okay to run the program from the Folder as I did it previously?

b) I have Spybot-S&D Version 1.4 installed already but I think that it is not running properly. (I cannot make the Resident "SDHelper" active.) If advisable, I would like to uninstall and reinstall this version. If this is okay, I need to know if there are any special instructions?

c) The current version of smitRem that is on my desktop is 2.8 (according to the log from the last fix.) I am not sure how to remove it, do I just delete the entries on my desktop and then empty my Recycle Bin or are there specific instructions?

Thanks again for helping me out with this issue.

O
 
tashi said:
Hi Oppressed.

You might want to let steamwiz know if you believe the infection has returned.

The site does not appear to be down:
http://www.help2go.com/component/option,com_forum/Itemid,32/
Click to expand...

Hi tashi,

I'm posting to let you know that I have posted to let steamwiz know.

md usa spybot fan said:
This may be normal situation depending on your settings for Automatic Updates. Check your settings for Automatic Updates. In Windows XP if you have Automatic Updates set to "Download updates for me, but let me choose when to install them", then the updates will automatically download any time you are online after they are made available by Microsoft. Windows XP will normally notify you when the updates have been downloaded and are ready to be install.
Click to expand...

Hi md usa spybot fan,

I thought I had posted an update re this information. My computer was set up to Automatically download and install Every day at 3:00am. (Just a minute while I double-check.) I know my computer was turned on after that time and when I went manually to the Windows Update Web Site to do a manual Update using the Install Button nothing was installed. A side note is that the Malicious Software removal tool for November was displaying on my Add/Remove programs list before I went to bed that night. When I awoke the next morning it was gone and 2 of the 3 critical updates were installed. The missing one was the Malicious Software removal tool for December. Also, on inspection the Mystery "Shield" is no longer attached to my "Shut Down" Option. The Security Center in my control panel is unavailable. My Windows Firewall shows it is turned on though. And last point of interest is that when I checked my System Restore today there was made @ 3:00:14 am the night following my original posting here a "Software Distribution Service 2.0" restore point. This was even though the computer with the issue was disconnected from the Internet at the time and still is. To me it looks like the Automatic Update took priority over an attempt to manually install the Critical Updates. This seems strange to me that I wouldn't be able to manually check for Critical Updates?

Regards,
O
 
HI Oppressed

From your first post...

something resembling the SpyAxe Shield had attached itself to the "Turn Off" Option.
Click to expand...

It looks like that was the windows update shield ... which is now resolved ?

Anyway, next I used ewido security suite; found and installed updates; did a scan which found "2" NEW Hijacker.SpyAxe files which had previously not been found. After cleaning these I did a restart and my Norton Status was once again green (Good).
Click to expand...

I would like to see the ewido log showing the location of these 2 new spyaxe files ?

from post #8

a) I have version 1.99.01 of HijackThis.exe already installed in a Folder on my C Drive. Is this the correct version or do I need to upgrade? Also, I don't have an entry in my start menu or a Desktop shortcut; previously I just ran the program by double-clicking on the icon in the Folder. Is it okay to run the program from the Folder as I did it previously?
Click to expand...

Yes to everything ... if you want a shortcut on your desktop, right click the exe file > create shortcut > drag & drop it onto your desktop, or cut & paste.

b) I have Spybot-S&D Version 1.4 installed already but I think that it is not running properly. (I cannot make the Resident "SDHelper" active.) If advisable, I would like to uninstall and reinstall this version. If this is okay, I need to know if there are any special instructions?
Click to expand...

How are you trying to enable it ? is the account you are using an admin account ?

Load spybot > click "tools" > make sure "resident" is ticked > then click the resident shield on the left hand side...

Under "resident protection status" make sure both boxes are ticked. If they aren't... tick them.

If you want to uninstall & reinstall, that's OK...remember you will lose any backups spybot has made, so if you want to replace anything which has been removed by spybot, you should do that first (I doubt you have anything which is needed).... so go to add\remove programs in the Control panel and uninstall it.... then download and install a fresh copy.

c) The current version of smitRem that is on my desktop is 2.8 (according to the log from the last fix.) I am not sure how to remove it, do I just delete the entries on my desktop and then empty my Recycle Bin or are there specific instructions?
Click to expand...

The Smitrem exe file is a self extracting file, which creates a folder in the same location as the smitrem.exe file, this folder contains all the necessary files to run the tool ... to remove it simply delete the smitrem.exe file and the folder which it created.

A side note is that the Malicious Software removal tool for November was displaying on my Add/Remove programs list before I went to bed that night. When I awoke the next morning it was gone and 2 of the 3 critical updates were installed. The missing one was the Malicious Software removal tool for December.
Click to expand...

I wouldn't read too much into this ...The "Malicious Software removal tool for December." was successfully downloaded to my computer (KB890830) but does not show in my add\remove either (in any form)

The file downloads and runs once each month, if you want to run it more often, you need to go here :-

http://www.microsoft.com/security/malwareremove/default.mspx

When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.

This is my mrt.log

***
Microsoft Windows Malicious Software Removal Tool v1.11, December 2005
Started On Sat Dec 31 14:52:06 2005

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Dec 31 14:52:30 2005
***

To see if it ran OK ... see what your log says...

The Security Center in my control panel is unavailable
Click to expand...

I don't know what you mean by this ... are you saying that when you click the "security center" icon in Control Panel... nothing happens ?

steam
 
Hello steam :)

I have screen captures of the issues I described but I'm not certain if it is okay to post them? One of the images includes information on a Norton error message that was occurring while the program was sabotaged.

Here is the copy the ewido log with the Hijacker.SpyAxe entries. I also noticed (unrelated?) cookies but I don't recognize the location?

I will be back in an hour or so with a more detail reply.

Oh and "Happy 2006!"

Regards,
O

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:16:16 PM, 28/12/2005
+ Report-Checksum: 21618B86

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724510c3-f3c8-4fb7-879a-d99f29008a2f} -> Hijacker.SpyAxe : Cleaned with backup
HKU\S-1-5-21-3631192919-4047014472-3028651874-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{724510C3-F3C8-4FB7-879A-D99F29008A2F} -> Hijacker.SpyAxe : Cleaned with backup
C:\Documents and Settings\Derek\Cookies\derek@e-2dj6wfl4kpd5gbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Derek\Cookies\derek@e-2dj6wgkysnc5eco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Derek\Cookies\derek@e-2dj6wjkoamdzgdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Derek\Cookies\derek@e-2dj6wjliajazccp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Derek\Cookies\derek@e-2dj6wjliond5gdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Derek\Cookies\derek@e-2dj6wjny-1lcpcg.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Derek\Cookies\derek@e-2dj6wjny-1scpek.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup


::Report End
 
Hello steam,

Thank you for your continued help with my issue :bigthumb:

From your first post...

===
Quote:
something resembling the SpyAxe Shield had attached itself to the "Turn Off" Option.
===

It looks like that was the windows update shield ... which is now resolved ?
Click to expand...

This is most likely correct. The Shield in question was the same as the one that I later found displayed in the Control Panel as the icon for the "Security Center". I was concerned because I had never encountered that message before and I had it set in my mind that installing updates requires a Restart not a Shut Down :o

===
Quote:
b) I have Spybot-S&D Version 1.4 installed already but I think that it is not running properly. (I cannot make the Resident "SDHelper" active.) If advisable, I would like to uninstall and reinstall this version. If this is okay, I need to know if there are any special instructions?
===

How are you trying to enable it ? is the account you are using an admin account ?
Click to expand...

I am unclear about use of an admin account? I remember that when I would start the computer in Safe Mode I would be prompted about which user and would answer Admin but I never had to enter a password or anything. Generally speaking how would I know which account I was using?

Load spybot > click "tools" > make sure "resident" is ticked > then click the resident shield on the left hand side...

Under "resident protection status" make sure both boxes are ticked. If they aren't... tick them.
Click to expand...

I checked the settings in my Spybot and I am able to make changes by ticking and ticking various boxes including the Resident "Tea Timer". The Resident "SD Helper" highlights but I am unable to place a tick in the box. I believe I may have inadvertantly deleted the entry for this function because I did not fully understand how to use the Resident "Tea Timer" window?

If you want to uninstall & reinstall, that's OK...remember you will lose any backups spybot has made, so if you want to replace anything which has been removed by spybot, you should do that first (I doubt you have anything which is needed).... so go to add\remove programs in the Control panel and uninstall it.... then download and install a fresh copy.
Click to expand...

No worry about my wanting to Recover anything ;)

===
Quote:
c) The current version of smitRem that is on my desktop is 2.8 (according to the log from the last fix.) I am not sure how to remove it, do I just delete the entries on my desktop and then empty my Recycle Bin or are there specific instructions?
===

The Smitrem exe file is a self extracting file, which creates a folder in the same location as the smitrem.exe file, this folder contains all the necessary files to run the tool ... to remove it simply delete the smitrem.exe file and the folder which it created.
Click to expand...

Thanks I will proceed with the removal.

===
Quote:
A side note is that the Malicious Software removal tool for November was displaying on my Add/Remove programs list before I went to bed that night. When I awoke the next morning it was gone and 2 of the 3 critical updates were installed. The missing one was the Malicious Software removal tool for December.
===

I wouldn't read too much into this ...The "Malicious Software removal tool for December." was successfully downloaded to my computer (KB890830) but does not show in my add\remove either (in any form)

The file downloads and runs once each month, if you want to run it more often, you need to go here :-

http://www.microsoft.com/security/ma...e/default.mspx

When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.

-snip-

To see if it ran OK ... see what your log says...
Click to expand...

Thanks for letting me know that there is a log and how to find it. I will check after I finish this reply.

===
Quote:
The Security Center in my control panel is unavailable
===

I don't know what you mean by this ... are you saying that when you click the "security center" icon in Control Panel... nothing happens ?
Click to expand...

When I access the "Security Center" in the Control panel I see the following message:

Security Essentials

The Security Center is currently unavailable because the "Security Center" service has not started or was stopped. Please close this windo, restart the computer (or start the "Security Center" service), and then open the Security Center again.

Manage security settings for:

*icon* Internet Options *icon* Automatic Updates *icon* Windows Firewall
Click to expand...

Hopefully I haven't missed responding to something important?

4 1/2 hours to 2006 for me ... see you next year :beerbeerb
 
steamwiz and Oppressed: Excuse me for butting in, but thought a couple pieces of info could help.
Oppressed said:
I am unclear about use of an admin account? I remember that when I would start the computer in Safe Mode I would be prompted about which user and would answer Admin but I never had to enter a password or anything. Generally speaking how would I know which account I was using?

I checked the settings in my Spybot and I am able to make changes by ticking and ticking various boxes including the Resident "Tea Timer". The Resident "SD Helper" highlights but I am unable to place a tick in the box. I believe I may have inadvertantly deleted the entry for this function because I did not fully understand how to use the Resident "Tea Timer" window?
Click to expand...
Spybot's SDHelper.dll which is also known as Bad Download Blocker will not allow itself to be enabled (ticked box) if the dll file doesn't exist in the main Spybot S&D folder under the Program Files folder. This might have been deleted by malware, though there could be other causes. A non-administrator can generally enable/disable this since it's actually a BHO (Browser Helper Object).

A reinstall of the program is one way to recover the SDHelper.dll file, but I believe they've also got a copy posted somewhere for download since a couple malware target this file for deletion. Ask Lonny, I can't find the reference.

Oppressed said:
No worry about my wanting to Recover anything ;)
Click to expand...
A normal uninstall of Spybot S&D deletes most configuration items, including logs, but not the Recovery files. This is so you won't loose these backups during a panic uninstall where someone suspects that Spybot is causing a problem.
 
Hi

I won't quote anything, we're going to get confused with quotes of quotes of quotes...

--
The 2 spyaxe "files" referenced in the ewido report, are not files, they are registry keys which got missed in the cleanup, I don't believe you still have a spyaxe problem...

--
You say you don't recognise the location?

C:\Documents and Settings\Derek\Cookies

The cookies which were found, I believe come from ebay ... they are believed to be tracking cookies so should be removed.

As for windows updates requiring a Restart or a Shut Down ... it's the same thing really isn't it.

--
re: admin accounts...

"Generally speaking how would I know which account I was using?"

Go to the Control Panel and click "user accounts" ... if it says "computer administrator" next to the account, it has admin rights

See bitman's post about the "SD Helper"

--
RE: security Center

Let's start the service and see if that helps



Start > Run > Type: services.msc > Click OK

Scroll down to and double click Security Center service

Set the "startup type" to Automatic

Click the Start button > When Security Center service has started, close Services...

--
bitman ... please feel free to "Butt in" anytime...

By the way, I took the comment about the admin account directly from the relevant page in spybot itself..."With an administration account, you can also install or uninstall the blocker here"

Thanks for the tip about spybot not deleting the recovery files ... I didn't know that.

--
Well I think that's everything, if I've missed anything... let me know.

steam
 
Oppressed: See steamwiz' comments above.

steamwiz:
steamwiz said:
By the way, I took the comment about the admin account directly from the relevant page in spybot itself..."With an administration account, you can also install or uninstall the blocker here"
Click to expand...
I hadn't realized you were referring to installation, I was focused on the enable via the check (tick) box.

For more clarity; the 'Show more information' entry you referenced above is slightly inaccurate. It's correct to state that only an Administrator account can install the SDHelper.dll file, or TeaTimer.exe for that matter, in the main Spybot S&D Program Files folder when using the NTFS file system with a Win 2000/XP OS.

However, the check box to enable both the SDHelper and TeaTimer resident programs is created in the HKey_Current_User portion of the registry since the Spybot S&D 1.3 version. So each user can individually enable or disable either of these once they are installed using an Adminstrator account, which is always done during the main installation process.
 
bitman,

Thank you for the assistance provided.

steamwiz,

I have very little understanding of the workings of Windows XP. I have only owned and used one other personal computer which was running with Windows 98SE.

Also, my understanding of the workings of computers comes from information and advice given by others. One piece of information was that a Shut Down and a Restart might not always provide the same end result. I believe this information came after a software install or upgrade repeatedly failed because I had used a Shut Down rather then a Restart. Being quite gullible I am sure I have been easlily mislead on many occasions and it now appears that instance was one of those times.

The reason I do not recognize the location is because Internet Explorer is not mentioned. As well the use of the word Documents and Settings is new. Maybe a Windows XP term?

I apologize for any inconvienance I have caused you do to my lack of understanding of and appropriate use technical terminology.

LonnyRJones,

If you are reading this Thread I would like to request instructions for replacing the SDHelper.dll

If I am required to complete the process suggested by Corrine before this will be allowed please let me know so I can proceed.

Regards and Happy New Year to All,
O
 
HI bitman

I think we are saying the same thing here...

If the sdhelper was not installed when spybot was installed, then ticking the box will install and enable it ...on an admin account

If you try to tick it on a non-admin account you will not be able to.

Oppressed ... If your husband installed spybot on his admin account, but did not install the sdhelper, and your account is a non-admin account, you wont be able to install or enable it.

If both of your accounts are admin, then you can forget all of this as it does not apply to you.

Go here :- start > MY Computer > C: > Program Files > Spybot - Search & Destroy ... that's...

C:\Program Files\Spybot - Search & Destroy

Look in this folder and see if you have an SDHelper.dll file ....

let us know...

====
This I would like confirmed by bitman or someone else first

If you don't see one... Go here :-

http://www.spywareinfo.com/~merijn/winfiles.html#sdhelper

and download SDHelper.dll

Copy the file to the C:\Program Files\Spybot - Search & Destroy

The SDHelper.dll file at Merijn's site says (version 1.3) and is 728 KB in size

The current SDHelper file on my computer is 834 KB (version 1.4)

Is it OK to use the one on Merijn's site ? or do we need to get the one from this site (if we can find it)

--
The C:\Documents and Settings folder is a standard folder on all XP systems and contains all the user accounts...

Win2000 & WinME also have a Documents and Settings folder

steam
 
steamwiz said:
Oppressed ... If your husband installed spybot on his admin account, but did not install the sdhelper, and your account is a non-admin account, you wont be able to install or enable it.

If both of your accounts are admin, then you can forget all of this as it does not apply to you.
Click to expand...

Thank you again for your assistance.

I was the one who installed Spybot. The "SDHelper" was working up till the 2nd time (3 weeks ago) when SpyAxe messed with the computer. I was visiting this Site and the "TeaTimer" warning came up stating that the Browser Helper was deleted and I responded with a "Deny change" that didn't seem to take as I was asked the question over and over and over again until I replied something like "Deny all". I thought this was the prudent answer? After this all the "Deny" buttons disappeared and the pop-up kept returning insistantly everytime I closed it. Right now I don't remember how I made it stop /go away? Maybe I unticked the "TeaTimer" box in SpybotSD Resident Window? Or finally just said "Allow"? Either would probably have had the same result?

Also, yesterday when I looked in the Control Panel under User Accounts there were only my husband's Account which is Admin and a Guest Account with the message "Guest Account is Off". I'm not certain if this is normal or if the person who built the computer created this Account for themself?


steamwiz said:
Go here :- start > MY Computer > C: > Program Files > Spybot - Search & Destroy ... that's...

C:\Program Files\Spybot - Search & Destroy

Look in this folder and see if you have an SDHelper.dll file ....

let us know...
Click to expand...

I followed the instructions and did not find the SDHelper.dll file listed.

steamwiz said:
--
The C:\Documents and Settings folder is a standard folder on all XP systems and contains all the user accounts...

Win2000 & WinME also have a Documents and Settings folder

steam
Click to expand...

Thanks for the information.

I look forward to reinstating the "SD Helper" when the DL information is verified.

Regards,
O
 
steamwiz is correct, you must be an administrator to enable/disable as well as install the SDHelper.dll file, though the file is always installed with the program. I confused this with TeaTimer.exe which can be enabled/disabled by each user individually, though it must be installed by an Administrator initially. The actual specifics for this on each version of OS and XP Home vs. Pro are slightly different, but don't really matter in this case.

Don't install that older 1.3 version of SDHelper.dll, since it isn't current and might create problems. Since from your description it appears that Spyaxe deleted the file and you may have created other issues with TeaTimer with your answers, I'm going to recommend a complete re-install of the Spybot S&D program.

First, make sure you either have the original installation file named spybotsd14.exe or download a copy from one of the mirrors found here:
http://www.spybot.info/en/mirrors/index.html

Go into Control Panel, Add/Remove Programs, click Spybot - Search & Destroy 1.4 and click Remove
Answer any prompts to uninstall the program

Now, re-install the program by double-clicking the spybotsd14.exe file and follow the prompts.

Once it's installed, check whether Spybot Scans OK and TeaTimer shows up in the System Tray. If TeaTimer starts making lots of pop-ups, let us know, but just disable it until we can help. There is a known problem with the TeaTimer buttons display which may be why you had issues with it, so leave it off if you'd rather.
 
You must log in or register to reply here.
Back
Top