SpyAxe - Is it ever really gone?

Hello bitman,

Thank you for the instructions. I will follow them when I return home later today.

Re the TeaTimer. I had originally disabled it after discovering the display issue but turned it back on after applying an automated patch given in the relevant sticky thread. I also turned it back on after the last SpyAxe Removal process was completed. It seems to be doing it's job but I really don't know for sure?

Would it be okay to use the patch again after the reinstall?

O
 
Absolutely, I just didn't want to confuse you with the added instructions so I left it out.

A simple way to test that TeaTimer is operating is to tick/untick the SDHelper - Bad Download Blocker selection while Teatimer is operating. This will cause a notification dialog box that you should accept in all cases. It will also show up in the TeaTimer Resident Log once you exit and re-enter the Resident screen in Spybot.

I also found that turning off/on my Norton/Symantec antivirus real-time monitoring services caused a similar warning I could use to test TeaTimer. These are useful things to help your understanding of what's normal and what's not when using TeaTimer.
 
Thanks bitman

Oppressed I see bitman's sorting you out regards spybot:bigthumb:

By the way, If I want to check the various real-time monitoring programs are working, I go to Tools > internet options > and change the Homepage... to be immediately met with pop-ups from Spybot, spywareguard, Microsoftantispyware ...

Oppressed said:
Also, yesterday when I looked in the Control Panel under User Accounts there were only my husband's Account which is Admin and a Guest Account with the message "Guest Account is Off". I'm not certain if this is normal or if the person who built the computer created this Account for themself?
Click to expand...

The guest account is normal and is created during the install of XP...

When you boot XP, does it go to a welcome screen, with a choice of accounts or straight to your only account. Because if your husbands account is the only one you see in user accounts, it looks as though you and your husband are sharing the same account and you do not have separate accounts.

steam
 
bitman said:
Absolutely, I just didn't want to confuse you with the added instructions so I left it out.

A simple way to test that TeaTimer is operating is to tick/untick the SDHelper - Bad Download Blocker selection while Teatimer is operating. This will cause a notification dialog box that you should accept in all cases. It will also show up in the TeaTimer Resident Log once you exit and re-enter the Resident screen in Spybot.

I also found that turning off/on my Norton/Symantec antivirus real-time monitoring services caused a similar warning I could use to test TeaTimer. These are useful things to help your understanding of what's normal and what's not when using TeaTimer.
Click to expand...

Thanks for the help bitman :)

I encountered a message from Teatimer both times and an additional one from Microsoftantispyware one of the time only. When I unticked I did not see a Deny button but when I re-ticked I did.

I think I need a super easy to understand tutorial for using the TeaTimer. One I can put on a sticky note, LOL :o

This whole mess has left me wondering about the appropriate use of the "Deny" button is. I just can't seem to shake this hole I have in my logic when it comes to using this product :thud: For whatever reason I don't seem to be able to develope correct connections to the choices I'm being asked to make?

(Sadly a slight case of brain damage here that, at the most inopportune times, wreaks havoc with my greymatter :rolleyes: )

steamwiz said:
Thanks bitman

Oppressed I see bitman's sorting you out regards spybot :bigthumb:

By the way, If I want to check the various real-time monitoring programs are working, I go to Tools > internet options > and change the Homepage... to be immediately met with pop-ups from Spybot, spywareguard, Microsoftantispyware ...

The guest account is normal and is created during the install of XP...

When you boot XP, does it go to a welcome screen, with a choice of accounts or straight to your only account. Because if your husbands account is the only one you see in user accounts, it looks as though you and your husband are sharing the same account and you do not have separate accounts.

steam
Click to expand...

Hi steam,

Thanks for letting me know about the "Guest" Account.

I tried the homepage test and found Norton, Microsoftantispyware and TeaTimer pop-ups. TeaTimer would ONLY let me Allow; a Deny response kept the window repeating the same way it did when I lost the SD Helper. Even though I didn't want to change my Homepage the Allow made sure I did; after I had to repeat the process to change it back :rolleyes:

Re the Welcome Screen, the only time a choice is offered is when I am going to Safe Mode, Admin or not. I guess it is best there is only one Account and it is Admin because it simplifies my life somewhat ;)

Thanks again for all your patient help bitman & steam :bigthumb:
 
I think I need a super easy to understand tutorial for using the TeaTimer.
Click to expand...
The simplest approach would be....

If you are installing a program, accept everything, or turn teatimer off first to avoid the popups...

If you are changing something like your homepage yourself ... then accept it...

If you are surfing the web and you suddenly get a popup ... deny ... but if you are in any doubt whether you should have denied it or not ...make a note of the URL and the exact change noted in the message, and post it on a forum for advice...

I tried the homepage test and found Norton, Microsoftantispyware and TeaTimer pop-ups. TeaTimer would ONLY let me Allow; a Deny response kept the window repeating the same way it did when I lost the SD Helper. Even though I didn't want to change my Homepage the Allow made sure I did; after I had to repeat the process to change it back
Click to expand...

I think the most probable cause of this is that you have the homepage locked...

In spybot > tools > IE Tweaks > do you have "lock IE startpage setting against user changes" ticked ?

If it isn't, then it is probably a similar button in one of your other programs...

steam
 
steamwiz said:
The simplest approach would be....

If you are installing a program, accept everything, or turn teatimer off first to avoid the popups...

If you are changing something like your homepage yourself ... then accept it...

If you are surfing the web and you suddenly get a popup ... deny ... but if you are in any doubt whether you should have denied it or not ...make a note of the URL and the exact change noted in the message, and post it on a forum for advice...

I think the most probable cause of this is that you have the homepage locked...

In spybot > tools > IE Tweaks > do you have "lock IE startpage setting against user changes" ticked ?

If it isn't, then it is probably a similar button in one of your other programs...

steam
Click to expand...

Thank you again for your help steam :)

I looked in the location that was given and the Box is not ticked so it must be, as you stated, something similar in another program :)
 
Oh Crap!!!

Just when I thought it was safe ... :confused:

Hi ... I'm back ... :thud:

I just updated my ewido definitions and completed(?) a scan:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:48:46 PM, 04/01/2006
+ Report-Checksum: 6790D966

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724510c3-f3c8-4fb7-879a-d99f29008a2f} -> Hijacker.SpyAxe : Cleaned with backup
HKU\S-1-5-21-3631192919-4047014472-3028651874-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{724510C3-F3C8-4FB7-879A-D99F29008A2F} -> Hijacker.SpyAxe : Cleaned with backup


::Report End

------------

As soon as the scan completed the TeaTimer popped up indicating that:

Spybot - Search & Destroy has detected an important
registry entry that has been changed.

Category: Browser Helper Object
Change: Value deleted
Entry: { 724510c3- f3c8-4fb7- 879a- d99f29008a2f }

I am only given the "Allow change" and "Remember this decision." options along with the "?" and "Info" buttons.

I notice that this is the same series of numbers, (lower case) letters and dashes as one of the objects ewido found and cleaned. This is ALSO one of two of the registry entry changes that occurred the last time when the TeaTimer popped up unexpectedly.

Did I just lose my SD Helper again? :eek:

Should I "Allow change"? Right now the window is sitting waiting on my screen under this one :-/
 
Gosh ... aren't those are the same objects that ewido cleaned the last time ...

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724510c3-f3c8-4fb7-879a-d99f29008a2f} -> Hijacker.SpyAxe : Cleaned with backup
HKU\S-1-5-21-3631192919-4047014472-3028651874-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{724510C3-F3C8-4FB7-879A-D99F29008A2F} -> Hijacker.SpyAxe : Cleaned with backup
 
Allow the change, you want it deleted, Spybot is remembering earlier registry entries in a snapshot database it keeps. Apparently this wasn't cleared when you uninstalled, I thought it was.

  • Right click the TeaTimer icon in the System Tray.
  • Select Settings from the pop-up.
  • Click each of the 4 buttons across the top and make sure they're empty, especially the Registry ones.
  • Delete any remembered entries by clicking the little 'X' at the far right of the line.
  • Click OK to exit the box.

  • Now right click the icon again and click Exit S&D Resident. Do NOT restart it.
  • Run another Ewido scan and remove anything bad it finds.
  • Restart TeaTimer by clicking on the file or Restarting your computer.

If Spybot complains about the changes again, accept them, you want it to allow the bad entries to be removed.
 
Hi bitman,

Thanks for the prompt reply :)

All the areas were already empty. Unless something was hidden?

I have done the Exit S&D Resident as requested and will now run another ewido scan.

Back in about 15 - 20 minutes :bigthumb:
 
Hi Bitman :bigthumb:

Thanks again :)

ewido shows clean this time. I'll see what it looks like after a restart, just me being curious ... ;)

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:57:12 PM, 04/01/2006
+ Report-Checksum: F14CF4AC

+ Scan result:

No infected objects found.


::Report End
 
As the problem appears to be resolved this topic will be archived.
If you need it re-opened please pm me or one of the forum mods.

Glad we could help.
 
You must log in or register to reply here.
Back
Top