BleepingComputer.com: Safely Remove Hardware” icon disappeared from the system tray

I use several computers so I do go some periods of time not using this personal machine of mine. A while back, a month or two ago, I noticed that the “Safely Remove Hardware” icon disappeared from the system tray. Did not use this all that much as mostly plugging in my nano and ejecting with Itunes.

Avast did report on occasional reboot that it noticed some files that it wanted to collect for heuristic purposes.
But then my wife’s computer got the Anti-vi virus and found this site and the info to remove this virus, 02/11/2011. All appears to be successful.

Just to familiarize myself with the software I ran rkill and MBAM on this machine. MBAM reported some anomalies so I checked them for deletion. Ran MBAM again no further items found.

However when the system reboots I see this Adobe update icon in the system tray.

I run rkill and the output is as follows
"This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/15/2011 at 6:52:55.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 02/15/2011 at 6:53:02."


Adobe update icon is gone and I now have my “Safely Remove Hardware” icon back.

If I reboot the machine the Adobe comes back and I am back to rkill. MBAM finds nothing. Avast, purchased update, scans turn up nothing of note. But does report a few files for heuristics after it starts.

My concern is that there is a remnant still in the machine. But not sure how to identify, any other ideas?

Quote

That is not uncommon and can occur for a variety of reasons.

Restore Missing or Disappeared Safely Remove Hardware Icon
How to safely remove your usb drive when Safely Remove Hardware icon disappear from taskbar in Win Xp
Safely Remove Hardware: where did the icon go?

Quote

Again, not uncommon.

Heuristic analysis is the ability of an anti-virus program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware.

Submitting file samples to the vendor for further analysis allows the lab techs to quickly investigate and confirm if the detection is actually malware. Some security programs have built-in options for submitting a file directly from the quarantined area to the vendor's lab for analysis. Most user guides will explain how to do that. Other anti-virus solutions automatically submit files or provide an alert to do so if you have checked the option to "Submit for analysis in the program's settings. If those options are unavailable, you can also look for documentation on the vendor's web site on how to submit file samples.

Quote

RKill is not a comprehensive malware removal tool...it is a specific utility designed to terminate the most common malicious processes that prevent other security tools from being executed and used to disinfect the system. When RKill is able to terminate these processes and fix certain registry keys, that usually allows other tools to perform scans and clean up routines to remove the infection.

All files listed in an RKill log are not necessarily malware related. The list of processes shown as terminated are any processes that were killed while RKill was running even if those processes were not terminated directly by RKill. If Rkill does not list anything then it did not terminate any processes.

If you are able to run Malwarebytes Anti-Malware and other security tools without them terminating, there is no need to run Rkill. Using Rkill is only necessary to fix the most common malware processes that stop us from using security tools and completing scans so its not required in all situations.