Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot S&d


  • Please log in to reply
9 replies to this topic

#1 craneop

craneop

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mountains
  • Local time:12:57 PM

Posted 16 March 2008 - 01:41 PM

Hello, I hope this is the right forum. I know that this is an easy fix, but i'm frustrated. I have been removing malware all weekend. I just reinstalled spybot s&d. There are three user accts on comp. Running windows xp sp2. The problem is that teatimer, is only starting on the admin acct that it was installed from. It is not starting on the two limited accts.Spybot is installed in C:\programs,but i can't locate the icon for teatimer in the folder, to move to the all users startup folder. I believe that in my frustration i'm over looking something. Any help would be greatly appreciated . Thanks Joe Mc

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:57 PM

Posted 16 March 2008 - 01:47 PM

are all three user accounts administative? or the other 2 limited users(xp?)

teatimer is protecting administrative changes to the registry?
Chewy

No. Try not. Do... or do not. There is no try.

#3 craneop

craneop
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mountains
  • Local time:12:57 PM

Posted 16 March 2008 - 01:51 PM

Chewy, I appreciate the reply. The two accts that teatimer isn't showing on are limited. Is that ok ? I have had 3 malware problems in the last 6 months and believe it's from one of the limited accts d\ling pictures.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:57 PM

Posted 16 March 2008 - 02:04 PM

jpegs and mp3's are pretty foolproof until it involves some microsoft program with some vulnerabilty that can be exploited

now IE or java from a bad website is a different story, the new spybot immunize should protect from the worst sites since the hosts file protection is global

someone can still install malware from a limited account by running as administrator, is your account password protected?

the default safe mode hidden adminstrator's account should be protected also, kids pass these tricks around, you can run a script from safe mode and enable that login for normal mode, run the script again and turn it off before you come home

I had this all types out and someone moved the post
Chewy

No. Try not. Do... or do not. There is no try.

#5 craneop

craneop
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mountains
  • Local time:12:57 PM

Posted 16 March 2008 - 02:14 PM

Thanks Chewy, Yes the admin acct is p\w protected. I have been browsing thru the am i infected forum. I first noticed the malware problems when is started folding. After browsing the forums, i'm wondering if i have ever gotten rid of the malware to begin with. I do all my banking/bill's online. I won't be doing that anymore until i figure out whats up.This weekend my av/malware programs found.RiskTool.Win32.PsKill.p
Trojan.WinREG.StartPage
Trojan.Win32.RC5_Dropper.e Trojan horse downloader. presario A Anything else I should be doing would be greatly appreciated. Should I post in the am i infected forum ? Thanks joe mc

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:57 PM

Posted 16 March 2008 - 02:26 PM

post some logs and details there, but just for the programs you are using

if it looks like it's a more serious problem then you will be refered on to the hijackthis forum, they are overloaded and there's quite a wait there, unfortunately there's not enough trained helpers to go around

don't get carried away with do-it-yourself fixes and use dangerous tools, you'll be reloading your computer
Chewy

No. Try not. Do... or do not. There is no try.

#7 craneop

craneop
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mountains
  • Local time:12:57 PM

Posted 16 March 2008 - 02:28 PM

Thanks Chewy , i Will post there. Thanks for the help. Joe mc

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:57 PM

Posted 16 March 2008 - 02:38 PM

I forgot to mention, one of the most dangerous programs in my experience is teatimer

that's the first thing they turn off when they are trying to fix your computer
Chewy

No. Try not. Do... or do not. There is no try.

#9 craneop

craneop
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:mountains
  • Local time:12:57 PM

Posted 16 March 2008 - 03:01 PM

Chewy, I have learned more from coming to bleeping comp,in the last few months. You guys/gals are great. I wish that i had a better understanding of computers when i started. I could have avoided alot of problems. I will turn teatimer off now. Thanks Joe MC

#10 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 16 March 2008 - 04:08 PM

to assist; this thread http://www.bleepingcomputer.com/forums/ind...howtopic=136654

is now running in the 'am I infected' section ,to avoid duplication of advise




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users