Krizalid99v2
Technical User
- Sep 8, 2005
- 6
OS: Windows XP Pro SP2
Firewall: ZoneAlarm Pro
AntiVirus: AVG Free Edition
Spyware: Spybot + the on-scan for spyware (detects registry changes and allows you to choose whether it should be allowed or not, i think this is the TeaTimer.exe that comes with Spybot)
Okay yesterday after I switched on my computer and landed into the desktop. After the usual programs have loaded, the SpyBot spyware on-scanner repeatedly kept popping up informing me of registry changes - saying something about deleting values.
Because I was dead tired at the time and the fact that in the past this happened anyway, I clicked 'Allow' to all of them, thinking it was nothing major (i just clicked allows without reading the info properly).
Then the next time I restart the machine I noticed my ZA firewall and many other programs in the taskbar wasn't loading up (such as my SoundMAX audio). I thought this may have been a bad load up so I rebooted, and same thing happened.
Eventually I had to manually enable the ZA firewall, AVG and the SoundMAX audio to get them up.
I then tried to uninstall and re-install ZA to fix the problem, but after I reinstalled ZA windows was still telling me the firewall has been shut down. Nevertheless after I went on the net ZA re-appeared and it now seems fine.
Then later, a file called system32.exe came up and kept trying to get the net access, only for me to block it with the firewall. This seems to have gone now for some reason, but then later a file named csrss.exe kept on wanting net access and I denied it.
I went into Safe Mode and did virus scans and spyware scans, AVG picked up something from the Temporary internet cache folder and deleted it - not sure if this was the problem. SpyBot picked up nothing. I also deleted a csrss.exe file from C:\WINDOWS\Config because that seemed suspicious when you compared it to the other two on the system (the one I deleted had a 'install box' icon instead of the 'dos' icon). When I rebooted, Windows asked for the csrss.exe file as a result of me removing it, but things seem to working fine.
I have now got it to a state where everything seems to be working, programs are loading up, however a file named TeaTimer.exe (which is meant to be SpyBot's live-scan thing) keeps popping up wanting the get the net access, and when I deny it on ZA firewall, SpyBot then keeps on coming up with non-stop warnings of 'registry change denied' as shown here in this picture:
It's non-stop, just keeps popping up until I stop it from the task manager processes (TeaTimer.exe).
This is the ZA warning beforehand, and if you click 'Deny' thats when the above will happen with SpyBot.
It seems my SoundMAX audio doesn't seem to work anymore, as you can see in the picture - it has a red 'stop' icon on it.
So it seems my machine is not clean yet, has TeaTimer.exe turned into virus/trojan?
Can anyone help me clear it out?
Any help will be most appreciated, thanks for your time.
Firewall: ZoneAlarm Pro
AntiVirus: AVG Free Edition
Spyware: Spybot + the on-scan for spyware (detects registry changes and allows you to choose whether it should be allowed or not, i think this is the TeaTimer.exe that comes with Spybot)
Okay yesterday after I switched on my computer and landed into the desktop. After the usual programs have loaded, the SpyBot spyware on-scanner repeatedly kept popping up informing me of registry changes - saying something about deleting values.
Because I was dead tired at the time and the fact that in the past this happened anyway, I clicked 'Allow' to all of them, thinking it was nothing major (i just clicked allows without reading the info properly).
Then the next time I restart the machine I noticed my ZA firewall and many other programs in the taskbar wasn't loading up (such as my SoundMAX audio). I thought this may have been a bad load up so I rebooted, and same thing happened.
Eventually I had to manually enable the ZA firewall, AVG and the SoundMAX audio to get them up.
I then tried to uninstall and re-install ZA to fix the problem, but after I reinstalled ZA windows was still telling me the firewall has been shut down. Nevertheless after I went on the net ZA re-appeared and it now seems fine.
Then later, a file called system32.exe came up and kept trying to get the net access, only for me to block it with the firewall. This seems to have gone now for some reason, but then later a file named csrss.exe kept on wanting net access and I denied it.
I went into Safe Mode and did virus scans and spyware scans, AVG picked up something from the Temporary internet cache folder and deleted it - not sure if this was the problem. SpyBot picked up nothing. I also deleted a csrss.exe file from C:\WINDOWS\Config because that seemed suspicious when you compared it to the other two on the system (the one I deleted had a 'install box' icon instead of the 'dos' icon). When I rebooted, Windows asked for the csrss.exe file as a result of me removing it, but things seem to working fine.
I have now got it to a state where everything seems to be working, programs are loading up, however a file named TeaTimer.exe (which is meant to be SpyBot's live-scan thing) keeps popping up wanting the get the net access, and when I deny it on ZA firewall, SpyBot then keeps on coming up with non-stop warnings of 'registry change denied' as shown here in this picture:
It's non-stop, just keeps popping up until I stop it from the task manager processes (TeaTimer.exe).
This is the ZA warning beforehand, and if you click 'Deny' thats when the above will happen with SpyBot.
It seems my SoundMAX audio doesn't seem to work anymore, as you can see in the picture - it has a red 'stop' icon on it.
So it seems my machine is not clean yet, has TeaTimer.exe turned into virus/trojan?
Can anyone help me clear it out?
Any help will be most appreciated, thanks for your time.
, in this thread: