|
|
| KiwiPete 2004-07-22, 6:43 pm |
| Has anyone heard of an app called XTray?
It's sits in the system tray & displays links to porn sites.
There is an uninstall app, but it keeps reinstalling itself whenever the user opens IE.
Checked with Spybot etc & none of the spyware apps detect it. | |
|
|
| KiwiPete 2004-07-22, 9:43 pm |
| Done housecall & manually deleted it from the registry.
I can get rid of it, but the bastard keeps coming back.
Haven't tried Trojanscan, though.
Thanks. | |
| Supertech 2004-07-22, 9:45 pm |
| Have you tried turning off the Messenger service? | |
| KiwiPete 2004-07-22, 9:59 pm |
| That's a thought. I'll give it a shot.
 | |
| KiwiPete 2004-07-28, 5:02 pm |
| *Bump*
Bloody thing's back.
I've removed registry references via Hijack This & spyware'd the machine to death. Messenger's been disabled & IE security settings look OK.
The app went, but as soon as the user goes to any innocent site like http://www.nzherald.co.nz or even Google, it's back.
Running 2000 & IE6 with SP1 & Windoze Update's looking good.
 | |
| me? I dunno... 2004-07-28, 9:46 pm |
| what about using zone alarm to restrict it?
regcleaner gives you some options for startup and applications, careful though, its proven to be a fairly dangerous utility
is there an xtray file in your windows/system32 folder | |
| KiwiPete 2004-07-28, 11:52 pm |
| Nope. No xtray in the system32 folder.
I've now disabled third-party browser extensions in IE in the hope that it works. | |
| me? I dunno... 2004-07-28, 11:59 pm |
| quote:
Nope. No xtray in the system32 folder.
I've now disabled third-party browser extensions in IE in the hope that it works.
I've been thinking about this... where can I download one of those? | |
| KiwiPete 2004-07-29, 12:31 am |
| quote:
Originally posted by me? I dunno...
I've been thinking about this... where can I download one of those?
If I can't fix it, I'll let you know in a couple of weeks, when the user goes on holiday.
Then I can click on those links. For troubleshooting purposes, of course.
 | |
| musical life 2004-07-31, 8:38 pm |
| Hey Kiwi Pete,
Im just new to this Forum, and I reached this thread by a google search, with basically the same problem as you. NZers are apparently having a real bad time with these diallers at the moment, and being hit with monstrous toll bills. Ive been watching this thread with interest on any developments in regards to successful removal of this utter scumware. Ive been informed that my next phone bill will be $211 !!!!!  Anyway, Ive done some searching and it seems that Pest Patrol supposedly recognizes and deletes thhis scabbware. I will be looking at this option after I leave this thread.
A few things differ though with my experience with this xtray thing.
The 1st instance (about a week ago) I delved into the system here and there and deleted various mentions and ties that I could find relative to this thing. Have a look in Tools > Internet options > settings > view objects > and see if there is an activeX file " VacPro.internazionale_ver3 " They say trojans often work in pairs, and this file has the same company name as xtray. 7H. Some things wouldnt remove and I downloaded a utility (winpatrol) which ditched the icon off the system tray, and also allowed me to 'kill' the process. Since then, Ive been able to surf OK with no interference, but keeping my ear on my external modem for queer dialing behaviour and such, such as consistently dropping connections.
The 2nd instance happened yesterday, with basically the same old things happening. Again Ive removed it (temporarily I would suppose) and also Ive put an international toll bar in place as well as the national 0900 #s.
I thought I would just throw my experiences into the arena in the hopes that it may help shed some light on this for anyone else in the same boat. Im not quite confident to go into the registry (yet
 ) and as such, I will see what utilities would safely do this for me.
All the best to others who have to put up with this diabolically invasive stuff.
Musical Life | |
| KiwiPete 2004-08-01, 3:18 am |
| Thaks very much for that.
I haven't used Pest Patrol on that machine.
I'll try that when I get back to work tomorrow & have another look at IE settings.
I intially did a Google search & only came up with a couple of German sites that didn't offer much help.
| |
| musical life 2004-08-01, 5:45 am |
| Hi again Kiwi Pete,
I tried Pest Patrol, but it (xtray) hasnt come up in the scan that I did. (They offer a free scan and free manual removal tips but if you wanna have the results removed by them, you have to get the paid version.)
Lets hope Ive got rid of the scumbag of a thing. Hopefully you get rid of yours too.
All the best.
Musical Life | |
| KiwiPete 2004-08-01, 2:57 pm |
| Thanks, mate & welcome to the forum.
| |
| KiwiPete 2004-08-01, 5:42 pm |
| Pest patrol has identified this pain in the XXX as Trojan.Win32.VB.j
Details here | |
| sandy7000 2004-08-03, 5:07 pm |
| I had a similiar dropped connection issue w/ XP several months ago. It was hanging up the modem to dial out using RASautou.exe I disabled every damn remote access, assistance, you name it, service. Still kept dialing out. The only way I could stay online was to allow it to dial out for me.
The sad part is that I contacted Symantec 5 times & explained the situation. I told them Norton wasn't detecting ANYthing. They basically told me that, well, it meant there wasn't any virus/spyware/malware on my machine. I was so ticked off, I dumped them as my AV. I finally had to reformat to get rid of the bug. I did a search to find out what files were referencing rasautou.exe & couldn't figure out which one to delete, so I gave up.
Thanks for posting.
Sandy | |
| musical life 2004-08-03, 6:40 pm |
| Hey guys,
Ive been trying to get back into this site for a day or 2 and finally this morning Ive been successful. Not sure if the site was down or I was blocked because of the security settings Ive been trying out.
Thanx Kiwi Pete for the welcome.
Yes I saw that page on Pest Patrols site, and so far it hasnt come back, for me. Not sure if its just gone underground for a week or so, or what. Ill know this weekend, if it pops its mouldy little head up again, this will be the case.
Anyway, Id be interested to know how you go with your occurance. Generally if one pokes around the system with a somewhat detectives attitude, you inevitably come up with other such scabbware hanger-ons such as Sfondi desktop. I did screenshots of stuff and dialog boxs etc, while this nonsense was going on, and I found down on the taskbar on 2 occasions "Sfondi desktop". I dont understand exactly how its linked to all this, but I think we have to get rid of all the tenticles for complete success. I tracked this down by looking at the History list and generally perusing it. It turned out to be some pop-under.
Im gonna check out other Browsers other than IE. which they say is full of holes a mile wide.
All the best.
Musical Life. | |
| sandy7000 2004-08-04, 1:38 pm |
| I use Mozilla Firefox which is free. I found out you still need to keep IE updated as bugs can still use it..it's linked to explorer, not just the internet.
But I'm preaching to the choir..have fun & thanks for your info! |
|
|
|