3 Systray.exe files?

[Paul K.]

I notice I have 3 Systray files when I perform a search files command. This had occured when I upgraded from Win95-98 and now ME, which I was informed would happen when upgrading. Should I delete 2 of these files. I also can't seem to get the Systray Icon to enter my taskbar. It is, found, under the Startup programs under msconfig. How do I do this? Thanks.

PS - Still have clock problems (see other threads) but living with shutdown by using powerstrip instead of power button on computer. This probably saves wear on the power-on/off buttons of all other devices, anyway!

Paul K.

 

[arty62]

Paul K......take a good look at those entries....the file "C;\windows\systray.exe" is NOT a system file, but is a virus or trojan...the real file is C:\windows\system\systray.exe....the virus/trojan escaped detection in my machine by PCCILLIN, PANDA, and THE CLEANER....however, when file sent for analysis, came back positive....see hackfix.org for how to

 

[TonyKlein]

I'm not sure what you mean by the "Systray icon" . There's no such thing.

What exactly would you like to see that you can't?

 

[Paul K.]

Tony: Meant System Agent, not Systray - sorry about that!

Arty62:

I have 3 SYSTRAY files as follows:

C:\WINDOWS\OPTIONS\INTALL\SYSTRAY
C:\WINDOWS\OPTIONS\CABS\SYSTRAY

AND THE CORRECT ONE

C:\WINDOWS\SYSTEM\SYSTRAY

Other than what you stated regarding virus and the site...is there anything else I should know about this virus in other programs? I have used Norton Anti Virus and Macafee Virus Scan and both never worked right, which I had unistalled after clock problem.

Thanks - and sorry for mixup, but should I worry about System Agent not in taskbar- how would I do that?

 

[arty62]

If you go to the hackfix site, you'll see that the subseven trojan is very versatile.....dont see your 2 there, but who knows? Try a googlr search on your 2 odd systrays....sorry can't help more....rt

 

[TonyKlein]

The one in Options\Cabs is OK too. That's the location of your Windows Installation cabs, and these obviously contain all original Windows files.

I'm not sure what you mean by "System Agent"

The other one is in a location that should be harmless as well, but please do this:

Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

Go to Edit > select all, copy it and post the contents here.

If you've got anything at all running or starting up that shouldn't, we'll find it.

 

[Paul K.]

Sorry for delay - my back went out, OUCH! Thanks.

Here is my Startup List:

StartupList report, 1/25/2003, 12:41:09 PM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AT&T\WNS\PROGRAMS\CONNECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AT&T\WNS\PROGRAMS\ARUPLD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST\STARTUPLIST.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
TIPS = C:\PROGRA~1\MICROS~4\tips\mouse\tips.exe
POINTER = C:\PROGRA~1\MICROS~4\point32.exe
PCHealth = c:\windows\PCHealth\Support\PCHSchd.exe -s
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
SystemTray = SysTray.Exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SSDPSRV = c:\windows\SYSTEM\ssdpsrv.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
SchedulingAgent = mstask.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 18/1/2003, 20:46:14)

[rename]
NUL=c:\windows\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\windows\TEMP
SET TMP=c:\windows\TEMP
SET PATH=c:\windows;c:\windows\COMMAND
SET BLASTER=A220 I5 D1 T4

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\NewDotNet\newdotnet4_50.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Disk Defragmenter.job
Tune-up Application Start.job
Low disk space notification.job
ScanDisk for Windows (Standard test).job
ScanDisk for Windows (Thorough test).job
Maintenance-Disk cleanup.job
PCHealth Scheduler for Data Collection.job

--------------------------------------------------

Enumerating Download Program Files:

[LiveUpdate Crescendo]
InProcServer32 = C:\WINDOWS\SYSTEM\CRES.OCX

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37606.9221412037

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/2210ddf5f9f8ded2c418/netzip/RdxIE601.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Program Files\NewDotNet\newdotnet4_50.dll
Protocol #1: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL
Protocol #2: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL
Protocol #9: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL
Protocol #10: C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET4_50.DLL

--------------------------------------------------
End of report, 5,206 bytes
Report generated in 0.980 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

[TonyKlein]

Well, that all looks pretty much OK. No trojan there at all.

You do have the New.Net foistware, and my on;ly advice to you is to remove that:

Control Panel > Add/Remove software, highligt "New.Net (domains)", and choose "Remove".

Reboot when you're done.

Cheers,

 

[jm100dm]

I would advise that you make sure that you have a virus program running. Without it you will most likely continue to get infected while using the internet. If you already are using one great.

jm100dm

 

[Paul K.]

I had norton, and Macaffie. Norton took over too many Windows' programs, and later program I was told does not work well with Win ME.

I have the virus protection in BIOS disabled. Should I at least enable that - or is it too late at that stage? Also, I do run a virus program for the internet, which is free. And it has not found any viruses. Is this any good?

Any suggestions on a good virus "protection" product, if you can lend me an opinion - or tell me at least, what you are using?

Thanks all for your help.

Paul K.

 

[Byteman]

Hi, Probably the virus scan in BIOS or at bootup can be left disabled, most advice I see about this tells you to. My motherboard manual says this, as well.
I use AVG antivirus, free version, though they have a premium one, too. no problems, very easy to update and use. There are many antivirus programs available- a simple Google.com search will show you several. I also use eTrust antivirus on another pc, which I pay for, and it also works just as well-
www.grisoft.com For AVG. You have to register, they send you an ID number to type in when you install the download.

 

[jm100dm]

I still use norton 2000 that came with Norton System works. I had trouble when I installed the whole program so I un-installed it and installed the anti-virus program only. Have not had any more problems with it since then.

Any anti-virus program will be better than none. Just installed AVG for my daughter but have no experience with it yet.

Whatever you install if you have any problems you should be able to work them out . The people here are very helpful. Usually just need to adjust here or there.

You said that you have one on the net. May I ask which one? If it is one that you scan with manually then it is not protecting you all the time.

jm100dm

 

[Byteman]

Hi- Problem with winME may have been System Restore, lots of people have problems with that and antivirus.
Norton products such as SystemWorks are complex.....I also have NSW 2000, and also had to reinstall just some of the programs, NAV works much better with just WinDoctor. Clean Sweep was one app that was not advisable to run at all.

 

[Paul K.]

The virus scan I have used to detect that a virus is present, is under a site named "House Call" Anti Virus under Micro Trend web site. I will re-install the Norton to see how it works. Thanks.

Does anyone know what particular BIOS setting should/would be changed to let my clock work? How about the BIOS driver? If BIOS was tweaked to let clock work, where would this be? I have the motherboard book but all settings are defaults - and Inteva (computer mfg, is gone). The APM (Advanced Poer Management)is diabled too. I understand that Windows drives this program. Any other settings I should know about?

Also, when I changed my modem I noticed an extra cable, formerly connected, did not fit anywhere on the new modem. Does this free cable need to be connected to something and would this prevent clock from working? Still do not understand why when power is off to computer power cord, battery works - when just powered off with on/off button - it does not?

Thanks, again! Everyone here has been very helpfull and I appreciate your time efforts. Go TAMPA BAY!

Paul K.

 

[Byteman]

Paul- The battery works if computer is plugged in or not...it is there to save your settings to run the computer as you need to.
It stays charged by leaving the computer plugged in, though it indeed can be off....sort of like having the microwave plugged in but off, the clock keeps time...right?
You can set the time and date from inside Windows....just double click the clock down at bottom right....and set the time or date by highlighting say, the hour numbers, and type what the right time should be. Do this for minutes, seconds not important, and the date.
NOTE: If you need to set things in BIOS- the manual should show you the best settings, what to change to do what....there are things there that should not be touched.
You can set the time and date in BIOS by using the key or keys it tells you to hit at startup....like DEL key, to enter Setup....at the first screen, Standard CMOS, the date and time are right at the top portion, use the arrow keys to select item, and + - keys or page up page down ones to change values...