A few questions about TeaTimer and ActiveX

[Senbonzakura]

Hi everyone, i have a few questions:

1. What does resetteatimer.exe exactly do?

2. If you want to install an ActiveX object and it is not possible. Is there a tool to fix that problem?

Reason for EDIT: I actually mean resetteatimer.exe. ;)

[shought]

1. It does what is says in the filename. 'ResetTeaTimer.bat', so it will reset Spybot S&D's TeaTimer.

2. What ActiveX object are you trying to install?

[HX1]

Where did you find the reseteatimer.bat I would not trust the file unless you go to it from SpyBot..period for some reason its sounds familiar and not in a good way.

I actually am not sure about the ActiveX control..

It sounds like your trying t install something that needs to change settings protected by the tea timer, and include an ActiveX control..

Do you have anymore information about what your trying to do exactly, are creating a plugin.. program? what..

[Senbonzakura]

1. It does what is says in the filename. 'ResetTeaTimer.bat', so it will reset Spybot S&D's TeaTimer.

2. What ActiveX object are you trying to install?

1. And what is exactly TeaTimer? It resets what exactly?

2. None, i just want to know if there is a tool to fix ActiveX errors and so on...

[Senbonzakura]

Where did you find the reseteatimer.bat I would not trust the file unless you go to it from SpyBot..period for some reason its sounds familiar and not in a good way.

It sounds like your trying t install something that needs to change settings protected by the tea timer, and include an ActiveX control..

I am learning about HijackThis, and i just want some information about some tools and so on...

[shought]

TeaTimer is a part of Spybot S&D, but if you do not have this installed then it shouldn't be there...

[karachidude]

The Resident TeaTimer is a tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future: You can set TeaTimer to:

* be informed, when the process tries to start again

* automatically kill the process

* or generally allow the process to run

There is also an option to delete the file associated with this process.

In addition, TeaTimer detects, when something wants to change some critical registry keys. TeaTimer can protect you against such changes again giving you an option: You can either "Allow" or "Deny" the change.

As TeaTimer is always running in the background, it takes some resources of about 5 MB. SpyBot including teatimer utilizes 13.70 MB -

courtesy www.wilderssecurity.com

or in short for real time protection from unwanted registry changes.

you can disable it in the Spybots Advance Mode,click tools than resident,then check of the tea timer

[HX1]

.. and the most important part here is that you cannot reset the Tea Timer...or at least I found nothing about it..You control Tea Timer with the main application - SpyBot Search and Destroy..

To fix invalid ActiveX do a registry clean of your system, delete the entries..also if you happen to have SpyBot..you can go in and look at them all along with your BHO's...You can repair the correct ActiveX by reinstalling what you need to replace.

EDIT: Wanted to mention that the TeaTimer is under Resident in the Tools section.. forgot that..

[karachidude]

ActiveX errors

The best and easiest way as heath mentioned to get rid of ActiveX error is to use a good registry fixer.

recommendations

1)Advance system optimizer

2)WinASO

[HX1]

And if you clean the registry you can also defrag it.. creates a more linear structure that isn't segmented, speeds the loading of your registry... mine I am proud to say is almost perfectly solid, less than 0.53%..Some programs will not allow you to defrag the registry if its not above 5%..or so.. but when you do you definitely notice a difference, between cleaning and defragging it.. :thumbsup:

[Toshiro]

You can reset teatimer.. Using the ResetTeaTimer.exe Shought mentioned. Helper that use Hijackthis use this if you have TeaTimer enabled :)

BUT.. The ResetTeaTimer.exe only works @ Windows XP.. Vista isn't effected. You'll have to choose between Reinstalling Spybot.. or not using TeaTimer anymore..

Safe ResetTeamTimer (It's from 1 of the HJT experts.. :) )

[LeetPirate]

Updated topic title to reflect subject relevance :) hope you don't mind. You can always edit it if you want.

[HX1]

You can reset teatimer.. Using the ResetTeaTimer.exe Shought mentioned. Helper that use Hijackthis use this if you have TeaTimer enabled :)

BUT.. The ResetTeaTimer.exe only works @ Windows XP.. Vista isn't effected. You'll have to choose between Reinstalling Spybot.. or not using TeaTimer anymore..

Safe ResetTeamTimer (It's from 1 of the HJT experts.. :) )

I would still use the main application to control the Tea Timer..The application itself has updated sveeral versions since this reset-er has been floating around. I mean to be honest if you know what your doing you don't need to 'reset' just open the application and remove what you don't want blocked, that simple. Just my advice, ad what I would do.. when applications upgrade simply attacking the same registry entries don't always go as planned..

There actually is a way to take the file apart and see what it is changing anyway...if it is valid I know of atleast one of these files that are floating around that is not, and will screw up your browser..IE.. with the upgrades to 8, I would imagine this would be true as well..

Just a few things to think about before you use it..Old info sometimes can cause a problem..

[Senbonzakura]

If you want to delete some lines in HijackThis, then you must disable TeaTimer because that can get in the way.

What i don't understand is why use resetteattimer.exe after disabled TeaTimer? Is just disable TeaTimer not enough...?

And is it actually resetteattimer.exe or resetteatimer.bat?

[Toshiro]

They used to use a .bat file.. Now they changed it.. dunno why.

And TeaTimer could get in the way, due to allready "messing" with the file HJT wants to remove. Or something in that Direction.

[Senbonzakura]

If you fix a O23 line in HijackThis, then the service will be stopped and/or deleted?

[HX1]

When you fix a O23 entry Hijackthis will change the startup for this service to disabled, stop the service, and then ask the user to reboot. It will not delete the actual service from the registry or the file it points to. In order to delete the service you will need to know the service name. This name is the text between the parenthesis. If the display name is the same as the service name, then it will not list the service name.

There are three methods you can use to delete the service key:

1. Delete it using XP's SC command you would type the following from a command prompt:

sc delete servicename

To delete the service using a registry file you can use the following example:

2. Use a registry file to delete a service. The below registry file is an example of how to remove Angelex.exe Bargain buddy variant:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISEXENG]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ISEXEng]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISEXENG]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISEXEng]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ISEXENG]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ISEXEng]

3. Use HijackThis to delete the service. You can click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens you should then enter the service name and press OK.

This seems to be a lot of work to remove these 'services'...I have never had such an issue using the tools that I use...and to me the command line would seem to be the most efficient.

If the thing returns, then the infection has other accompanying files in your system.

I usually use Spybot to scan for problems after updating, once the registry entry is removed I reboot. Then either remove the file and it accompany parts, which are usually thrown into System32, or WINDOWS in a rare case..and I make sure that I shred all parts of whatever it was that started the problem. Including all remnants in Document and Settings > Application Data, " Local Settings > Application Data, " " > TEMP, " " > Temporary Internet Files, Common Files.. and any other area that it may effect, including using SpyBot to remove invalid installation files, BHO's and ActiveX.. I shred them and if they will not be deleted, then I boot from disc with BartPE and delete them.. It would also be important to shred the Recycle Bin as well, because normal deletion only move the infection to the Recycle bin and doesn't actually destroy the data making up the file.

The above quote is from a HJT Tutorial..

[Senbonzakura]

So if you fix a O23 line then the service will be only disabled/stopped, but not deleted?

[HX1]

Yes all this is to do is remove the registry entry from the area of the Registry, the service or file will still remain. Unless yo choose to use steps 1,2, or 3. Or even use another method.

[Senbonzakura]

Delete it using XP's SC command you would type the following from a command prompt:

sc delete servicename

You can also use a .bat file right? (instead of the command prompt)

Here below a example how to delete a service; (using a .bat file)

@echo off

sc delete "[Enter here the name of the service]"

cls

exit

If you save as .bat and then run it, then the service will be deleted right?

[Senbonzakura]

The answer is Yes. But wich way is the best?

[HX1]

If yes in fact that is the proper way of creating the .bat file.. I knew how to do this once.. its easy.. I just am unsure, and before I say yes I usually make sure.. that I am sure..BUT why go to all of that trouble when you can delete it using one line of code?

Example: sc delete servicename

by opening a command prompt typing/pasting and hitting enter.. For those of you who don't know how to paste...use the icon in the upper left -hand corner of the CMD window..right click and find a whole new world.. ;)

EDIT: the best way for me is SHRED..with DoD compliant, then clean the registry.. almost automated for me..BUT thats IMO.. and easy since I have that down..

[Senbonzakura]

Evereyone, thanks for the answers! :D

[Toshiro]

Evereyone, thanks for the answers! :D

NP, but if ya want to know more about HJT and how to find more unwanted stuff.. I'd recommend you to learn the COmbofix app.. It's really usefull next to HJT. :)