I was updating a program and did not noticed that an unwanted program down
loaded. The program installed it self into system tray and it start at boot
up. It looks like a round circle blue insided it with a question mark and
flashes to a red circle with a red line through it. I also get a pop up from
it saying system alert! your computer my be infected by bunch of spyware and
if you click on it open up window explorer and then go to a web site called
spydawn.


so here is my question do I delete this program and get it out of my system
tray.

There are many tools to remove this malware. Here is one:

http://www.bleepingcomputer.com/forums/topic81275.html

Google for more using "remove spydawn" w/o the quotes, as the criteria.

"Frederick" <(E-Mail Removed)> wrote in message
news:386EBEBE-FA42-4D61-B78E-(E-Mail Removed)...
| I was updating a program and did not noticed that an unwanted program down
| loaded. The program installed it self into system tray and it start at boot
| up. It looks like a round circle blue insided it with a question mark and
| flashes to a red circle with a red line through it. I also get a pop up from
| it saying system alert! your computer my be infected by bunch of spyware and
| if you click on it open up window explorer and then go to a web site called
| spydawn.
|
|
| so here is my question do I delete this program and get it out of my system
| tray.

"Frederick" <(E-Mail Removed)> wrote
>I was updating a program and did not noticed that an unwanted program down
> loaded. The program installed it self into system tray and it start at
> boot
> up. It looks like a round circle blue insided it with a question mark and
> flashes to a red circle with a red line through it. I also get a pop up
> from
> it saying system alert! your computer my be infected by bunch of spyware
> and
> if you click on it open up window explorer and then go to a web site
> called
> spydawn.
>
>
> so here is my question do I delete this program and get it out of my
> system
> tray.

You're computer is infected. See this link.

Malware Removal
http://www.elephantboycomputers.com/...moving_Malware

--
Rock [MS-MVP User/Shell]

Fredrick,

In some ways I agree with the others that you have an infected computer but
the term 'malware' may not be correct.

Is this doing anything malicious like disabling your firewall or antivirus
software? If so, then the other two are correct, otherwise it could be
adware or spyware which could also sit into the system tray & the term
'malware' is incorrect. A few years ago were quite a few adware apps that
sat in the system tray so this is valid.

You can see how a few 'buzz words' can be used incorrectly, can't you?

One other observation about one of the other two posters is that until 7-14
days ago Rock never knew it was called a system tray from his answers in
other posts.

Just don't want you to get lame advice, that's all.

--
Newbie Coder
(It's just a name)

Fredrick,

Sorry, but I forgot to add this to the previous post I made. Its what you
get when doing many things at once

Press CTRL SHIFT ESC together to get Task Manager up, click the PROCESSES
tab & look for suspect processes. Highlight & then click END TASK. Did it
End task ok or was access denied? If denied then not a lot you can do from
there. If you can end task it & it comes back then you have more than one
process watching its back. One of them is what would replace the registry
run key value.

If you are successful you got the correct process & the icon disappears from
the system tray then what you can do is make a mental note of that name you
just end tasked & search your machine for it. Once found, do your best to
try to delete it & that is 100% the key you want to delete in the reg run
key (see below).

You can go to the Run registry key like so:

Click START
Click RUN
Type 'regedit' (without the quotes) & click OK
Expand the '+' signs until you get to the RUN key which you highlight. Here
are the two registry keys mainly involved:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

In the right pane you will see the entries. If you spot something suspicious
& you are sure, right-click the key in the right pane & delete it. Always
make a backup first.

Next, press F5 (refresh) to see if the key returns. If no, great, but if so
then you have one or more rogue processes still running

If two processes are watching each other then what you need to do is post
back & I will tell you the next steps to do

If you want to try the lazy way then download a free program like Spybot
Seach & Destroy (http://www.spybot.info/en/mirrors/index.html) from one of
these mirrors, install, backup registry, download the updates & run it to
scan & see if that will remove it for you.

Awaiting on your results,

--
Newbie Coder
(It's just a name)

> If you want to try the lazy way then download a free program like Spybot
> Seach & Destroy (http://www.spybot.info/en/mirrors/index.html) from one of
> these mirrors, install, backup registry, download the updates & run it to
> scan & see if that will remove it for you.
>

Also known as a *safer* way!

--
HTH,
Curt

Windows Support Center
http://aumha.org/

"Newbie Coder" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Fredrick,
>
> Sorry, but I forgot to add this to the previous post I made. Its what you
> get when doing many things at once
>
> Press CTRL SHIFT ESC together to get Task Manager up, click the PROCESSES
> tab & look for suspect processes. Highlight & then click END TASK. Did it
> End task ok or was access denied? If denied then not a lot you can do from
> there. If you can end task it & it comes back then you have more than one
> process watching its back. One of them is what would replace the registry
> run key value.
>
> If you are successful you got the correct process & the icon disappears
> from
> the system tray then what you can do is make a mental note of that name
> you
> just end tasked & search your machine for it. Once found, do your best to
> try to delete it & that is 100% the key you want to delete in the reg run
> key (see below).
>
> You can go to the Run registry key like so:
>
> Click START
> Click RUN
> Type 'regedit' (without the quotes) & click OK
> Expand the '+' signs until you get to the RUN key which you highlight.
> Here
> are the two registry keys mainly involved:
>
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>
> In the right pane you will see the entries. If you spot something
> suspicious
> & you are sure, right-click the key in the right pane & delete it. Always
> make a backup first.
>
> Next, press F5 (refresh) to see if the key returns. If no, great, but if
> so
> then you have one or more rogue processes still running
>
> If two processes are watching each other then what you need to do is post
> back & I will tell you the next steps to do
>
> If you want to try the lazy way then download a free program like Spybot
> Seach & Destroy (http://www.spybot.info/en/mirrors/index.html) from one of
> these mirrors, install, backup registry, download the updates & run it to
> scan & see if that will remove it for you.
>
> Awaiting on your results,
>
> --
> Newbie Coder
> (It's just a name)
>
>

Curt,

I wouldn't say its safer at all. It depends on how much you know

You can do more manually than using something like Spybot etc.

--
Newbie Coder
(It's just a name)
"Curt Christianson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> > If you want to try the lazy way then download a free program like Spybot
> > Seach & Destroy (http://www.spybot.info/en/mirrors/index.html) from one
of
> > these mirrors, install, backup registry, download the updates & run it
to
> > scan & see if that will remove it for you.
> >
>
> Also known as a *safer* way!
>
> --
> HTH,
> Curt
>
> Windows Support Center
> http://aumha.org/
>
> "Newbie Coder" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Fredrick,
> >
> > Sorry, but I forgot to add this to the previous post I made. Its what
you
> > get when doing many things at once
> >
> > Press CTRL SHIFT ESC together to get Task Manager up, click the
PROCESSES
> > tab & look for suspect processes. Highlight & then click END TASK. Did
it
> > End task ok or was access denied? If denied then not a lot you can do
from
> > there. If you can end task it & it comes back then you have more than
one
> > process watching its back. One of them is what would replace the
registry
> > run key value.
> >
> > If you are successful you got the correct process & the icon disappears
> > from
> > the system tray then what you can do is make a mental note of that name
> > you
> > just end tasked & search your machine for it. Once found, do your best
to
> > try to delete it & that is 100% the key you want to delete in the reg
run
> > key (see below).
> >
> > You can go to the Run registry key like so:
> >
> > Click START
> > Click RUN
> > Type 'regedit' (without the quotes) & click OK
> > Expand the '+' signs until you get to the RUN key which you highlight.
> > Here
> > are the two registry keys mainly involved:
> >
> > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
> >
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> >
> > In the right pane you will see the entries. If you spot something
> > suspicious
> > & you are sure, right-click the key in the right pane & delete it.
Always
> > make a backup first.
> >
> > Next, press F5 (refresh) to see if the key returns. If no, great, but if
> > so
> > then you have one or more rogue processes still running
> >
> > If two processes are watching each other then what you need to do is
post
> > back & I will tell you the next steps to do
> >
> > If you want to try the lazy way then download a free program like Spybot
> > Seach & Destroy (http://www.spybot.info/en/mirrors/index.html) from one
of
> > these mirrors, install, backup registry, download the updates & run it
to
> > scan & see if that will remove it for you.
> >
> > Awaiting on your results,
> >
> > --
> > Newbie Coder
> > (It's just a name)
> >
> >
>
>

No argument there Coder, but when I'm unsure of the expertise a poster has
for Registry work, I always recommend the "safer" although more restrictive
method, rather than finding a subsequent post complaining of a hosed
registry.

--
HTH,
Curt

Windows Support Center
http://aumha.org/

"Newbie Coder" <(E-Mail Removed)> wrote in message
news:Oa%(E-Mail Removed)...
> Curt,
>
> I wouldn't say its safer at all. It depends on how much you know
>
> You can do more manually than using something like Spybot etc.
>
> --
> Newbie Coder
> (It's just a name)
> "Curt Christianson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> > If you want to try the lazy way then download a free program like
>> > Spybot
>> > Seach & Destroy (http://www.spybot.info/en/mirrors/index.html) from one
> of
>> > these mirrors, install, backup registry, download the updates & run it
> to
>> > scan & see if that will remove it for you.
>> >
>>
>> Also known as a *safer* way!
>>
>> --
>> HTH,
>> Curt
>>
>> Windows Support Center
>> http://aumha.org/
>>
>> "Newbie Coder" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > Fredrick,
>> >
>> > Sorry, but I forgot to add this to the previous post I made. Its what
> you
>> > get when doing many things at once
>> >
>> > Press CTRL SHIFT ESC together to get Task Manager up, click the
> PROCESSES
>> > tab & look for suspect processes. Highlight & then click END TASK. Did
> it
>> > End task ok or was access denied? If denied then not a lot you can do
> from
>> > there. If you can end task it & it comes back then you have more than
> one
>> > process watching its back. One of them is what would replace the
> registry
>> > run key value.
>> >
>> > If you are successful you got the correct process & the icon disappears
>> > from
>> > the system tray then what you can do is make a mental note of that name
>> > you
>> > just end tasked & search your machine for it. Once found, do your best
> to
>> > try to delete it & that is 100% the key you want to delete in the reg
> run
>> > key (see below).
>> >
>> > You can go to the Run registry key like so:
>> >
>> > Click START
>> > Click RUN
>> > Type 'regedit' (without the quotes) & click OK
>> > Expand the '+' signs until you get to the RUN key which you highlight.
>> > Here
>> > are the two registry keys mainly involved:
>> >
>> > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
>> >
>> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >
>> > In the right pane you will see the entries. If you spot something
>> > suspicious
>> > & you are sure, right-click the key in the right pane & delete it.
> Always
>> > make a backup first.
>> >
>> > Next, press F5 (refresh) to see if the key returns. If no, great, but
>> > if
>> > so
>> > then you have one or more rogue processes still running
>> >
>> > If two processes are watching each other then what you need to do is
> post
>> > back & I will tell you the next steps to do
>> >
>> > If you want to try the lazy way then download a free program like
>> > Spybot
>> > Seach & Destroy (http://www.spybot.info/en/mirrors/index.html) from one
> of
>> > these mirrors, install, backup registry, download the updates & run it
> to
>> > scan & see if that will remove it for you.
>> >
>> > Awaiting on your results,
>> >
>> > --
>> > Newbie Coder
>> > (It's just a name)
>> >
>> >
>>
>>
>
>

"Newbie Coder" <(E-Mail Removed)> wrote
> Fredrick,
>
> In some ways I agree with the others that you have an infected computer
> but
> the term 'malware' may not be correct.
>
> Is this doing anything malicious like disabling your firewall or antivirus
> software? If so, then the other two are correct, otherwise it could be
> adware or spyware which could also sit into the system tray & the term
> 'malware' is incorrect. A few years ago were quite a few adware apps that
> sat in the system tray so this is valid.
>
> You can see how a few 'buzz words' can be used incorrectly, can't you?
>
> One other observation about one of the other two posters is that until
> 7-14
> days ago Rock never knew it was called a system tray from his answers in
> other posts.
>
> Just don't want you to get lame advice, that's all.

It's called the notification area. The system tray is a common term for it
from older versions of Windows, but the formal name is notification area.
Where do you come up with your nonsense? Though you did seem to shed some
light on this just recently where you stated you don't have XP installed
and never will have. So why you bother to post in an XP newsgroup is hard
to understand, but it does explain in part the nonsense you sometimes post.

--
Rock [MS-MVP User/Shell]

Rock,

Do you know any programming languages or have you used a tool called SPY++?
Please do & then you'll see I am correct.

Here's a little Snippet for you to prove I am correct.

<DllImport("User32.dll", SetLastError:=True)> _
Private Shared Function FindWindowEx(ByVal hwd As Int32, _
ByVal hwd2 As Int32, ByVal sClassName As String, _
ByVal sWindowName As String) As Int32
End Function

Dim intTrayHandle As Int32 = FindWindowEx(0, 0, "Shell_TrayWnd",
vbNullString) <--- see the system tray class (Shell_TrayWnd)?
Dim intButtonHandle As Int32 = FindWindowEx(intTrayHandle, 0, "Button",
vbNullString) <--- see the button class for the start button?

As you see from the above, I use FindWindowEx in the User32.dll, but I could
have used FindWindow API function instead. I used FindWindowEx in the above
example so I didn't have to declare two functions

If you now see IntTrayHandle. This returns the handle of the SystemTray or
its correct name Shell_TrayWnd'
The next line of code above gets the handle to the START button

The notification area name came from Shell_NotifyIcon which is the API
function used to add an icon to the system tray or if you want to split
hairs 'Shell_TrayWnd'

So, Mr Useless Shell MVP. Just shows you how little you really know, doesn't
it? It's called the notification area for lame brains like you.

2 Questions for you:

1) Why do they call them balloon tooltips?
2) Why do they say 'toast' windows not 'notification 'windows?

(both are extremely easy questions to answer)

If you want to look up the API's on the MSDN website or if you are like me,
you use Platform SDK. Would you like me to change it into managed or even
unmanaged C++ for you so you can then see because most of the platform SDK
is written in C++? I know you are lacking any knowledge that is why I am
asking you?

Now, change your signature to:

Dork
Useless Lamebrain or similar, not [MVP Shell/User] (Shell should be removed
& I bet User should be too).

But I am forgetting: If you can do a Google search you get MVP status. Plus
in your case 'Kelly' site too. Sorry, but this is true you don't know much
at all

--
Newbie Coder
MCSD MCSE MCP BSc