Spyware eating Bandwidth alive, please help!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Exgamer, Jun 18, 2006.

  1. Exgamer

    Exgamer Private E-2

    I'm about at my wits' end here, and could desperately use the advice of more spyware-educated individuals. I currently have 2 PCs running Windows XP, one that is almost 3 years old, and another thats just 3 weeks old. I use the older PC for surfing the net, etc, and the new PC strictly for games. About a week and a half ago, I noticed my pings on a number of games drastically shoot up, making them all but unplayable online. This has been a big deal for me, because online gaming is one of my sources of revenue, and leaves me with lighter pockets since I'm now unable to play.

    I immediately contacted numerous game manufacturers, who had me run Trace Routes that showed the ISP was to blame. 10+ hours and a service call to the house later, my ISP is saying that everything is fine, but there may be something on one of my PCs eating up my bandwidth undetected.

    I got frustrated and paranoid, and decided that I'd had enough. I reformatted both PCs, losing an exorbitant amount of data in order to cleanse my systems. Before connecting either to the Internet, I purchased Ad-Aware SE with Ad-Watch, and McAfee Virus Scan. Now, 2 days after the reformat, my speeds havent changed. In a span of 20 minutes or so between running Ad-Aware scans, its showing numerous cookies "hitting" my PC upwards of 60 times PER cookie.

    What the heck is going on? How can I possibly have spyware when I reformatted both PCs and have been to no more than 4 websites, including this, since reformat? Any advice will be greatly appreciated, currently I have a gaming PC that cant do any more than sit here and collect dust. Please help!
     
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    To rule one thing out, your not ustilising wireless in your network of PCs are you, and if you are is it a secured wireless network as in have you at least set a WEP or WPA key, this stops any neighbour from attaching to your internet connection and using your bandwidth?


    But to rule out any malware infection do please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis


    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
    • Bitdefender
    • Panda Scan
    • HijackThis
    .
     
  3. Exgamer

    Exgamer Private E-2

    I apologize for not going through the protocol on my first post, but I caught the procedures just after I started the thread, as I'm new to this forum. I am using a wireless network currently, but have changed my WEP code religiously over the past few days so that outside connections would not be a possible issue. I'm actually on my way oyut the door to buy a hardwired-only router, as I dont currently use the wireless feature anyhow.

    I have run the desired tests in order, and have attached my HijackThis!, Panda Activescan, and BitDefender results below. I ran my version of Ad-Aware SE Plus, and immediately after SpyBot found numerous cookies that I had deleted with Ad-Ware, I thought. I hope these logs shed some light on my problem. Thanks very much for your time, I really appreciate going out of your way to help me with this issue.
     

    Attached Files:

  4. Exgamer

    Exgamer Private E-2

    Update: After running all of these programs, I downloaded the demo of Spyware Doctor on both computers. The new computer only registered 2 cookies, while the older computer that I reformatted less than 48 hours ago found Claria, CWS, and VX2.Look2Me.

    How is this even possible? After reformatting this PC, I barely surfed the Internet, looking at less than 5 safe sites, such as cnn.com, and majorgeeks.com. I have no idea how I'm getting all of this garbage on my PC.
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please only discuss one single PC in a thread.

    For the PC you posted logs for in message number 3, I see no signs of malware. We could dig a little deeper if you would like, but right now it seems more like you have a non-malware problem.

    If you want to dig deeper, try the below:

    Please download & run Blacklight Beta
    • Hit I accept. It will take you to download page.
    • Download blbeta.exe and save it to the Desktop.
    • Once saved... double click blbeta.exe to install the program.
    • Click accept agreement and Click scan
      This app too may fire off a warning from antivirus. Let the driver load.
      Wait for it to finish.
    • If it displays any items...don't do anything with them yet. Just hit exit (close)
    • It will drop a log on Desktop that starts with fsbl....big number
    Please attach the Blacklight log file here later when you finish other steps.
     
  6. Exgamer

    Exgamer Private E-2

    I ran Blacklight Beta, and the scan came up clean. Other than the first scan of Spyware Doctor, everything has been coming up fine.

    I'm absolutely stumped. My ISP is saying that I'm getting dumped on with hits from spyware, and thats why games are running slowly. I've reformatted hard drives, etc, so I really dont see how this is possible. Can spyware find me through my I.P. and put it on my comp without going anywhere, or do I have to visit a site that puts it on my computer to get it? Also, are a few cookies with numerous hits enough to drastically reduce my bandwidth?
     
  7. Exgamer

    Exgamer Private E-2

    I just ran Spyware Doctor a few hours later, after running Look2Me Destroyer. I ran Spyware Doctor once, no Look2Me. I run it a second time, it finds it. I did not look at a single website in between running Look2Me destroyer and finding it on Spyware Doctor. What is happening?!
     
  8. Exgamer

    Exgamer Private E-2

    Here is the original Look2MeDestroyer's log. I'm afraid to even use the internet now let alone try to play a game.
     

    Attached Files:

  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You do not have a Look 2 Me infection!
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Where is the proof! Do they have a log of IP address that have been trying to access your system. It is quite normal for bad sites (malware related) to attempt to access PCs on the internet. This is one reason why step 3 of How to Protect yourself from malware! is telling you to install a software firewall and you need to do this. In fact you should complete all steps in that procedure.

    Yes! Thus again the need for a firewall to block them from gaining access. A hardware firewall is not sufficient.
     
  11. Exgamer

    Exgamer Private E-2

    If I don't have a Look2Me infection, why does Spyware Doctor keep finding VX2.Look2Me when it scans? I'll delete it, and a few hours or the next day, it'll come up again. I've looked for the file that it claims is Look2Me in my Temporary Internet Files and it appears to be a .gif of Classmates.com. I'm confused on why Spyware Doctor would repeatedly (but not consistently) determine I have VX2 after Ive run all of these programs.
     
  12. Exgamer

    Exgamer Private E-2

    When I obtain a software version of a Firewall and clean the system again using all of the tools I have previously, should I consider the system to be protected and safe to use secure sites, etc with? Sorry I'm asking these noob questions but I don't have a great grasp of how these programs find me, as I'm sure you've noticed.
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's not a true Look 2 Me infection. And you would know if you had one because there are many other symptoms and a strange O20 line with a random DLL file name would show in HijackThis. In addition, Look2Me destroyer would find it and delete it. You don't have a true look to me infection.

    Attach a log from Spyware Doctor that shows what it is finding. Is this a paid version of Spyware Doctor.
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you complete ALL steps in the How to protect thread, you will be much more secure than you currently are. It is very important that ALL steps be completed and that you read other steps that are informative in nature. YOU are the first and last line of defense and are the greatest single risk to your security. Not being careful or understanding what you are clicking on while surfing is the biggest problem that most users have.
     
  15. Exgamer

    Exgamer Private E-2

    Unfortunately now I can't get a scan to find it. I do have the paid version of Spyware Doctor. I also installed the Symantec Firewall software. Is it normal to have LSA Shell and NT Kernel running as normal applications?
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What Symantec firewall are you referring too? Did you just buy one of Symantec's Internet Security Suites?

    And yes they are valid!
     
  17. Exgamer

    Exgamer Private E-2

    I downloaded the free Sygate Personal Firewall. About 30 minutes after the download, I just got a message that "somebody is scanning your UDP ports". The BackTrace did not contain my ISP's name, and the company is one I've never heard of.
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Now you see the reason for installing a firewall! But you need to complete the other steps! You still have no antivirus and your Windows OS is out of date. And that would only be the first three steps.
     
  19. Exgamer

    Exgamer Private E-2

    I installed McAfee, and as for the Windows, it is up to date on my new computer, but I'm having a difficult time finding the disk with the CoA to activate the older computer (the one being discussed) after re-formatting the hard drive. Otherwise I've followed every step to the T. Will the Sygate protect me automatically from something like outside networks trying to access my ports, or do I need to take more drastic measures?
     
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Where did McAfee come from and why wasn't it installed before if you already had it. And is it just the antivirus or was it a full security suite?

    If you don't get this PC upgraded to SP2, you will still have security holes.

    It should do a good job by default at blocking ports. ZoneAlarm is my first choice for a firewall. Sygate is okay but it is not a supported application anymore.
     
  21. Exgamer

    Exgamer Private E-2

    I wasn't clear in my first post, I apologize.

    Before I reformatted the computer in question, it had a constantly updated version of Norton AntiVirus 2005, as well as Spyware Doctor and SpySweeper (because I doubted SpySweeper's abilities). I've recently moved basically across the U.S., leaving all of my software etc on the east coast, because I didn't think I'd need it immediately. I reformatted the old computer this weekend out of desperation, and realized that I don't have the discs for SpySweeper or Norton with me. Hence, I bougth McAfee yesterday.

    As for the Windows CoA, it's looking like I'm going to have to buy a new copy of XP, because I don't have the slightest idea where the CoA sticker could be since its not directly located on my PC.

    I really appreciate all of your help. It's extremely frustrating to me and I'm sure it is to you as well. I just want my ability to play online games back.
     
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But I also asked this
    And Spy Sweeper is better than Spyware Doctor based on our experience. In fact it is much better.
     
  23. Exgamer

    Exgamer Private E-2

    It's just the VirusScan.

    SpySweeper made me nervous because Spyware Doctor consistently found numerous items that SpySweeper did not.
     
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That works both ways! But note that Spyware Doctor has more false positives and often detects only minor items that are no big deal. Also Spyware Doctor does come close to fixing many of the more difficult problems which Spy Sweeper can fix. Like Look2Me Vx2, Virtumonde and many more.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds