Need help with malware on a WinXP laptop

Discussion in 'Malware Help (A Specialist Will Reply)' started by AndrewC, Aug 26, 2012.

  1. AndrewC

    AndrewC Private E-2

    Hi, I've been asked to look at my brother-in-law's Dell laptop running XP.

    When I first looked at it last week, it was un-usably slow and would not connect to the Internet via Wifi; the icon for the Wifi adapter in the System Tray was red.

    I followed your steps as posted in the how-to: I ran CCleaner, then RogueKiller; the RogueKiller log is attached. I ran Malware Bytes Anti-Malware; that log is attached. Next I ran Hitman Pro, but I can't seem to locate the log, so I ran it again tonight and attached the log.

    Finally, I ran MG Tools and that log is attached. I then had to shut down the PC; when next I booted it up, the Internet connection worked, and still works tonight; but the PC is still slow, and I'm worried there may still be stuff lurking. I'm also worried that Hitman says there are Proxy servers configured; there should not be any, and the Internet settings don't show any. Unless maybe that is part of the remote desktop software I use to help him sometimes (TeamViewer)?

    Could someone please take a look at my logs and let me know if you see anything still hanging around? I'm only able to check the forums at night, so I will check each evening.

    Thanks a lot for your time,

    -Andy
     

    Attached Files:

    AndrewC, Aug 26, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There is a possible partition and MBR infection here as noted by RogueKiller and also by info from MGtools showing the below partition in red
    Code:
    Partition Disk #0, Partition #0 
Partition Size 47.03 MB (49,319,424 bytes) 
Partition Starting Offset 32,256 bytes 
Partition Disk #0, Partition #1 
Partition Size 49.78 GB (53,456,094,720 bytes) 
Partition Starting Offset 49,351,680 bytes 
[COLOR=red]Partition Disk #0, Partition #2 
Partition Size 4.64 GB (4,984,519,680 bytes) 
Partition Starting Offset 53,513,671,680 bytes[/COLOR]
    Do you have have your WIndows XP boot CD?
     
    chaslang, Aug 28, 2012
    #2
  3. AndrewC

    AndrewC Private E-2

    H Chas,

    Thanks for looking at the logs.

    I do have one or two Windows XP boot CDs around; I don't think any of them are the original from this laptop. One of the ones I have is also for a Dell laptop. I know some of these OEM CD-ROMS are only happy on PCs from the same manufacturer; that shouldn't be an issue here. I have to check, but I think this infected laptop is running XP Home, and my boot disks are for XP Pro; is that a problem? If it is, I might be able to get hold of the original, but not until this weekend.

    What steps do I need to take once I have the CD? I am comfortable running commands at the prompt, just tell me what I need to do.

    Thanks,

    -Andrew
     
    AndrewC, Aug 29, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay well before we go about deleting that 4 GB partition that I flagged, is this PC stillhaving any form of problems?

    If it is, I will be having you create a special bootdisk containing G-Part that we will use to remove the partition.

    Having the Windows Boot CD, is a precaution incase the MBR needs to be rewritten.
     
    chaslang, Aug 31, 2012
    #4
  5. AndrewC

    AndrewC Private E-2

    I've been trying not to use it too much, but the one thing I've noticed is that it still seems slow. Other than that, I haven't noticed anything yet.


    -Andrew
     
    AndrewC, Aug 31, 2012
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well the only possibly thing to do is delete the partition I pointed out. There is no guarantee that this is the problem, but it is the only thing that is in question. We can do this if you want, but I would recommend backing up all important data to an external drive or to DVD before doing this.
     
    chaslang, Sep 1, 2012
    #6
  7. AndrewC

    AndrewC Private E-2

    Chas-

    Do you recommend deleting the partition? If you think it won't cause problems, I'll just leave it. It's very possible that the slowness is due to the age of the PC rather than malware.

    I'll go with your recommendation here, I just don't want his PC to be reinfected again in a couple of weeks if that partition causes the malware to re-download.


    Thanks,

    -Andrew
     
    AndrewC, Sep 4, 2012
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Now that you mentioned it, I checked into those details in your logs which shows the below
    Code:
    Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~798 Mhz 
Total Physical Memory 1,024.00 MB 
Available Physical Memory 601.89 MB
    Yes this PC is way to slow to be used with Windows XP. And in addition, we do not recommend any less than 2GB with Win XP these days. I doubt your PC even supports that much memory but even if it did, the processor speed and type is just too out of date to properly/efficiently run current versions of Windows.

    I would leave the partition alone and live with the slowness until you can manage to purchase a more current PC. ;) Other things you could do is remove that McAfee Security Suite and use some tools that are not so resource intensive.
     
    chaslang, Sep 5, 2012
    #8
  9. AndrewC

    AndrewC Private E-2

    Yup, I've been recommending to my brother-in-law that he replace this thing for awhile now; it was reasonably fast when he bought it, but it's showing its age, plus it's pretty much impossible to secure XP against the sophisticated malware out there these days, it seems. He's just trying to squeeze a couple more months out of this one before he gets a new laptop.

    What do you recommend as a lighter-weight security suite? AVG Free?


    -Andrew
     
    AndrewC, Sep 5, 2012
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's not so much the age as it is the changes to the software on the PC. Original barebones Windows XP did not require as much horsepower as current XP SP3. The same is true for other software that has been updating especially protection software. Modern protection software requires MUCH MUCH faster and much more memory.

    Vista and Win 7 are no more secure in reality.

    No way. And I don't typically recommend security suites as they contain too much other baggage you don't really need especially on a slow outdated PC like this. You can try Avira for antivirus and it includes antispyware too. And stick to the Windows XP firewall to try and save on resources. Not ideal but you have to work within the constraints of the CPU. In fact on such an old processor, you really cannot get to great of performance unless you leave off the security software. Not really a great thing to do but it would improve performance while increasing the risk of infection.
     
    chaslang, Sep 6, 2012
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds