Need help w/ Spybot Winpup 32 Ungultiger Datentyp fur error

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by DFCA, Aug 24, 2004.

  1. DFCA

    DFCA Private E-2

    Hi, I am having a prob with the above error. A knowledgable friend directed me to an earlier posting on this website which I was not able to follow through on in order to repair my registry - http://forums.majorgeeks.com/archive/index.php/t-36820. He thought this might be the reason my computer is running extremely slow.

    When I went into my registry under the suggested categories, there was nothing in the right panes to edit. I also do not have backup wizard installed on my XP and can't remember how I managed to create a registry backup last week without it. Sorry for my lack of expertise and thanks for any help.
     
    DFCA, Aug 24, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That error message is due to a bug in SpyBot. I believe it is fixed in a beta version they have but the beta version has some other issues. It may be best to wait for an official release.

    As for your slow PC, a better description of what you mean would be useful. If you mean, when you go online to surf it seems slow and you are suspecting some form of malware, please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    Why do you think you have the W32.Xabot.Worm? Did I virus scan show this?

    And if you need to make backups of your registry, check out Erunt: http://www.majorgeeks.com/download1267.html
     
    chaslang, Aug 24, 2004
    #2
  3. DFCA

    DFCA Private E-2

    Thanks. I have done many of these things already including Ad Aware SE, Norton, and Spybot which is where I got the Datentyp message but it said Winpup 32 not xabot. I will retry the steps in the sticky thread to see if anything else comes up. As for the computer running slowly, I was referring to the time it takes programs,files etc to open. Things are moving at a snail's pace compared to when the computer was new and I have not added a lot of software and the majority of my memory is free.
     
    DFCA, Aug 24, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Aug 24, 2004
    #4
  5. DFCA

    DFCA Private E-2

    I ran everything you suggested (except ravant b/c i didn't know which specific files to check) and here are the results:

    Windows Security

    Starting scan at 16:45:39:384...
    Scan Memory
    Memory not infected
    Scan folder: 'C:\', recursive
    Unable to scan C:\System Volume Information - Access is denied.
    Finished scan at 17:19:00:603
    Total number of files is 49388, number of infected files is 0
    Average files per second is 25, average file size is 6166096

    Bitdefender

    Memory ok
    Master Boot Record 80 ok (Unknown MBR/Boot Code)
    Partition Boot 1 (primary) (active) ok (Windows NT 2000 NTFS)
     
    DFCA, Aug 26, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still have not completed the rest of the items from the Sticky thread I gave you in my first message:
    < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >


    You must run all of the items there. You only said you ran "Ad Aware SE, Norton, and Spybot "
    The only items you do not have to run are about:Buster and HSremove. Please run everything else.
    And let's not discuss the Ungultiger Datentyp fur error anymore. Ignore it! It is a bug in SpyBot.

    And run the Ravantivirus link. Select Auto Clean and then Scan My PC.
    Post results from all the above. The Read Me link also has two other online scans that you must run.
     
    chaslang, Aug 26, 2004
    #6
  7. DFCA

    DFCA Private E-2

    Sorry for the miscommunication on the others. Did run but forgot to send logs. Here they are:

    CWShredder v1.59.1 scan only report
    Please understand that a CWShredder 'Scan only' report
    might not be sufficient to troubleshoot an infected system.
    You can use HijackThis for that:
    http://www.merijn.org/files/hijackthis.zip
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip

    Windows XP (5.01.2600 SP1)
    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\System32
    AppData folder: C:\Documents and Settings\David Furth\Application Data
    Username: David Furth

    Found Hosts file: C:\WINDOWS\System32\drivers\etc\hosts (734 bytes, A)
    Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
    UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
    Found Win.ini file: C:\WINDOWS\win.ini (703 bytes, A)
    Found System.ini file: C:\WINDOWS\system.ini (227 bytes, A)

    - END OF REPORT -

    Kill2me said nothing wrong. Ran CC. Ad Aware no critical objects and VX2 clean.

    Spybot:

    6 DSO exploits - HKEY_USERS\S-1-5-18, 1-5-21...1006, 1-5-21...1003, 1-5-20, 1-5-19, and DEFAULT - all from Microsoft\Windows\Current Version\Internet Settings\Zone\0\1004!=W=3. Then used the fix function.

    Hijack this:


    RAV:

    Scanned
    ============================
    Objects: 45166
    Directories: 3121
    Archives: 11861
    Size(Kb): -580105
    Infected files: 0

    Found
    ============================
    Viruses found: 0
    Suspicious files: 0
    Disinfected files: 0
    Mail files: 484


    Not sure if I'm supposed to run #4 concerning HSA. If so or anything else please let me know - I'm not terribly proficient with this stuff. And thanks again for all your help.
     

    Attached Files:

    Last edited by a moderator: Aug 26, 2004
    DFCA, Aug 26, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It still does not look like you ran the TrendMicro or PandaSoftware scans. If you did, I would see O16 lines for them in you HijackThis log just like we see for bitdefender.

    When running CWShredder you should select Fix otherwise any problems found will not be fixed.

    I did not ask for a HijackThis log. I guess you misinterpreted the last step of the thread you read. But it did tell you to read the HJT tutorial link which states:

    Notes! Due to Hijack This logs destroying search engine and website searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your logfile, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, email, items in the tray, anything you can close... Close before running Hijack This!

    Do not to install Hijack This to the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT

    Notice that you are running both CWShredder and HJT out of the ZIP file. Do not do that!
    And do not have CWShredder, Ccleaner, Firefox etc running when doing HJT scans (shut down everything you can, especially browsers like Firefox & IE, before scanning with HJT to keep logs smaller)!

    At anyrate I have turned it into an attachment for you.

    Fix the below R0 line using HijackThis:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = +w

    Did you place this restriction on IE Control Panel using a piece of software. If not, fix the below line.
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Based on your log you do not need to do anything with HSremove or about:Buster.

    I think we are done. Unless you have any other problems!
     
    Last edited: Aug 26, 2004
    chaslang, Aug 26, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds