"Not currently active...may cause trouble in future"

Discussion in 'Malware Help (A Specialist Will Reply)' started by Judith Stein, Oct 24, 2006.

  1. Judith Stein

    Judith Stein Private E-2

    Nontecchie here...

    I'm running WinXP Pro, AVG Free, and Windows Defender installed and updated.

    Browsing with IE has recently become very slow, not able to finish loading some pages at all. The degree of slowness varies, and the inability to finish loading pages is intermittent. Some pages load normally, if a bit slower than usual. Log-in and other secure pages are the worst problems.

    I've suspected either spyware, or some problem with my cable system (Comcast).

    To check out the first possibility (before the hassle of contacting Comcast), I ran PC PitStop's free spyware scan. It came up clean for "High Level" threats but found three it classified as "Medium Level" threats, which it said are "not currently active on computer, but may cause trouble at some point in the future."

    I'm uncertain what this means. If these programs are on my system, why are they not currently active? And how might they cause trouble in the future? What would trigger them to cause trouble?

    The three are:

    Protected Storage PassView 1.60 (Password cracker) (4
    instances)
    PeopleOnPage.AproposMedia (Hijacker)
    EliteMedia (Adware)

    From what I've read on the Web about these, I gather:

    Protected Storage PassView is a benign (?) utility, but I'm not sure why it's on my system or why I have four instances of it.

    PeopleOnPage.Apropos Media, if it were active, would seem a likely culprit in slowing down my system. I'm not aware of any hijack attempts, though, and PC PitStop says it isn't active.

    I've gotten a few pop-unders recently, which could be from EliteMedia if it were active, but PC PitStop says it isn't active.

    Can I trust PC PitStop when it says these programs aren't currently active? If they aren't affecting my system, then can I conclude the slow-browsing problem is with my cable system and not with malware?

    Should I try other free spyware scans?

    How urgent is it to get rid of these three medium-level threats, considering that they supposedly aren't active?

    I'm not skilled enough to try removing them on my own; I'll need to purchase a spyware removal app. Recommendations?

    (I just tried to Preview this post, but got a blank page with "Opening page..." on the status bar, which sat there for several minutes before I aborted and came back to the message window. Now I'm going to try to just Submit it without previewing.)

    Thanks for any advice.
     
    Judith Stein, Oct 24, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi Judith and Welcome


    Persoanally any threat on your PC should be delt with no matter, wether its High level or Medium and Low, they are all potential issues which need clearing up, below is our initial steps in getting your PC to a point were we have a good understanding of whats going on which is why those steps need to be carried out in order, then once completed ( yes I know it looks long and tedious but its helped many thousands of PC users who have been infected with malware of some sort ) attach the requested logs.

    Just take your time and if you hit any snags just let us know and we can then advise.

    Once all the steps are complete you may well still have some infections, but thats were the logs come into their own, once our resident experts have looked over them they will post some tailored instructions for you to follow in cleaning up the rest... they are very sucessful at this.


    Our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    DavidGP, Oct 24, 2006
    #2
  3. Judith Stein

    Judith Stein Private E-2

    Thank you! Not my first time here, but it's been awhile.

    I appreciate your post, but I figured out another way to answer the question I had asked--i.e., whether I had a spyware problem, or a Comcast cable problem. So simple I don't know why I didn't think of it right away: I switched to my dial-up account. On dial-up, IE behaves perfectly (at this point it's significantly faster than my cable connection and has no problem loading pages).

    I conclude from this that there's something wrong either with my cable modem or my physical cable wiring, and that the "Medium Level," "not currently active" malware PC PitStop found is indeed not causing the slowdown on my cable connection.

    I'll get around to dealing with that apparently inactive malware once I've dealt with the cable connection problem. Having a functioning broadband connection is my top priority, since I use it constantly in my work.

    I'd still like to know what PC PitStop means by "not currently active but may cause trouble in future" means, though. Is it possible that the malware has been quarantined somehow by AVG Free or Windows Defender, so that it's harmless, but PC PitStop could see it when it did the scan?
     
    Judith Stein, Oct 25, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Actually this is not necessarily a valid conclusion. Malware will typically cause more problems on a high speed (ethernet) interface than it will for a dial-up interface. So it is quite possible that the problem is not with Comcast but with your PC as you interface to Comcast.

    It simply means exactly what it says. They found files related to the an infection, however, the infection is not currently active/causing problems. But it could allow the spread of the infection if something/someone were to access/run those files. There for the files should be removed to prevent this from happening.
     
    chaslang, Oct 26, 2006
    #4
  5. Judith Stein

    Judith Stein Private E-2

    OK, that's good to know, thanks. However, about three days ago, the problem mysteriously went away, and I'm now back to normal browsing speed on my cable connection. Is that something that happens with malware? It had been getting worse and worse over a couple of weeks, then disappeared.

    (PC PitStop: "Not currently active...may cause trouble in future")

    I do plan to deal with the files. I'm just confused as to how there could be malware on my system that isn't active. By "something/someone" do you mean something I would do inadvertently, or someone who would tap into my system from the outside?
     
    Judith Stein, Nov 1, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No that would not be normal behaviour for malware, but anything is possible these days. Also it is possible that something recently removed malware that you did not notice. It is also possible that your cable company had problems and fixed them. Maybe they were even weather related! (were you having bad weather at the time?)

    This happens all the time. Infected files can exist but the procedures that load them may have been removed. If you were to run the files (if they are any kind of executable file) or you ran something else that could open the file and cause a script of some sort to run, then you could get reinfected. Also many time there are just left over registry keys from an infection that was removed. They keys may still be detected but the infection is really gone. This is even true of valid software. If you install McAfee on your PC that never had anything from McAfee, and then uninstall McAfee, there would be dozens of leftover registry keys from McAfee. Software packages do not do a complete job of uninstalling/cleaning up after themselves. That is just the way it is.
     
    chaslang, Nov 3, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds