Pentium II Probable spyware issue

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by crazybelgium, Oct 9, 2004.

  1. crazybelgium

    crazybelgium Private E-2

    My family has an old, Pentium II running Win98. It has been lagging extremely badly recently, with extreme lag issues. The processor is also usually at 100% usage, even when the computer is not being used.

    All the steps that can possibly be run from the "Read this first" basic spyware removal thread have been run, awaiting assistance.

    Thank you.
     
    crazybelgium, Oct 9, 2004
    #1
  2. crazybelgium

    crazybelgium Private E-2

    Addendum to the above - when the computer is told to shutdown, it does not shutdown, and instead just displays the wallpaper. To shutdown the computer, we must manually push and hold the powerbutton until the power cuts off.
     
    crazybelgium, Oct 9, 2004
    #2
  3. crazybelgium

    crazybelgium Private E-2

    Addendum #2: One of my parents just deleted "user.dat" and although the system is running much faster, it doesn't really work anymore. Suggestions on fixing this would also be very welcomed.
     
    crazybelgium, Oct 9, 2004
    #3
  4. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Attach a logfile please.
     
    Major Attitude, Oct 9, 2004
    #4
  5. crazybelgium

    crazybelgium Private E-2

    Will as soon as I can, my father decided to try to reinstall Windows.
     
    crazybelgium, Oct 10, 2004
    #5
  6. crazybelgium

    crazybelgium Private E-2

    HJT log.
     

    Attached Files:

    crazybelgium, Oct 10, 2004
    #6
  7. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    You did not do the online virus scans. You appear to have a trojan and hijack. I assume SpyDeleter was uninstalled if you did not already. Personally, I am a fan of removing unknown programs via add\remove programs before any cleaning anyhow.

    Remove:

    C:\WINDOWS\SYSTEM\BSXHLWAB.EXE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\SYSTEM\AANTX.DLL
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM219.DLL (file missing)
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\SYSTEM\NVMS.DLL
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL
    O2 - BHO: (no name) - {79C79294-06E8-5306-7B4E-832C5E5609D5} - C:\WINDOWS\Aoxqcbqr.dll
    O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
    O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
    O3 - Toolbar: Search - {A9A0443E-FDB1-952D-606D-15C1A6A15629} - C:\WINDOWS\Aoxqcbqr.dll
    O4 - HKLM\..\Run: [TV Media] C:\WINDOWS\TV MEDIA\Tvm.exe
    O4 - HKLM\..\Run: [TV Media] C:\WINDOWS\TV MEDIA\Tvm.exe
    O4 - HKLM\..\Run: [vtrtbrqtv] C:\WINDOWS\SYSTEM\BSXHLWAB.EXE
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
    O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
    O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
    O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
    O9 - Extra 'Tools' menuitem: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    Let us know.
     
    Major Attitude, Oct 10, 2004
    #7
  8. crazybelgium

    crazybelgium Private E-2

    As noted, I did as much of the thread as I could, but there were some items, such as the online virus scans, that would not run.

    Yes, we removed as much of that stuff as physically possible, I believe that SpyDeleter was only several links, though.

    New log.
     

    Attached Files:

    crazybelgium, Oct 10, 2004
    #8
  9. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Any other problems with your PC now?

    Remove:
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
    C:\WINDOWS\LOCALNRD.DLL
    O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
    O9 - Extra 'Tools' menuitem: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)


    Let us know!
     
    Major Attitude, Oct 10, 2004
    #9
  10. crazybelgium

    crazybelgium Private E-2

    Those "O9"s keep coming back. That's the main problem that we still have. That, and it doesn't connect to the internet since before applying the previous fixes, and after the noted windows reinstall.
     
    crazybelgium, Oct 10, 2004
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    For the SpyDeleter problem, do the below:

    Click Start, Run, and enter into the box the following without the quotes "Notepad"
    Now copy and paste the contents the next 3 lines (including the blank line) into the notepad window.
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB74C951-ACA1-4e33-A94C-A9261EB2CCB7}]


    Now save it as file name: "delspy.reg" (without the quotes).
    Use Save as file type: All files (*.*)
    Save it on your Desktop where it is easy to locate.

    Now on your Desktop double-click on delspy.reg.

    At the prompt "Do you wish to merge the information into the registry?"
    Answer 'Yes' and wait for a message to appear similar to "Merged Successfully".
     
    chaslang, Oct 10, 2004
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds