spyware issues

prowler13 · Oct 20, 2005

Hello,

I've taken over an IT Dept. and have a couple of systems that are running extremly slow. All the systems were still running Win98 before I got here and I have since upgraded them to XP Pro. Apparently the previous person never bothered with any windows updates so I assumed that there would be all kinds of garbage on the systems. Glad to see that by following the READ & RUN ME FIRST directions that I made a good assumption.

BitDefender found: Trojan.Clicker.Delf.R
RavAntivirus found: TrojanDownloader:Win32/Small.ZT
TrojanDropper:Win32/Small.NO.dam#2
TrojanScan found: Adware.Suggestor.f

Also ran Ewido security Suite (log attached)

prowler13 · Oct 20, 2005

Forgot to ask if I was not seeing something else since the system still seems sluggish.

Also, thanks for the great site and the neat tools

chaslang · Oct 21, 2005

The below items can be fixed using HJT! Observe all comments/notes.

Are these R0 & R1 lines what you want? If not, fix them with HJT.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

As a matter or practice, we do not believe anything should be in the hosts file except the default settings. So unless the below are necessary for company business, I would have HJT fix them.
O1 - Hosts: 192.9.200.1 metalfab
O1 - Hosts: 192.9.200.50 metfabhp
O1 - Hosts: 192.9.200.51 metalfabntsrv
O1 - Hosts: 192.9.200.60 cindygw

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/19eadc5de6c299eeb506/netzip/RdxIE.cab

Exit HJT after fixing the above.

There are no malware items showing in the logs now. Your PCs may be slow just due to trying to use WinXp on them. If they were running Win98, they are probably older, slower PCs with a small amount of memory on them. To run properly (everyone has a different opinion of what this means), WinXP needs a fair amount of horsepower and memory.
Also upgrading (if that is what you did instead of clean installing after a repartition and formatting) is not the best approach to using WinXP.

prowler13 · Oct 21, 2005

chaslang said:

The below items can be fixed using HJT! Observe all comments/notes.

Are these R0 & R1 lines what you want? If not, fix them with HJT.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb

This should be the default as this is the internal website of our Windows 2003 SBS

These next two are probably not necessary in my mind
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

As a matter or practice, we do not believe anything should be in the hosts file except the default settings. So unless the below are necessary for company business, I would have HJT fix them.

The first three are our servers of which in the next month or so the 2nd and third ones will be history. The fourth was the old computer name
O1 - Hosts: 192.9.200.1 metalfab
O1 - Hosts: 192.9.200.50 metfabhp
O1 - Hosts: 192.9.200.51 metalfabntsrv
O1 - Hosts: 192.9.200.60 cindygw

I will get rid of the ones below
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/19eadc5de6c299eeb506/netzip/RdxIE.cab

Exit HJT after fixing the above.

There are no malware items showing in the logs now. Your PCs may be slow just due to trying to use WinXp on them. If they were running Win98, they are probably older, slower PCs with a small amount of memory on them. To run properly (everyone has a different opinion of what this means), WinXP needs a fair amount of horsepower and memory.
Also upgrading (if that is what you did instead of clean installing after a repartition and formatting) is not the best approach to using WinXP.
Click to expand...

I did just upgrade, but that was because they had way too much information stored on the local machine. It has since been moved over to the server.

The box is a P3 930MHz with 256 MB of RAM

Any other information regarding my additional information and or comments to your reply would be appreciated. Thanks

chaslang · Oct 21, 2005

prowler13 said:

I did just upgrade, but that was because they had way too much information stored on the local machine. It has since been moved over to the server.

The box is a P3 930MHz with 256 MB of RAM

Any other information regarding my additional information and or comments to your reply would be appreciated. Thanks
Click to expand...

Well this is not a discussion for this forum but here is what I would say.

512 Mb of RAM would be a lot better but what you have should run okay. What are you comparing it too when you say it is slow?

Since all your data is now saved elsewhere, you may want to try a test.
- take one of these PCs out of commission and do the below
- start from scratch with a full clean windows install (repartition with NTFS and reformat)
- do a clean install of Windows XP

See if this experimental machine appears to run better. Is it a significant improvement that would be worth doing on the others?

Log in or Sign up

spyware issues

prowler13 Private E-2

Attached Files:

Scan report_20051013.txt.txt

hijackthis1.log

prowler13 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

prowler13 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member