Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Still problems after removal of Transponder.VX2.A

Started by rob_jewitt , Sep 07 2005 07:04 AM

  • Please log in to reply

#1
rob_jewitt
Posted 07 September 2005 - 07:04 AM

rob_jewitt

    Member

  • Member
  • PipPip
  • 24 posts
Hi there, I hope you can please help...

I think that I must have some malware or spyware runnning as I've contacted my ISP regarding my terrible download speeds. Rarely do I download faster than 40 or 35 kb/s on a 1 meg broadband connection (top end 120 kb/s - average should be about 90 kb/s so said the technician). I've tested this by downloading files from the microsoft website.

Now I run Adaware SE and Spybot religiously every couple of days and they show nothing unusual. Norton 2005 did throw up a Keygen threat due to a dodgy version of Limewire Pro I had (now removed with all other p2p muck spreaders that were installed on my system). A lesson learned.

My ISP technician told me to RUN>> "cmd" and enter "netstat -a" and tell him how many lines of data appeared. He expected about 8 and I gave him over 60! Spyware city, he said.

I downloaded Microsoft Antispyware Beta on his recommendation and found a couple of threats lurking in my system (namely Transponder.VX2.A and Windows AdTools) which I duly removed. This is what it came up with:

Spyware Scan Details
Start Date: 07/09/2005 11:19:53
End Date: 07/09/2005 11:26:25
Total Time: 6 mins 32 secs

Detected Threats

Adware more information...
Details: Transponder.VX2.A is an Internet Explorer browser helper object that monitors Web page requests and data entered into forms and displays pop-up advertisements. Transponder.VX2.A also collects and sends personal information.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\windows\conscorr.ini
c:\windows\inf\conscorr.inf


Windows AdTools Adware
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll .Owner {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll


Warez P2P Software Bundler
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq\shell\open\command "C:\Program Files\Warez P2P Client\Warez.exe" "%L"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq URL:Warez_Query protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq URL Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez\shell\open\command "C:\Program Files\Warez P2P Client\Warez.exe" "%L"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez\shell\open\command "C:\Program Files\Warez P2P Client\Warez.exe" "%L"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez URL:Warez protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez URL Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq\shell\open\command "C:\Program Files\Warez P2P Client\Warez.exe" "%L"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq


eDonkey2000 Software Bundler
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 C:\Program Files\eDonkey2000\plugins\ed2kie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object


Detected Spyware Cookies
No spyware cookies were found during this scan.


Now when I RUN>> "cmd" and enter "netstat -a" there are only about 29 lines of info. But still, my download speed is about 35 kb/s! It should be here:
|
|
V

Posted Image

These images are from after the clean up.

I have also ran CWShredder (no results) and CleanUP! (no temp files etc left). I would appreciate any advice you can give me that would help improve my performance or clean up my act!
  • 0

Advertisements

#2
rob_jewitt
Posted 15 September 2005 - 11:57 AM

rob_jewitt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Right - got it fixed by an IT technician thanks anyway :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP