Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Still problems after removal of Transponder.VX2.A


  • Please log in to reply

#1
rob_jewitt

rob_jewitt

    Member

  • Member
  • PipPip
  • 24 posts
Hi there, I hope you can please help...

I think that I must have some malware or spyware runnning as I've contacted my ISP regarding my terrible download speeds. Rarely do I download faster than 40 or 35 kb/s on a 1 meg broadband connection (top end 120 kb/s - average should be about 90 kb/s so said the technician). I've tested this by downloading files from the microsoft website.

Now I run Adaware SE and Spybot religiously every couple of days and they show nothing unusual. Norton 2005 did throw up a Keygen threat due to a dodgy version of Limewire Pro I had (now removed with all other p2p muck spreaders that were installed on my system). A lesson learned.

My ISP technician told me to RUN>> "cmd" and enter "netstat -a" and tell him how many lines of data appeared. He expected about 8 and I gave him over 60! Spyware city, he said.

I downloaded Microsoft Antispyware Beta on his recommendation and found a couple of threats lurking in my system (namely Transponder.VX2.A and Windows AdTools) which I duly removed. This is what it came up with:

Spyware Scan Details
Start Date: 07/09/2005 11:19:53
End Date: 07/09/2005 11:26:25
Total Time: 6 mins 32 secs

Detected Threats

Adware more information...
Details: Transponder.VX2.A is an Internet Explorer browser helper object that monitors Web page requests and data entered into forms and displays pop-up advertisements. Transponder.VX2.A also collects and sends personal information.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\windows\conscorr.ini
c:\windows\inf\conscorr.inf


Windows AdTools Adware
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll .Owner {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll


Warez P2P Software Bundler
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq\shell\open\command "C:\Program Files\Warez P2P Client\Warez.exe" "%L"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq URL:Warez_Query protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq URL Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez\shell\open\command "C:\Program Files\Warez P2P Client\Warez.exe" "%L"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez\shell\open\command "C:\Program Files\Warez P2P Client\Warez.exe" "%L"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez URL:Warez protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warez URL Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq\shell\open\command "C:\Program Files\Warez P2P Client\Warez.exe" "%L"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\warezq


eDonkey2000 Software Bundler
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 C:\Program Files\eDonkey2000\plugins\ed2kie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object


Detected Spyware Cookies
No spyware cookies were found during this scan.



Now when I RUN>> "cmd" and enter "netstat -a" there are only about 29 lines of info. But still, my download speed is about 35 kb/s! It should be here:
|
|
V

Posted Image

These images are from after the clean up.

I have also ran CWShredder (no results) and CleanUP! (no temp files etc left). I would appreciate any advice you can give me that would help improve my performance or clean up my act!
  • 0

Advertisements


#2
rob_jewitt

rob_jewitt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Right - got it fixed by an IT technician thanks anyway :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP