Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Issue


  • Please log in to reply
7 replies to this topic

#1 lognstone

lognstone

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 02 June 2006 - 09:55 AM

I have XP home on a laptop. I have what I have been told is an extremely difficult to find malware that is preventing me from fully utilizing the internet. I had ad-aware (lavasoft) and have Spybot Search and Destroy and scans by them found errors, fixed them but the problem still exists. (My Spyware Doctor found 186 errors that Lavasoft missed by the way.) I was told by a good friend who works for Intel that from my description of the issue, it sounded exactly like the problem her daughter had, a malicious malware that was nearly impossible to find. She told me her daughter had used a program called Adware-Away to find it. My problem is this. I have purchased the Spyware Doctor Professional edition, The Sheild2006 antivirus and associated firewall, and PCtools Registry Mechanic. I am wireless running at about 115kbs and the combined download time for the updates alone totals around 8-10 hours. I have found the Adware-Away free 90 day trial download, but in order to utilize it, it tells me I have to completely remove all of my protections, not merely disable them. I also have the antivirus and spyware protection of Earthlink running, and Windows SP2 protection updated and running.

The best way for me to describe the issue's symptoms are with one or two examples. I am a chat room moderator in Talk City (or was at the present time). In order to join the chat, my procedure is as following.

First I open my browser then go through the following procedure.

Favorites>TalkCity40splus>Login>Join Chat

Everything works until I click on join chat at which point the applet won't load and I am bounced back to desktop, my internet connection still intact but it simply will not let me join the chat. Should I choose to visit the rooms homepage option instead of join chat it allows me to go there and post to the discussion page.

Before you suggest it is a Talk City issue... (I have reloaded Java, scanned it for issues, found none)... I have been told others in the room are experiencing the same problem.) (coincidence?)

The problem persists in other areas too. I recently tried to find a specific picture of a job someone wanted me to duplicate. The process was...

Builder's website>home examples>specific home>individual pictures

Again, everything worked up to the last click where I was immediately bounced back to desktop...internet connection still intact.

I have contacted Spyware Doctor's support and they have given me log requests of my scans, of which I have sent them 2. It's been weeks since they stopped responding to my emails. I'm afraid I got a bit testy with them claiming that all of their suggestions did not work (reinstalling, etc.), and maybe they were afraid to admit someone else's program would work better in this case. They stopped answering my emails.

The obvious solution is to remove all of my protection, use the Adware-Away program, find the problem, fix it, and then reload (10 hours plus) all of my protections. Have any suggestions? Finding 10 hours in the middle of the night is difficult, (only time the 4 servers for the updates are available without freezing up my computer just short of the 5,000,000 bytes of download time at 115 kbs). The thought of leaving my computer unprotected all night frankly scares me considering how I got to this point now. I don't visit any threatening sites...basically only TalkCity.com, read my email, and occassionally Yahoo.com or MSN messenger.

All of my updates are complete and installed, I automatically do scans nightly with all of my protection programs and still cannot find this problem. I was even told to do a scan in safe mode which I did last night and only found one low risk cookie, deleted it and yet the problem still exists. Any suggestions?

Thanks...

Randy

Thanks...

Mod Edit: Topic moved to a more appropriate forum - QM7

Edited by quietman7, 02 June 2006 - 10:00 AM.


BC AdBot (Login to Remove)

 


#2 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:06:47 AM

Posted 02 June 2006 - 10:22 AM

DO NOT REMOVE YOUR PROTECTION! After checking the rogue program list: http://www.spywarewarrior.com/rogue_anti-spyware.htm for Adware Away, it isn't a rogue program but a program that Eric Howe dubs lesser known/netrual where as Eric rates Spyware Doctor as one of the top 5 anti-spyware programs; so, replacing your current protection with this so-so program would not be in your best interest. It's hard to pinpoint your problem and considering the fact that you have some of the most powerful and comprehensive anti-malware tools, I'm surprised your still infected, so I'm advising the use of HiJackThis (HJT). Please read the follow tutorial on how to use it:

http://www.bleepingcomputer.com/tutorials/tutorial42.htm

A few tips of advice:

Please post your HJT log in the appropriate board, posting it elsewhere will only delay a response.
DO NOT alter your computer (delete things, install things, etc.) after posting your HJT log unless advised to do so by an experienced HJT Team Member.
Relax and enjoy life until a HJT Team Member arrives. We are rather busy here at BC and a HJT Team Member will get to you ASAP with professional and expert cleaning advice. :thumbsup:

Edited by Elendil, 02 June 2006 - 10:23 AM.

Stanford '14
B.S. Candidate | Computer Science

#3 lognstone

lognstone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 02 June 2006 - 02:51 PM

Thanks for your help...for your information...your posted link got me a 404 error... I'm going to try and do it from the homepage...finally I feel like someone might be able to help me....

Randy

#4 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:06:47 AM

Posted 02 June 2006 - 03:01 PM

Glad I could give you hope, but do note that I am an experienced novice-moderately experienced at best. BC (BleepingComputer) has a gigantic number of high experienced - expert/profressional anti-malware experts. Most of the official HJT Team Members are at the near-expert if not expert level. Once your log is posted, it might take a couple of days for a HJT Team member to get to it because we are rather busy, but rest assured, once a HJT Team member gets to your log, you are in good hands and your computer is on an immediate path to recovery.
Stanford '14
B.S. Candidate | Computer Science

#5 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:47 AM

Posted 02 June 2006 - 10:40 PM

You may want to download java from Sun Microsystems though and see if that clears up the java problem (it should).
http://www.java.com/en/download/index.jsp

Then download Firefox and use it instead of IE for everything except online scans and Windows Updates which require Active X.
http://www.mozilla.com/firefox/

After you do that, go back to your HJT log post and edit and replace the log, replacing it with a new one, explaining what you did.

Edited by Enthusiast, 02 June 2006 - 10:40 PM.


#6 lognstone

lognstone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 06 June 2006 - 08:32 AM

It might seem that I am becoming impatient, in reality I probably am a bit on the itchy side, but I do have a question.

After reviewing my Highjackthis scan results I noticed the following entry...

O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing

Now, could this potentially be my problem and not, as suspected, a malware issue? If so, after analysis of my scan by BC, can I reload XP over my current system from my recovery disks to install the .dll file? Is that even where it resides? How did it get deleted? What exactly is a LSP provider? And for that matter what is the "farlsp.dll" file?

So many questions.... maybe I'll set off on a googling adventure on my own, just because my access is broken. I would appreciate any input anyone might have. I posted this here so all of my background info would be readily available for reference. I hope posting this is appropriate and in compliance with policy.

Thanks

#7 lognstone

lognstone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 06 June 2006 - 09:11 AM

Well after a very brief but extremely informative journey to ask.com I discovered a post that could have been written by myself, same issues, same problem, same scenario.

From what I read, there are sites to fix missing .dll files. My new question is... after being told not to alter (download or delete) my computer's contents until analysis of my scan results is completed....would it affect my potential recovery to download the free .dll fix program and scan and repair the missing file?

I have been without complete Internet access for well over a month now and frankly I don't have much hair left to pull out...

Thanks again

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:47 AM

Posted 06 June 2006 - 10:28 AM

Broken Internet access can be caused by various types of Layered Service Provider or LSP software installed on a system. LSPs are designed to integrate directly into the computer's TCP/IP layer - the protocol used to communicate on the Internet. The LSPs are installed in such a way that each LSP in the TCP/IP handler are chained together. However, due to Winsock Hijackers, bugs in some LSPs, deletion of the software or incorrect removal, this chain can become broken, resulting in loss of ability to connect to the Internet.

According to the database I searched, farlsp.dll is a valid LSP related to Farstone HackerSmacker Firewall. If you used that firewall and failed to uninstall it properly before using PCSecurityShield's firewall that could be your problem.

There is a special fix tool for this but since you already posted your log, I recommend that you be patient a little longer and wait for a response by the HJT Team staff so they can guide you along. You can edit your HJT log topic to include a note at the top or bottom that you previously used and removed Farstone if that is the case.

Edited by quietman7, 06 June 2006 - 10:36 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users