Sloth like performance 2

[Happo]

Hi guys. Current issue is with a 1GHz P3,Xp Pro, 256 ram, Nvidia GEForce, it is running very slowly (5secs to open start menu). I have seen this computer in the past and it was a very stable machine, apparently it suddenly reverted to sloth-mode about a week ago. It was riddled with mal/spy/ad ware and there seems to be some I just can't shake. Symantec AV was installed but hadn't updated for 12 months, ditched that and installed AVG and it keeps finding the same virus, variations of backdoor.hacdef. So far I have run: spybot, adaware, spy sweeper, trojan remover, pestpatrol, kaspersky and avg. They are all finding things (including some that 'eat' resources) but what I don't understand is that they are finding them repeatedly. This is a home computer that has only ever had infrequent dial-up access. Any ideas would be appreciated as always...

 

[bcastner]

See linney's notes in this thread: thread779-900378

Computer columnist John Dvorak believes (and I agree) the issue lies in the registry. The registry should get cleaned of old entries, and optomized. This leads to an often contentious debate as to the best tool for this. I will just say that I use two:

. jv16

http://www.vtoy.fi/jv16/shtml/jv16powertools.shtml

. and
the ERUNT/NTREGOPT suite:

http://home.t-online.de/home/lars.hederer/erunt/

 

[phantasus]

You might want to try and disable System Restore and then run Ad-aware, Spy Spot and so on...

I have found that spy ware can hide in the system restore too like a virus. Once fully removed enable the system restore.

Also a good program to use is Spy Sweeper, it can be located here -->

http://www.webroot.com/

I have found that to find allot more things then Ad-aware and some of the others.

 

[Happo]

This has become quite bad. Computer is barely even usuable now (slow). Whatever 'it' is, is killing processes at will, especially anything to do with trying to remove 'it'. I continue to run AV progs and they continue to find variations of the Backdoor.HacDef virus. bcastner, reg opt progs don't seem to help...Phantasus, am already using spy sweeper, nice prog, will try system restore technique tonight and let you know.
I have encountered several cases of the same problem and symptoms in my online investigations, no one seems to have found a fix yet though, apart from writing zeroes on the drive and starting again...I shall persevere

 

[linney]

This was interesting and rather worrying.

http://www.cyberscrub.com/antivirus/bank/backdoor.html

You might like to visit this site and have a look at TDS-3 and Process Guard, and then pick over their freeware.

http://www.diamondcs.com.au/index.php?page=products

 

[Happo]

Update, problem is fixed, I wanted to be certain before I posted it though. I turned off system restore and as soon as I restarted AVG detected a virus before the login screen and Healed it, which it had not done before. I didn't see where it was actually located but I remember seeing \LastKnownGood in there somewhere, well done phantasus. Performance came back straight away. That was three days ago and AVG continues to find the same virus (backdoor.hacdef.c) but it doesn't seem to be impacting on performance at all anymore, which is a pretty good start. Hopefully someone will find a way to hunt down and kill this virus wherever it resides. This virus seems to be a particularly nasty little sucker, in my searches I found several sites to download the generic source code for backdoor.hacdef so that any schmo can add their twisted little ideas and then release it, great...
Daniel.

 

[linney]

Try doing some research on this topic "AppInit_DLLs" (at Google) located in this Registry location -

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

[Happo]

Cheers linney, that finished off the little bugger. It was still resident in the registry, not as simple as just deleting the entry but I got there eventually by renaming it first...
The End.