clh333
2018-01-10, 19:49
Recently I dusted off an XP machine that I had last used in 2013 or 2014. The machine has an Abit board, Athlon processor, 3 Gb RAM and runs Win XP SP3. It uses a Tenda USB wireless NIC and Tenda's proprietary driver to connect to a Netgear cable modem and router. The router is secured with WPA2 and AES; the machines are in star configuration and there is no sharing or networking between nodes. AVG antivirus is installed on each machine.
After starting the machine in question I ran several cycles of updates, mainly for Windows, AVG and Firefox. I began to notice strange behavior with the wifi connection: attempts to connect to unknown IP addresses outside the usual 192.168.x.x range, connections that would drop off suddenly, and browser connectivity issues. For example, I could access the browser home page and from it some web sites but if I tried eBay I could not get to the site. I tried uninstalling the Tenda utility and running Windows' wifi instead, but without improvement. I reinstalled the Tenda utility, again not much better. I tried a system restore to last week before I noticed these troubles appearing, but Windows was unable to restore to that point.
Today two observations convinced me that I have some unauthorized or "rogue" software running on the machine: First - the machine is a dual-boot with Linux Fedora 21 installed on the second hard drive, so I booted into Linux and ran the same test to access eBay, which I was able to do without difficulty. I drew the conclusion that the problem was not with the hardware, therefore. Second - I noticed the Windows CPU monitor in the system tray was pegged at 100%, presumably while nothing was going on. The LED on the Tenda NIC was lit solid, however.
I went to another machine, a Win7 64-bit, and began an Internet search using my symptoms as the search string. Eventually that led me back to this site. Reading former posts I obtained Malwarebytes, which I downloaded and transferred to the XP machine. Upon installation I got a "floating point division" error and install terminated. After more research I downloaded RogueKiller, which installed but threw an error when executed. I also ran the Malwarebytes' beta rootkit tool, which ran and found nothing.
Fortunately there is nothing valuable, information-wise, on this machine. If push came to shove I could wipe the drive and start over. I suspect I will run across this problem again, however, so if anyone has any suggestions for how to expose and remove this uninvited guest please let me know. It seems to me that a self-booting CD from which a malware scan could be launched is one avenue of attack.
Thanks for your replies,
After starting the machine in question I ran several cycles of updates, mainly for Windows, AVG and Firefox. I began to notice strange behavior with the wifi connection: attempts to connect to unknown IP addresses outside the usual 192.168.x.x range, connections that would drop off suddenly, and browser connectivity issues. For example, I could access the browser home page and from it some web sites but if I tried eBay I could not get to the site. I tried uninstalling the Tenda utility and running Windows' wifi instead, but without improvement. I reinstalled the Tenda utility, again not much better. I tried a system restore to last week before I noticed these troubles appearing, but Windows was unable to restore to that point.
Today two observations convinced me that I have some unauthorized or "rogue" software running on the machine: First - the machine is a dual-boot with Linux Fedora 21 installed on the second hard drive, so I booted into Linux and ran the same test to access eBay, which I was able to do without difficulty. I drew the conclusion that the problem was not with the hardware, therefore. Second - I noticed the Windows CPU monitor in the system tray was pegged at 100%, presumably while nothing was going on. The LED on the Tenda NIC was lit solid, however.
I went to another machine, a Win7 64-bit, and began an Internet search using my symptoms as the search string. Eventually that led me back to this site. Reading former posts I obtained Malwarebytes, which I downloaded and transferred to the XP machine. Upon installation I got a "floating point division" error and install terminated. After more research I downloaded RogueKiller, which installed but threw an error when executed. I also ran the Malwarebytes' beta rootkit tool, which ran and found nothing.
Fortunately there is nothing valuable, information-wise, on this machine. If push came to shove I could wipe the drive and start over. I suspect I will run across this problem again, however, so if anyone has any suggestions for how to expose and remove this uninvited guest please let me know. It seems to me that a self-booting CD from which a malware scan could be launched is one avenue of attack.
Thanks for your replies,