Results 1 to 7 of 7
  1. #1
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Sydney, Australia, New South Wales, Australia
    Posts
    251
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Strange virus-like behaviour, no virus found?

    Hi all

    I've got a Windows XP SP3 computer that's exhibiting some classic virus behaviour:
    1. Agonisingly slow (admittedly, it's a AMD 2600 w 512Mb ram, but it's gotten slower)
    2. Secunia PSI reported an out-of-date (end of life) file in C:\windows\system32 called blastercln.exe
    It's apparently a blaster removal program. I deleted the file, but 5 seconds later it reappeared. Very odd.

    I've run all of these without anything malicious being found:
    1. Uploaded the out-of-date file to virustotal, with nothing found
    2. MS Security Essentials
    3. Malwarebytes
    4. MS Safety scanner
    5. I uninstalled MSE, and installed Norton Internet Security, update, full scan

    I've also run:
    1. Windows Update
    2. Secunia PSI and updated everything that was mentioned

    I'd be hard pressed to convince a jury that the machine had a virus. But I can't explain why this out-of-date file keeps re-appearing.
    I also tried clobbering the file with all XXXX, and making it read-only, but it gets overwritten (again).

    Could a root kit be at play? I think MS used to have a burn-to-CD-and-reboot program, but I couldn't remember what it was called.

    Any ideas or hints most welcome.

    Thank you

    Peter

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    I'd try a registry cleaning tool like CCleaner's registry cleaner component first.
    Blastcln.exe if from MS, probably in the form of a WU malicious tool removal kit commonly associated with WU downloads.
    Boot your computer after running the reg tool and have WU run to see if the exe is replaced.

    If a rootkit is suspected then a clean install should be done, or a restoration of a previously clean image.
    If you don't have images or backup means, then that should be a big red flag in terms of your lack of a solid backup regimen.
    Last edited by CLiNT; 2012-10-19 at 01:51.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  3. #3
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    The first thing I check with a reported general slowness is the drive transfer speeds, Check Your IDE Port Mode.

    Then check the drive (chkdsk /r then SFC /scannow and WD bootable tools).

    The outdated file is not a problem (but if you ran it and it 'fixed' something, it could be - 'fixes' change).

  4. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,753
    Thanks
    171
    Thanked 652 Times in 575 Posts
    A similar question about the obsolete tool was asked in the XP forum here 10 days ago. Windows File Protection in XP SP3 replaces some files when deleted. But as the last post in this thread points out, you can probably find and delete the backup copy which will overcome the replacement: EOL Microsoft Windows Blaster Worm Removal Tool Uninstall

    Bruce

  5. #5
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    296
    Thanks
    9
    Thanked 4 Times in 4 Posts

    Lightbulb

    I'm not sure you have a virus. I have had the same experience with a few PCs - after a few rounds of Windows critical updates, everything slows to a crawl.

    Any computer with less than 1.5 GB is unacceptable for running today's software. ALL the software packages I use consume far too much RAM. My computers with lesser RAM end up being converted to run Linux, or simply donated to charity.

    Once you load something like Norton under Windows XP (with only 512 MB RAM), then you have NO free memory left. Windows itself will use up most of the 512 MB - anything else you do will run very slowly.

    You can check free memory by pressing Control-Shift-Escape to bring up Task Manager. Then Look under the performance tab.
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  6. #6
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Sydney, Australia, New South Wales, Australia
    Posts
    251
    Thanks
    0
    Thanked 4 Times in 4 Posts
    Thanks, I hadn't seen this.
    Followed the instructions at the bottom of that thread. Windows had a bit of whinge about a file being deleted, then it's business as normal.

  7. #7
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Midwest USA
    Posts
    120
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Peter...go get Kaspersky's Rescue CD, or make a Windows Defender Offline CD. Both of them boot outside of your XP install and perform a far deeper scan than you can do in XP's normal mode...where malware actively avoids detection and heals itself.

    Kaspersky: http://support.kaspersky.com/faq/?qid=208282173
    WDO: http://windows.microsoft.com/en-US/w...fender-offline

    -John

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •