Internet slows / freezes up after anti-spyware upload

[Guest]

My husband recently uploaded the MS anti-spyware program and we immediately
had problems with our high speed internet connection. Pages loaded very
slowly and after having been online awhile, the connection freezes completely
and can only be reactivated by turning the computer off and then back on
again.

We deleted the program, but the problem remains. I use mozilla firefox and
my husband uses IE. The problem exists no matter which browser is in use.

I've used the disk clean up tools and defraged the disks. I've tried
running the computer in safemode and it seemed to work better, but still not
back to normal.

Any suggestions? Thanks for the help!

 

[Guest]

Hi Karyn,

try using Ewido Security Suite on both accounts to make sure there isnt any
hidden malware problems and then Ccleaner to remove temp and unused files,

download, install, and update the trial version of ewido security suite

http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update From the main menu click
on 'scanner' then click 'Complete System Scan', If ewido finds something, it
will pop up a notification. Select "Remove" and check the boxes "Perform
action with all infections" and "Create encrypted backup" then click on
ok.When the scan finishes, click on "Save Report" and save it to your desktop
or c:/drive incase you need it again.

Download Ccleaner

http://www.ccleaner.com/ccdownload.asp

Install and run then press the Run Cleaner button

Hopefully this will help but let us know if the problems continue and post
the results from Ewido if it detects malware (except cookies)

Regards Andy

 

[Guest]

I have experienced the bsod repeatedly and I thought that the fault was due
to Spysweeper. I have since learned that is caused by antiak.sys. Googled
research points to info that states it was leftover from antikeylogger
software. A removal tool that I fear is risky is found here http://r-1.ch/
taken from a discussion posted here:
http://www.spydex.com/forum/board-general-action-display-num-19096974-start-1.html.
Anyone know of this rootkit or malware and how to safely remove this?
My bsod occurs 3-4 times a day.

 

[Steve Wechsler [MVP]]

I have experienced the bsod repeatedly and I thought that the fault was due
to Spysweeper. I have since learned that is caused by antiak.sys. Googled
research points to info that states it was leftover from antikeylogger
software. A removal tool that I fear is risky is found here http://r-1.ch/
taken from a discussion posted here:
http://www.spydex.com/forum/board-general-action-display-num-19096974-start-1.html.
Anyone know of this rootkit or malware and how to safely remove this?
My bsod occurs 3-4 times a day.

Rick,

Have you tried Rootkit Revealer or Blacklight Beta ?

http://www.sysinternals.com/Utilities/rootkitrevealer.html
http://www.f-secure.com/blacklight/

I'm going to download the tool you reference and see if it's risky or
not. The site you posted, http://r-1ch, runs from dns.princeton.edu and
is legitimate. The tool tests out OK, BTW.

Did you happen to see the post by Andy Manchesta that deals with this RK? :

For the first Protocol Filter problem open notepad and copy this next part
into it making REGEDIT4 the top line in notepad:

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

Goto file on the top bar and choose Save As, name it fix.reg and on the save
as type area change it to All Files then save it to your desktop. Double
click fix.reg and allow it to be merged into the registry,

For the ANTIAK.SYS file this is maybe connected to a commercial
Anti-keylogging program which installed as a trial version and left some
files behind (possibly from h**p://www.anti-keyloggers.com/ but the version
they have now doesnt create that file so I cannot be sure) Its unlikely to be
a Virus/Trojan file as there would be some record of it on security sites,
The fix tool you post a link to seems clean when scanned at AV sites but it
does make a registry change in this area:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess\Parameters

I cannot say how well it works as I don't have the ANTIAK.SYS file to test
with but noticed it was used over at SpywareInfo without any obvious
negative results so will leave that for you to decide .

I think you may be able to remove this using F-Secures beta blacklight by
renaming 2 files if they are found then reboot and delete the files as they
will then appear because they have been renamed to a .ren extention.

Download Blacklight beta

http://www.f-secure.com/blacklight/try.shtml

Run the program, accept statement > click next then scan

If these files are detected have blacklite rename them

C:\Windows\DFSLKI5A.O9U

C:\Windows\SYSTEM32\ANTIAK.SYS

Do not rename "wbemtest.exe" as its a windows file. If there are any other
files you THINK may be valid don't rename them for now as Blacklight will
create a log that can be post back if needed called fsbl-<date/time>.log
.The tool will ask you to reboot, choose yes.

When the system reboot's check for these files and delete them:

C:\Windows\DFSLKI5A.O9U.ren

C:\Windows\SYSTEM32\ANTIAK.SYS.ren

If you cannot delete them reboot into safe mode then remove the files
(Reboot and keep tapping F8 then choose safe mode from the list)

Let us know if you have any problems

Regards

Andy

Steve Wechsler (akaMowGreen)
MS-MVP 2003-2006
===============
*-343-* FDNY
Never Forgotten
===============