cancel
Showing results for 
Search instead for 
Did you mean: 

Problems with SP2 and Spyware

N/A

Problems with SP2 and Spyware

On Thursday, I decided to upgrade my main hardrive as I was running low on space and had deleted all unnecessary files already.
I stuck in a 80gb HD - formatted (NTFS) it under XP Home and started the fun part of installing everything form fresh. After XP had finished installing, I added XP SP2 (from Microsoft CD) and then added my ADSL modem, XP firewall AVG AV and then connected to Plus.Net

Then the fun began!
As soon as I went to Plus.Net I was informed that I was being blocked as I had ports 135 and 445 opened and was open to attack. Just couldn't connect for more than a minute before I got locked out. I don’t blame Plus.Net for that course of action at all. Just annoying that I couldn't access the web to try and find out how to resolve the problem!
I installed Zone Alarm from a back up CD, turned of XP Firewall and after the basic program approvals from Zone Alarm, I got a request to approve webserv.exe, ethernet32L.exe and ebblmsy.exe files. Alarm bells were ringing louder!
Fired up Ad-Aware which found 115 errors and flagged up webser as a key logger and removed it and the registry entry. That cleared up that problem.

Does anybody know what ethernet32L and ebblmsy are for? I think ethernet32L is the Ethernet controller for Windows but I've also found it associated as a Trojan called BackDoor.Rbot.ja on Japanese and Chinese websites, but nothing in Symantec, etc. Nothing on ebblmsy - not even Microsoft seem to know about it!
The files are blocked in Zone Alarm but should I be deleting them? Or are they legitimate and I should be running them?

The other big problem I have is spyware….I never had much trouble with it until I installed SP2. After Ad-Aware went through and deleted the hundred odd "errors" I connected back to the Net and went to Plus.Net, Google, Microsoft, BBC, Zone Alarm websites. Disconnected from the Net and ran Ad-Aware again.
54 this time - Cookies from all over the place!
I'm even getting to the stage of splashing out and getting the full version of Zone Alarm or Ad-Aware

Any advise and suggestions would be appreciated.
15 REPLIES
N/A

Problems with SP2 and Spyware

If you have a good enough virus protector and firewall there is no need fort sp2. I had it on my laptop and utter slow down and there is no need for it. Just remove sp2. Not sure about ur spyware problem though as i get loads of it.
N/A

Problems with SP2 and Spyware

Where did you get this SP2 disk from? I'd be very surprised if it carried any spyware. It's more likely something you installed after.

As for whether to install or not, everyone will have to at some point, since at some point Microsoft will stop providing fixes which work with SP1.

Aaron
N/A

Problems with SP2 and Spyware

Try using spybot instead
N/A

Problems with SP2 and Spyware

As much as I loathe Microsoft's view of customer support and their inability to provide stuff that we really need (my major tiff is lack of correct CSS support in IE even though they promised it from v4 onwards) I will say one thing, SP2 has to be the best thing released by Microsoft to date.

I did a clean install with SP2 slipstreamed into my XPCD and there were no speed issues, no random spyware, nothing. What I did notice was for the first time in god knows how long, WindowsUpdate had nothing to install - lets face it, that's a bloody rare site! Also I started using the SP2 firewall and I'm still using it - it's a very good piece of firewall software - Zonealarm has a major memory leak that they've not fixed yet under certain conditions and McAfee is just bloated.

Whatever happened with SP2, go to Microsoft.com, download it again and go for a slipstreamed install (http://www.msfn.org). For once (and I swear I'll never say this again) be nice to Microsoft and congratulate them on finally doing something that is useful!

[EDIT] Who'd have thought the word used to define a battle where a lot of blood was shed would be censored! [/EDIT]
N/A

Problems with SP2 and Spyware

I actually got the SP2 CD from Microsoft themselves. But to be sure I uninstalled SP2 and re-installed it from a colleague CD that he got from the Windows XP Magazine.

Same problem as before with Ports left open and a rake of Spyware installed almost as soon as I hit the Net. I tweaked all the Registry entry possible and disabled all the Services that were not required and normality has almost settled in.

On checking Task Manager I could see ethernet32l sitting there waiting to do something and it kept banging on the Firewall door to get out even though it's been blocked.

I was also getting loads of problems with 'Server not found' and 'DNS errors' whenever I tried to load up webpages.
Paranoia had set in and I was convinced that ethernet32l file was causing me all these problems. So I went through the PC and removed all evidence of the file and then went to the registry and deleted all the entries in there for the file.

Then rebooted....waiting for the error messages about a missing file. But there was nothing. Went to the Net - not one single problem with Servers being lost or DNS not found. Not had one problem since.

So as to what ethernet32l.exe does - haven't got a clue what it does but I'm not missing it.

Now all I've got to do is found out what the other two files do!

Thanks for the feedback.
holdtight
Grafter
Posts: 1,634
Registered: 15-06-2007

Problems with SP2 and Spyware

I dont know how you would have picked it up from your
description of events but have a look here:

http://home.cyberdefender.com/risk/html/20040831222900ethernet32l.exe.log.html

Doesnt give you much to go on but at least it is a known problem
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Problems with SP2 and Spyware

I'm a bit suspicious about that info because the link back to Symantic shows a virus description (W32.spybot) but has no mention of the ethernet32l.exe file as being part of it.
holdtight
Grafter
Posts: 1,634
Registered: 15-06-2007

Problems with SP2 and Spyware

yes im a bit suspicious of this info too, it seems i might have been
a bit hasty in posting the results of my search

after posting it and doing some searching i could not find any info on the
symantec site or anywhere else relating to ethernet32l.exe

i did find it mentioned in the same forum post as backdoor rbot
but it was a chinese site and very sketchy and the way i read it
it had no relevence at all
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Problems with SP2 and Spyware

I would certainly conclude it's not a microsoft prog and is most likely a virus/trojan or backdoor app of some sort causing all the problem that were seen.
N/A

Problems with SP2 and Spyware

Quote
after posting it and doing some searching i could not find any info on the
symantec site or anywhere else relating to ethernet32l.exe

Bear in mind that a trojan can choose any name when it runs. The virus might be called something completely different, with variants that use different program names that sound vaguely technical to make you afraid to delete it. An up-to-date virus checker should be able to identify it.

The reference to ports 135 and 445 sounds like the RPC DCOM exploit (the one that the Blaster worm used). As well as these two you should check (and block) ports 135, 136, 137, 138, 139, 445, 593 and 4444.
N/A

Problems with SP2 and Spyware

Well the good news is I've identified the problem.
The bad news it's the W32.Spybot.Worm - My first Virus in over twenty four years!

Shockedops:

It was not picked by Norton's on my PC, but picked up by Symantec's online virus checker! My AV software was reporting all the latest updates were patched in but it just failed to pickup the infected files. Stuck on an up-to-date AVG and that also failed to pick up the virus.

So now I have the fun part of trying to remove it from throughout the system....yep, I've already heard the horror stories of trying to remove this pesky worm from PCs and I'm not looking forward to it.
I'll see if the keylog.txt is in WIndows folder and what has gone out Cry

Next time, I'll trust my instincts rather than my AV Software!

Thanks for everybody's assistance with this wee problem - much appreciated.
N/A

Problems with SP2 and Spyware

More virus checkers need to move over to using real-time file checking, like NOD32 & Kaspersky. These check every file touched by the PC and every file downloaded via the internet to the PC.

It's worth rebooting your machine into safe mode and running another virus check.

I use NOD32, and about once a month I perform a full scan in safe mode, along with McAfee Stinger and Ewido (Anti-trojan etc).
N/A

Problems with SP2 and Spyware

How does Avast compare when it comes to the degree of protection it offers? I'm aware of the performance issues that some people get, but all the user reviews I've read concentrate on how fast it runs, not on whether it's a technically sound program.
I've only just installed a virus checker after 1 year without updates (bad, I know, but I'm lazy).
vic_newey
Grafter
Posts: 802
Thanks: 2
Registered: 30-07-2007

Problems with SP2 and Spyware

afreespirit wrote : and a rake of Spyware installed

this has nothing to do with the thread whatsoever but I am intrigued by your use of the word 'rake ' I heard this used by irish workmates in the past & have not heard of it for ages. The word actually refers to a string of railway trucks believe it or not hence the word rake is used to mean' a number of '

apologies for rambling on