Jump to content

nLited XP - TROJAN LYNDRA (FP?)


creaflexi

Recommended Posts

Hi, just a while ago, I have created nLited version of my XP install, I have tested both versions (original and nLited) on VMWARE. I have run the Spyware Doctor Scan on both of the fresh clean installs.

Original Version comes out as clean.

nLited version shows TROJAN LYNDRA - (Password Stealer and KeyLogger) detected

Could you please clarify this? Is it possible that nLite is adding any malware into the XP installation? Or is it just that some functionality added by nLite is triggering False Positive?

thanks for your comments

Link to comment
Share on other sites


Is it possible that nLite is adding any malware into the XP installation?

Sure, and we love it. It allows Nuhi to gather statistics over nLite users and their surfing and buying habits. For instance, if you buy a big plasma online, we like to know your adress and pass by on a saturday night.

Are you serious ? :rolleyes:

Can you not see were the infected file comes from ?

Link to comment
Share on other sites

Is it possible that nLite is adding any malware into the XP installation?

Sure, and we love it. It allows Nuhi to gather statistics over nLite users and their surfing and buying habits. For instance, if you buy a big plasma online, we like to know your adress and pass by on a saturday night.

Are you serious ? :rolleyes:

Can you not see were the infected file comes from ?

OK, I am a bit slow on this one, sorry guys :blink:

My only question is, everytime I install nLited Version of XP I get LYNDRA TROJAN detected using Spyware Doctor, have you ever experienced this? Is this a false positive triggered by nLite or is it actually some real malware (not saying nLite is responsible for it).

Link to comment
Share on other sites

what file(s) is it that spyware doctor is reporting as infected? that may help someone locate the source of the infection.

  • Your host you are building the image with system is infected (the infection may may hidden from the host OS but still show up post install on the new OS -im not familiar with lyndra so i cant say either way)
  • An update package you are adding to the OS with nlite is infected
  • Spyware Doctor is reporting a false positive. this is apparently happening in those wonderful "Windows.XP._______.Edition.torrent" that plague IT people everywhere.

the one thing that i know isnt the source of the problem is nLite. it does not produce this kind of problem.

Link to comment
Share on other sites

what file(s) is it that spyware doctor is reporting as infected? that may help someone locate the source of the infection.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS, ServiceDLL

  • Your host you are building the image with system is infected (the infection may may hidden from the host OS but still show up post install on the new OS -im not familiar with lyndra so i cant say either way)
When I install original version of XP on the VMWARE - SPYWARE DOCTOR test finds nothing - clean

An update package you are adding to the OS with nlite is infected
I am adding nothing to the nLite version of the original, just selecting some registry tweaks + removing some items (no extra stuff)

Spyware Doctor is reporting a false positive. this is apparently happening in those wonderful "Windows.XP._______.Edition.torrent" that plague IT people everywhere.
I thought the same, therefore I tested this with my own nLited version, the outcome was exactly the same, TROJAN LYNDRA detected

the one thing that i know isnt the source of the problem is nLite. it does not produce this kind of problem.
Link to comment
Share on other sites

Hi,

just to give you an updated. The registry key is associated with the following file:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]

"ServiceDLL"="C:\\WINDOWS\\system32\\BITS\\qmgr.dll"

Is this anything i should be worried about?

Link to comment
Share on other sites

BITS, Background Intelligent Transfer Service, or something, is part of windows update capability of the windows operating systems.

Some of the files related to bits can be deleted. qmgr.dll is the BITS dll main file i think, and as such can not be deleted .

What you can do however is reinstall bits itself. Just download windows update agent 3.0 + or such. There's written several places how to reinstall WU in a windows system, if u need help.

Link to comment
Share on other sites

I will give it a try..it however still does not answer the question about nLite. Is it possible that nLite is tweaking something with BITS so that it looks like malware? Should I bother with reinstalling of BITS everytime I install nLited XP or should I ignore it as false positive?

Thanks

Link to comment
Share on other sites

I assure you nuhi doesnt do anything to nlite that makes anything into a trojan. My recommendation is to remove and forget your software called spyware scan doctor or whatever. Forget about it. If you really feel unsecure about your system you might as well go for the best. Nod32 AV and the new security suite they offer, is by far the undisputed champion , godlike by skill if u will, for your basic desktop security needs and more. Best part is last time i checked nod32 could be obtained by something like 40-50 us dollars, prolly more now, the stock market changes influences in the valuta courses have made everything either cheapier or not during the last months.

Link to comment
Share on other sites

With all of the freeware tools out there for spyware. I would never pay for one.

Things like Spyware Blaster and other "Preventative" measures and a little common cents will nearly always keep you safe.

It's mainly searching for Porn and Warez that will get you spyware....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...