creaflexi Posted October 28, 2008 Share Posted October 28, 2008 Hi, just a while ago, I have created nLited version of my XP install, I have tested both versions (original and nLited) on VMWARE. I have run the Spyware Doctor Scan on both of the fresh clean installs.Original Version comes out as clean.nLited version shows TROJAN LYNDRA - (Password Stealer and KeyLogger) detectedCould you please clarify this? Is it possible that nLite is adding any malware into the XP installation? Or is it just that some functionality added by nLite is triggering False Positive?thanks for your comments Link to comment Share on other sites More sharing options...
Ponch Posted October 28, 2008 Share Posted October 28, 2008 Is it possible that nLite is adding any malware into the XP installation?Sure, and we love it. It allows Nuhi to gather statistics over nLite users and their surfing and buying habits. For instance, if you buy a big plasma online, we like to know your adress and pass by on a saturday night. Are you serious ? Can you not see were the infected file comes from ? Link to comment Share on other sites More sharing options...
HowdyDoody Posted October 28, 2008 Share Posted October 28, 2008 nLite is absolutely clean! I suggest you run a virus scan and start over. Link to comment Share on other sites More sharing options...
creaflexi Posted October 28, 2008 Author Share Posted October 28, 2008 Is it possible that nLite is adding any malware into the XP installation?Sure, and we love it. It allows Nuhi to gather statistics over nLite users and their surfing and buying habits. For instance, if you buy a big plasma online, we like to know your adress and pass by on a saturday night. Are you serious ? Can you not see were the infected file comes from ?OK, I am a bit slow on this one, sorry guys My only question is, everytime I install nLited Version of XP I get LYNDRA TROJAN detected using Spyware Doctor, have you ever experienced this? Is this a false positive triggered by nLite or is it actually some real malware (not saying nLite is responsible for it). Link to comment Share on other sites More sharing options...
creaflexi Posted October 28, 2008 Author Share Posted October 28, 2008 nLite is absolutely clean! I suggest you run a virus scan and start over.nLite is clean ^ fresh install ^ trojan detected implies FALSE POSITIVE?? Link to comment Share on other sites More sharing options...
bledd Posted October 28, 2008 Share Posted October 28, 2008 never heard of spyware doctor..use nod32 / avast Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted October 28, 2008 Share Posted October 28, 2008 what file(s) is it that spyware doctor is reporting as infected? that may help someone locate the source of the infection.Your host you are building the image with system is infected (the infection may may hidden from the host OS but still show up post install on the new OS -im not familiar with lyndra so i cant say either way)An update package you are adding to the OS with nlite is infectedSpyware Doctor is reporting a false positive. this is apparently happening in those wonderful "Windows.XP._______.Edition.torrent" that plague IT people everywhere.the one thing that i know isnt the source of the problem is nLite. it does not produce this kind of problem. Link to comment Share on other sites More sharing options...
creaflexi Posted October 28, 2008 Author Share Posted October 28, 2008 what file(s) is it that spyware doctor is reporting as infected? that may help someone locate the source of the infection.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS, ServiceDLLYour host you are building the image with system is infected (the infection may may hidden from the host OS but still show up post install on the new OS -im not familiar with lyndra so i cant say either way)When I install original version of XP on the VMWARE - SPYWARE DOCTOR test finds nothing - cleanAn update package you are adding to the OS with nlite is infectedI am adding nothing to the nLite version of the original, just selecting some registry tweaks + removing some items (no extra stuff)Spyware Doctor is reporting a false positive. this is apparently happening in those wonderful "Windows.XP._______.Edition.torrent" that plague IT people everywhere.I thought the same, therefore I tested this with my own nLited version, the outcome was exactly the same, TROJAN LYNDRA detectedthe one thing that i know isnt the source of the problem is nLite. it does not produce this kind of problem. Link to comment Share on other sites More sharing options...
creaflexi Posted November 4, 2008 Author Share Posted November 4, 2008 Hi,just to give you an updated. The registry key is associated with the following file:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]"ServiceDLL"="C:\\WINDOWS\\system32\\BITS\\qmgr.dll"Is this anything i should be worried about? Link to comment Share on other sites More sharing options...
TranceEnergy Posted November 4, 2008 Share Posted November 4, 2008 BITS, Background Intelligent Transfer Service, or something, is part of windows update capability of the windows operating systems.Some of the files related to bits can be deleted. qmgr.dll is the BITS dll main file i think, and as such can not be deleted .What you can do however is reinstall bits itself. Just download windows update agent 3.0 + or such. There's written several places how to reinstall WU in a windows system, if u need help. Link to comment Share on other sites More sharing options...
creaflexi Posted November 4, 2008 Author Share Posted November 4, 2008 I will give it a try..it however still does not answer the question about nLite. Is it possible that nLite is tweaking something with BITS so that it looks like malware? Should I bother with reinstalling of BITS everytime I install nLited XP or should I ignore it as false positive?Thanks Link to comment Share on other sites More sharing options...
TranceEnergy Posted November 4, 2008 Share Posted November 4, 2008 I assure you nuhi doesnt do anything to nlite that makes anything into a trojan. My recommendation is to remove and forget your software called spyware scan doctor or whatever. Forget about it. If you really feel unsecure about your system you might as well go for the best. Nod32 AV and the new security suite they offer, is by far the undisputed champion , godlike by skill if u will, for your basic desktop security needs and more. Best part is last time i checked nod32 could be obtained by something like 40-50 us dollars, prolly more now, the stock market changes influences in the valuta courses have made everything either cheapier or not during the last months. Link to comment Share on other sites More sharing options...
creaflexi Posted November 4, 2008 Author Share Posted November 4, 2008 Spyware Doctor is recommended by many websites as good and trusted software, but I understand it might be false positive, thank you for your help, I am not going to worry about it anymore:) Link to comment Share on other sites More sharing options...
TranceEnergy Posted November 4, 2008 Share Posted November 4, 2008 Many websites are also recommendig spyware and bloatware and trojan software too. While i might seem pig-headed here, it doesn't take a genius to figure out that internet isn't all that friendly. Link to comment Share on other sites More sharing options...
Kelsenellenelvian Posted November 5, 2008 Share Posted November 5, 2008 With all of the freeware tools out there for spyware. I would never pay for one.Things like Spyware Blaster and other "Preventative" measures and a little common cents will nearly always keep you safe.It's mainly searching for Porn and Warez that will get you spyware.... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now