Over 1 million tech questions and answers.

JS/Kryptik.I trojan Wrong place?

Q: JS/Kryptik.I trojan Wrong place?

I have problem with JS/Kryptik.I trojan, posted at http://www.techsupportforum.com/foru...ml#post6485610, 72 hours past, without answer. I ask myself am I posted at wrong place?

RELEVANCY SCORE 200
Preferred Solution: JS/Kryptik.I trojan Wrong place?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: JS/Kryptik.I trojan Wrong place?

You posted in the right place, but you forgot to include the requested log files. See here for details: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Read other 2 answers
RELEVANCY SCORE 60

At first it started as pop-up internet explorer windows while browsing in Firefox and re-directs in Google when I clicked on a link (however I can copy the link from a google search and paste it in a new window). Then whatever I have seemed to disable my internet connection after a couple of minutes (almost like it new I was trying to figure out how to get rid of it!). I have done some work at trying to remove the problem and it seems like everything is better EXCEPT that Google keeps redirecting - so I know not everything has been cleaned! I have a spotty and slow wireless connection for this computer so I would rather not use an online scanner if I don't have to but I will do what it takes if that is the case.

Looking forward to some help. Attached is my HiJackThis Log from earlier today. Thanks!

A:Trojan.Agent, VBS/Disabler.NAB Trojan, Win32/Kryptik.AKJ Trojan and maybe others! Google Redirect in Firefox

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 41 answers
RELEVANCY SCORE 54.8

What is it? My son was redirected on a google page and now my computer will not boot up and is shutting it self down. I took out the hard drive and am running a scan with eset and so far it has only found this trojan. Can I get rid of this by viewing the HD on another computer? Is it possible or are we just screwed? I need help please!!!

A:kryptik.RNF trojan...

Are you able to boot into Safe Mode?

Orange Blossom

Read other 5 answers
RELEVANCY SCORE 54.8

Hi All,

Just done a scan with Superantispyware ( Free ) and it has found Trojan GEN-Kryptik, SAS has removed the Trojan and I have done a Antivirus Scan ( ESET NOD32 ) which has found nothing, can I be sure I am rid of this pesky critter ?

Regards

Jumbo 1
 

Read other answers
RELEVANCY SCORE 54.8

Hello all,
 
Since the past few days i m receiving notification from my antivirus Nod32 which indicate that my computer is infected by the threat JS/Kryptik.I trojan i have tried severeal software such as malwarebytes,tdsskiller with no success
 
Could someone indicate me the procedure to follow to remove this threat
 
Thank you for your support

A:JS/Kryptik.I trojan

 Have you tried Malwarebytes and Nod32 in Safe Mode?  Some malware can hide in normal mode.
 
Good luck.

Read other 4 answers
RELEVANCY SCORE 54.8

Greetings,

My NOD32 scanner detected a Kryptik.JX trojan infection earlier this evening, following the update to the 3918 signature database. The log from NOD is below:

- file C:\windows\system32\SETF29.tmp a variant of Win32/Kryptik.JX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
- file C:\WINDOWS\system32\msdtc.exe a variant of Win32/Kryptik.JX trojan cleaned by deleting - quarantined
- file C:\windows\system32\SETF26.tmp a variant of Win32/Kryptik.JX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
- file C:\WINDOWS\system32\dllhost.exe a variant of Win32/Kryptik.JX trojan cleaned by deleting - quarantined

Subsequent scans didn't turn up any additional infected files. A Malwarebytes' Anti-Malware was also clean, and the system isn't exhibiting any strange symptoms, but I'm a little paranoid so I wanted to run the HJT log by y'all to make sure it isn't showing any signs of the infection. The HJT log is below. Also, what is the best way to restore correct and functional versions of dllhost.exe and msdtc.exe? The infected files by these names were removed by NOD32.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:33 AM, on 3/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16... Read more

A:Kryptik.JX Trojan

So I did a little more searching today and have discovered that this infection appears to be a false positive caused by a bad signature database update. http://www.wilderssecurity.com/showthread.php?p=1420070

The issue for me at this point is how to restore the four files that were detected as containing the infection. I jumped the gun and deleted them from quarantine. I was considering copying dllhost and msdtc from another XP Pro system, but I'm not sure if the two temp files are important. Any suggestions would be appreciated.
 

Read other 2 answers
RELEVANCY SCORE 54.8

Hi there. I have a problem.
I have been getting warnings from Avast all day long about some malicious website blocked. When I scanned my PC I got 'Win32:Kryptik-JUZ [Trj]. I can't move it to quarantaine or remove it.
Alredy tried: Avast, Malwarebytes (scan), ending a specific process in task manager and trying to remove the virus (error: no process found in manager). The problem is this... after I run
safe mode and tried task manager from there (nothing found again) I restarted my PC and tried to scan in 'normal mode'. There is nothing there. At all. I know I have not removed it but
it is gone. I have no idea what to do now.

EDIT: I also tried deleting the virus fire itself and its register files: failed in both because the program is still running.

A:Kryptik Trojan

Welcome RatedRSuperstarLet's try this. Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is ... Read more

Read other 5 answers
RELEVANCY SCORE 54.8

I have XP Pro SP3, and Eset Nod 32 warning



Warning appiers wnen I open (some) Web pages. How to fix this? Combo fix, maybe?

Here are required files

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.51.2
Run by Suad at 11:37:28 on 2015-07-26
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1527.358 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program File... Read more

A:JS/Kryptik.I trojan

I think I got this junk after instaling KLM player update.

Read other 19 answers
RELEVANCY SCORE 54.8

Hello,Yesterday I started up my computer, and NOD32 (totally up to date) kept telling me the next message each 5 minutes: lenina66.com/krypted.exe.Today, my internet explorer.exe keeps falling out every 3/4 minutes after I started it... so I googled and I came up at the next spot on this site: http://www.bleepingcomputer.com/forums/t/307976/kryptikexe-alert-on-my-eset-antivirus/I followed these steps, and it doesn't matter, however I have exact the same message problem as the guy in that spot.Also when I scanned with malware today, it gave me 0 infected files..? Probably this is because I already deleted them in a previous scan.I don't know what to do anymore, so I could use some help!Thanks in advance!

A:kryptik.exe trojan

This is a nasty TDSS virus. I had the same problem and I finally resolved the issue. If you feel this process to be time consuming then it might be best to just refomat.

1. Get the program Sophos, www.sophos.com
You have to register, but its fast and easy to get the program, Sophos is a very powerful rootkit killer.
Run it and clean any items that it detects.
make sure you reboot

2. After you completed the Sophos scan and rebooted
Grab Dr Webs CUREIT program. www.download.com
This antivirus will eradicate the TDSS and other hidden registry files the virus as infected.
You will have to update it (ALWAYS UPDATE YOUR ANTIVIRUS PROGRAMS)
It will open up a firefox/ie window and asks you to download the launch.exe file
After you have downloaded it, run it and make sure you run a Complete Scan
Reboot after

3. Next step is to Download Antimalwarebytes. www.download.com
Update antimalwarebyres and do a complete scan this will clean up other malicious infections the other two programs were unable to find

4. Get Superantispyware. www.superantispyware.com
You can run this program at the same time as antimalwarebytes. you may have to register.

5. Once everything has been finished. Go an Kasperky Online Scanner 7.0 www.kaspersky.com/kos/eng/partner/default/kavwebscan.htm
Do this scan (may take a while....) just to make sure your computer is clean. It will kill the rest of the virus and you will not have to worry about a thing.
Not all antivirus programs can kill everything f... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

Hello!
Yesterday my AV NOD32 detected Kryptik.TL trojan horse.
I read many forums and I downloaded some programs to make a log and here is what I came up so far.
If anyone helps me, I would really appreciate it.
Thank you very much.

A:Kryptik.TL trojan

Anyone? :(

Read other 3 answers
RELEVANCY SCORE 54.8

Had and trying to remove the tr/kryptik Trojan and other things that keep re-appearing.Laptop is Fujitsu Siemens Amilo running XP Home SP3. I,m on my own PC as the OS in question is installed in Norwegian which i hope isnt going to cause any problems as suchI have Avira Free, Super-Antispyware, Malwarebytes free and Spybot without tea timer trying to get rid to no avail.Any help would be great.Heres ddsDDS (Ver_10-03-17.01) - NTFSx86 Run by Eier at 20:27:21,17 on 26.05.2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.894.460 [GMT 1:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programfiler\Avira\AntiVir Desktop\sched.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Programfiler\Avira\AntiVir Desktop\avguard.exeC:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Programfiler\Bonjour\mDNSResponder.exeC:\Programfiler\Java\jre6\bin\jqs.exeC:\Programfiler\Microsoft LifeCam\MSCamS32.e... Read more

A:Kryptik Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 5 answers
RELEVANCY SCORE 54.8

Hello.
I was send here from another post, here is the discription of the problem: http://www.bleepingcomputer.com/forums/topic466992.html
There was a small problem with GMER, only 3 fields on the bottom were selected (Services, Registry and Files), all the rest was 'blocked'(gray field, can't select it).
I have posted the GMER log anyway, just in case.

Now the logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by RatedRSuperstar at 13:28:06 on 2012-09-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3965.1594 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k Net... Read more

A:Kryptik Trojan

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 35 answers
RELEVANCY SCORE 54.8

hi guys..recently my nod32 keep on detecting this Kryptik.VO inside my System32 folder.the image shown as 911311.exe but it keep on changing to some other exe name such as 8338.exe, 76267.exe n etc.those files were detected only from my System32 folder.but when i done full computer scan, no virus detected at all.so what is actually the Kryptik.VO and how to rid it off from my computer??thanks in advance

A:Kryptik.VO trojan

problem solved!after eset emailed me n asked to update my av then done the full computer scan..the machine now is safe after restarting it back!thanks to eset people for help my day..beware if ur pc is running 1 of this exe:- ngppx.exe- aceipda.exethere might be a lot more..my advice is, always being cautious when dwlding or transfering files from ur frens..u might get infected!!

Read other 1 answers
RELEVANCY SCORE 54.4

Hi all...I was goofing off on the internet today...went to my bookmarks and clicked on youtube....and it would not load! the loading bar was just 'going real fast' and never completly loading- just going real fast. Fearing it was some sort of virus or crash on thier behalf I closed it and came here to ask if any thing like this has happened before. you tell me please? I am also told by this site that I can recieve emails and comments through email so I will hope your answer come thru my email thanks! Moondiver

A:probably the wrong place to...

Hi,

Welcome to TSF!!

If you think that you have a virus, follow these instructions and the folk the that forum will help you out.

Cheers!

Read other 2 answers
RELEVANCY SCORE 54.4

My @ key is not with the no 2 I have to press the " to get it to work
"

Read other answers
RELEVANCY SCORE 54.4

but I need some help and I am sure you have all heard it.
The thing is
I can't log into yahoo mail but can go into everything else
can't go to gmail, bravenet.com or angelfire.com where my site is hosted. I worked on the site for 4 to 6 hours and now I can't check or do anything.

here is my log

thank you for taking the time to read this

Lauren





Logfile of HijackThis v1.99.1
Scan saved at 16:56:36, on 21-Aug-2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Windows\V0250Mon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\drivers\setup\manager.exe
C:\Users\Lauren\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\drivers\setup\urlmon\urlmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\Lauren\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\M... Read more

Read other answers
RELEVANCY SCORE 54.4

I don't know how to remove post when I am on android

Read other answers
RELEVANCY SCORE 54.4

i guess i'm newer than i thought i was......a friend gave me a new monitor that is larger than my old one....so i have a lot of black screen ......wish i could fix this...if someone could help or redirect me, i would appreciate it....thank you
 

A:may be in the wrong place

The monitor you have now, as the old monitor you had, should have some buttons or knobs on the front of it. These are used to resize the image, adjust it's position etc. Try them out looking for the obvious such as a knob with an image that looks like it will stretch it etc. Also, you might want to adjust your settings to a different resolution. For example: 800X600, 1024X768 etc. To do that, just right click on an empty space on your desktop, select PROPERTIES, then left click on SETTINGS, then move the slider under SCREEN AREA. Hope this helps, T.
 

Read other 2 answers
RELEVANCY SCORE 54.4

I don't know how to remove post when I am on android

Read other answers
RELEVANCY SCORE 54.4

Well yes I saw you guys helping a guy named Cryogen476 with that kind of virus so what I did was following the first few step and did ComboFix and DDS scan log and I'll post it here so you guys can have a look and try to help me through it.ComboFixComboFix 09-09-29.02 - Rene 09/30/2009 3:40.1.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1630 [GMT -3:00]Running from: c:\documents and settings\Rene\Desktop\ComboFix.exeAV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\autoruns.exec:\program files\BPKc:\program files\BPK\pk.binc:\program files\BPK\web.datc:\windows\Installer\4f698d.msic:\windows\system\oeminfo.inic:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.jobc:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.jobInfected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\eventlog.dll .((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09... Read more

A:Help removing a Kryptik.VP Trojan.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

hello all,

i have the 'win32/kryptik.GH trojan' witch i think is also the RECYCLER virus...but i could be, and probably am completely wrong.
i have ESET NOD 32 antivirus. when i run a scan it finds this trojan/virus, but when i rerun it, it finds the same virus so i am presuming that it can't delete it.
i am fairly sure that the trojan/virus is preventing ESET from updating and the same problem occurs when i try and update windows defender, is this possible?
i have a C & D hard drives and have the 'win32/kryptik.GH trojan' on both. i am 99% sure i got the virus from my housemates USB stick and now have it on two of my usb's. i have tried formatting the usb sticks but even that does not delete it.

i have taken screenshots of my antivirus results but can't work out how to upload/attach them

please help

cheers

k

A:win32/kryptik.gh trojan

Hello.Let's see what we can find.Download and Run FlashDisinfectorPlease download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.Download and run MalwareBytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any prob... Read more

Read other 12 answers
RELEVANCY SCORE 54.4

Good day,I've had an issue for a rather long time now with trying to use many different spyware/malware/adware removal tools to rid my computer of all the threats/viruses/trojans it had on it when I purchased it. (used of course) I am including the log from my ESET Scan. Currently ESET is the only program I actively use for antivirus/network security/antispam etc. etc. If you could help me remove what appears to be the only thing left the Kriptik trojan. It will randomly try to access the internet (Internet Explorer is my prefered browser) and when I search via google or bing it will occassionally shoot me to some random site. Now that I have ESET up and operational it stops these things from happening but it is unable to completely remove all the files even after multiple scans, halts, restarts, etc. I hope there is something we can do to resolve this and thank you for your time.Scan LogVersion of virus signature database: 5479 (20100925)Date: 9/25/2010 Time: 9:18:51 PMScanned disks, folders and files: Operating memory;C:\Boot sector;C:\C:\WINDOWS\system32\dot3gpclnt32.dll - a variant of Win32/Kryptik.FCE trojan - cleaned by deleting (after the next restart) - quarantined [1,2]C:\hiberfil.sys - error opening [4]C:\pagefile.sys - error opening [4]C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\u4j1wked.default\extensions\{31c30968-51ca-4b86-b42e-3770a8bd31d0}\chrome\xulcache.jar ? ZIP ? content/overlay.xul - JS/Agent.NCP trojan - was a pa... Read more

A:Kryptik Trojan removal.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

ok i am trying to fix my wifes aunts computer. that she told me that she is getting alot of pop ups. I scanned the computer with super antispyware and supposely it cleaned it i then did a scan with eset online and got the new trojan and the yontoo cameback again. heres the antispyware log. and also the malware bytes scan i had to stop it becasue it had run for 12 hrs and 882 thousand files. with it doesnt make sense since its a small computer can someone help me on this and get this working pls thanks forgot to mention eset online scan came out with the trojan and yontoo that one also never finished scanning it freezes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/11/2013 at 07:13 PM

Application Version : 5.6.1014

Core Rules Database Version : 9860
Trace Rules Database Version: 7672

Scan type : Complete Scan
Total Scan Time : 02:12:08

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned : 524
Memory threats detected : 0
Registry items scanned : 69538
Registry threats detected : 55
File items scanned : 92149
File threats detected : 359

PUP.FunmoodsToolbar
(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}#AppID
(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\InprocServer32
(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-... Read more

A:win32/kryptik.sh trojan

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 14 answers
RELEVANCY SCORE 54.4

I am infected with the Kryptik trojan. It pops up in my eset antivirus logs, but never deletes. I have tried PCTools Spyware Dr. (which google recommended) I ran it 3 times and it never caught this trojan. I have run Eset, Malwarebytes, Super AntiSpyware, and one other program to no avail. I tried the Manual delete instructions, but could not find the files they said to delete so I gave up and came here.My computer is dragging, freezing up, won't shut down, pop up windows for adds on my firefox browser, re-directs. I read another thread where a womans bank account was cleaned out twice before she found it, so I changed all my passwords and didn't have the computer save them. ESET keeps blocking a pop up from lenina66.com (?) which it the ad websites. I kept getting a Yahoo pop up for a survey and a Congratulations you won! webpage, and then I noticed I had a Yahoo toolbar in my add-ons so I deleted it. Didn't change the pop ups. I also deleted Java in my add ons.Here is the DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Sherrie at 9:57:29.65 on Fri 04/02/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.612 [GMT -7:00]AV: Spyware Doctor with AntiVir

A:Infected with Kryptik.exe Trojan

Hello.You posted multiple topics. I will close/move the duplicates away. Please from now on post into this topic only: http://www.bleepingcomputer.com/forums/t/306688/infected-with-kryptikexe-trojan/Thanks.With Regards,Extremeboy

Read other 1 answers
RELEVANCY SCORE 54.4

I started up the computer and then an alert from eset smart security said it had a threat found which is a variant of Win32/Kryptik.ZS trojan.i also have this safety center thing that constantly pops up and is almst taking over the computer. i just downloaded malwarebytes off the websitei know my brother was downloading stuff so im thinking this is how it got here and now i cant get rid of it. if anyone could hep or point me n the right direction thanks!here is the eset scan logScan LogScan LogVersion of virus signature database: 4419 (20090912)Date: 9/19/2009 Time: 1:53:34 PMScanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;F:\Boot sector;F:\;G:\Boot sector;G:\;H:\Boot sector;H:\;I:\Boot sector;I:\;J:\Boot sector;J:\Operating memory - Win32/Olmarik trojan - unable to cleanC:\hiberfil.sys - error opening [4]C:\pagefile.sys - error opening [4]C:\Program Files\AIM\aim95.exe ? NSIS - bad archiveC:\Program Files\AIM\Sysfiles\AOLToolbar.exe ? NSIS - bad archiveC:\Program Files\AIM\Sysfiles\viewpoint.exe ? NSIS - unpack errorC:\Program Files\AIM6\uninst.exe ? NSIS - bad archiveC:\Program Files\AIM6\uninstall.exe ? NSIS - bad archiveC:\Program Files\Common Files\AOL\AOLDiag\tbunins.exe ? NSIS - bad archiveC:\Program Fil... Read more

A:win32/kryptik.ZS trojan help!

seems like rootkit

brilliant help in am infected forum

i would suggest by posting there first

Read other 2 answers
RELEVANCY SCORE 54.4

Hello,I was recently infected with a Trojan a couple days ago (from a random website I visited). I ran a Virus scan using NOD32 and it seemed to clean out most of the problems I was having, yet I know the entire Trojan has not been removed yet. Any program that I use minimizes every once in a while and a get a pop-up saying I am infected (not from my anti virus program) while also starting up IExplorer in the background (i can only see it in the Task Manager).I have attached my NOD32 scan log and HJT scanNOD32Scan performed at: 6/29/2009 14:43:03 PMScanning LogNOD32 version 4197 (20090629) NTCommand line: c:\documents and settings\all users\application data\11834214\11834214.exe c:\documents and settings\all users\application data\91844206\91844206.exe C:\WINDOWS\msa.exe C:\Documents and Settings\Rohin\Rohin.exeOperating memory - a variant of Win32/Kryptik.VP trojanDate: 29.6.2009 Time: 14:43:39Scanned disks, folders and files: c:\documents and settings\all users\application data\11834214\11834214.exe; c:\documents and settings\all users\application data\91844206\91844206.exe; C:\WINDOWS\msa.exe; C:\Documents and Settings\Rohin\Rohin.exec:\documents and settings\all users\application data\11834214\11834214.exe - Win32/Adware.SystemSecurity application - deletedc:\documents and settings\all us... Read more

A:Help removing Kryptik.VP Trojan

Hello Cryogen476 and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the r... Read more

Read other 33 answers
RELEVANCY SCORE 54.4

NOTE: COMP WON'T LET ME 'SEND' FULL DDS FILE. TROJAN SEEMS TO INTERFERE WITH ANYTHING TO DO WITH LOGS. I HAVE ATTACHED BOTH FILES REQUESTED AND PASTED A FULL COPY OF THE DDS FILE, BUT IT WON'T SHOW UP AND SAYS PAGE CANNOT BE FOUND WHEN I TRY TO SUBMIT. THEN IT GIVES ME DUPLICATES OF THE SAME TOPIC. HELP!I am infected with the Kryptik trojan. It pops up in my eset antivirus logs, but never deletes. I have tried PCTools Spyware Dr. (which google recommended) I ran it 3 times and it never caught this trojan. I have run Eset, Malwarebytes, Super AntiSpyware, and one other program to no avail. I tried the Manual delete instructions, but could not find the files they said to delete so I gave up and came here.My computer is dragging, freezing up, won't shut down, pop up windows for adds on my firefox browser, re-directs. I read another thread where a womans bank account was cleaned out twice before she found it, so I changed all my passwords and didn't have the computer save them. ESET keeps blocking a pop up from lenina66.com (?) which it the ad websites. I kept getting a Yahoo pop up for a survey and a Congratulations you won! webpage, and then I noticed I had a Yahoo toolbar in my add-ons so I deleted it. Didn't change the pop ups. I also deleted Java in my add ons.Here is the DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Sherrie at 9:57:29.65 on Fri 04/02/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP... Read more

A:Infected with Kryptik.exe Trojan

Hello my name is Sempai and welcome to Bleeping Computer. *It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.+++++++++++++++++++++++1. I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either Spyware Doctor or ESET NOD32.2. Please download TDSSKiller.zip and save it to your desktop.Extract the zip file to your desktop (Right click on the file and choose extract all).Double-Click TDSSKiller.exe to run it.When it finished pr... Read more

Read other 39 answers
RELEVANCY SCORE 54.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:57:33 AM, on 9/10/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\System32\igfxpers.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\HP\HP Software Update\hpwuschd2.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Apoint2K\ApMsgFwd.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\Hija... Read more

A:Infected with kryptik.ZS trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

a variant of Win32/Kryptik.ARF Trojan

on

D:\WINDOWS\System32\Userinit.exe


the dds

DDS (Ver_09-10-26.01) - NTFSx86
Run by Uros at 14:20:39.01 on Sun 11/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.596 [GMT 1:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
D:\WINDOWS\Explorer.exe
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\Mixer.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
D:\Program Files\Cyberlink\Shared Files\brs.exe
D:\Program Files\A4Tech\Mouse\Amoumain.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Search Guard Plus\SearchGuardPlus.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite... Read more

A:Win32/Kryptik.ARF Trojan

BUMP, please

Read other 9 answers
RELEVANCY SCORE 54.4

JS/Kryptik.AX & possibly others have infected this system. Logs attached. I used RKILL and MW Bytes to stablize it and an on-line ESET scan since what ever hit it, may have interrupted local copy of ESET that was running.
Current symptoms : Can' explore folders, Everything is missing from "Start" (No Program ICONS visible ; probably hidden, wallpaper was replaced with a black background screen. ...the usual mayhem. Any help is appreciated.

dds.txt

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by freda mereson at 14:11:28 on 2011-07-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.317 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\... Read more

A:Infected by "Kryptik.ax" trojan

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

Read other 12 answers
RELEVANCY SCORE 54.4

Hi there,

I am experiencing the following problem;

I receive a notification from NOD32 that says;

object:
http://91.212.226.178/old.crypted.exe
Threat:
a variant of WIN32/Kryptik/BFK.trojan

Information
connection terminated - quarantined
I ran a virus scan using NOD32 but I did not get any results regarding threats or malware programs. I used spydoctor as well but still nothing ''seems'' to go wrong.

I am not experiencing (until now) any obvious problems with my system.

However, I provide you with a HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:50, on 27.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WI... Read more

Read other answers
RELEVANCY SCORE 54.4

NOD 32 can't do anything about it and neither can i... Can someone please help me with this...

A:Userinit.exe Kryptik.ARF trojan HELP !!!

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 54.4

ESET found the following:

31-3-2011 23:10:02 Real-time file system protection file C:\DOCUME~1\AKO\LOCALS~1\Temp\ensmxwoarc.tmp a variant of Win32/VB.PGX trojan cleaned by deleting - quarantined 1D0608FA3A6C471\AKO Event occurred on a new file created by the application: C:\WINDOWS\system32\mshta.exe.

31-3-2011 23:09:52 Real-time file system protection file C:\WINDOWS\TEMP\2113.tmp a variant of Win32/Olmarik.APS trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\spoolsv.exe.

31-3-2011 23:09:00 Real-time file system protection file C:\DOCUME~1\AKO\LOCALS~1\Temp\xarcwoesmn.tmp a variant of Win32/Kryptik.MCY trojan cleaned by deleting - quarantined 1D0608FA3A6C471\AKO Event occurred on a new file created by the application: C:\WINDOWS\system32\mshta.exe.

31-3-2011 23:08:42 Real-time file system protection file C:\DOCUME~1\AKO\LOCALS~1\Temp\ecxaonmwrs.tmp a variant of Win32/Olmarik.ARE trojan cleaned by deleting - quarantined 1D0608FA3A6C471\AKO Event occurred on a new file created by the application: C:\WINDOWS\system32\mshta.exe.

Malwarebytes found "Trojan.Hiloti.Gen".

I'm not sure whether my computer is clean or not. Please help.

Read other answers
RELEVANCY SCORE 54

A friend has just created a new subdomain of his existing site. If I go to http://www.newsubdomain.existingsite.com, I see the host's generic "new site will be available soon" message. BUT if I go to http://newsubdomain.existingsite.com (that is, the same address, but without the leading "www."), I wind up on the site for some perfectly innocent-looking automotive specialty parts distribution company. (It looks like they mostly sell to retailers, not the public, so it makes no sense at all for them to be complicit in this apparent hijacking, although someone could have put something malicious on their site, I guess.)My computer is a laptop running WinXP Pro. AVG, spybot and Ad-aware scans find nothing amiss. The machine has no other symptoms of any kind of infection, afaict.The problem shows up regardless of whether I use Firefox or IE, but another machine on my home-network does NOT have this problem, so I know it's not a case of my ISP's DNS cache having been poisoned. I did run ipconfig /flushdns from a command prompt; that didn't fix it.Could this just be some simple corrupted record somewhere, or must we conclude a malware infection?TIA!!!

Read other answers
RELEVANCY SCORE 54

I got broadband last week and we're only allowed 2GB monthly usage limit (hehe, well it is cheap). I was wondering if streaming videos counts towards this, like does it take up disk space? And is there any chance of viruses? Thanks, pretty random, but I'd like to know.

A:ok this is probably the wrong place, but...youtube

Hi...

Yes that will count towards your 2GB monthly allowance...everything you get from the internet will count (emails, webpages, videos, music etc).

It does take up disk space but once you clear your temporary internet files, that will solve the problem.

As with the risks of internet use, there is a chance of picking up spyware/viruses by downloading content....but the chances are far less with reputable sites.

Hope that helps :)

Read other 7 answers
RELEVANCY SCORE 54

[COLOR=blue] I posted this in the wrong place earlier, am sooo sorry, I didnt realize there was a forum just for this..I apologize. Any help would be most appreciated! TamCOLOR=blue] Hi..I was wondering if anyone can help me...my son was on my system the other night and since I have been having nothing but pop-up problems and actually problems running certain programs. I tried to do a restore that didnt help, I even tried to boot from my original XP Cd and start all over, but found that I had an SP2 error, which in going to uninstall that, I got another area pertaining to languages etc... I ran hijack this and here is my report, if anyone knows of anything I can do, I would greatly greatly appreciate it, as these pop-ups are driving me nuts, because just popping up they seem to even download themselves. Thanks again!Tam! Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\adsldp62.exeC:\Program Files\Real\RealPlayer\RealPlay.... Read more

A:Sorry Posted In Wrong Place~

Please run two online virus scans:http://www3.ca.com/securityadvisor/virusinfo/scan.aspxhttp://housecall.antivirus.com/Then let us know if its working better and what the scans found.

Read other 21 answers
RELEVANCY SCORE 54

While trying to install a new graphics card I had to unplug a cable.

I am not sure that I put it back in the right place.

There are 2 sockets.

One reads "jp7 spdif"

The other "jp3 usb"

I have tried the plug in both sockets, but nothing seems to be wrong either way.

Where should I put the plug?

Thanks.
 

A:Plug in the wrong place?

What does the other end of the cable connect to?
 

Read other 1 answers
RELEVANCY SCORE 54

Hello Tech Support people!

My computer has been seriously sluggish. This shouldn't be so, as my husband just installed an extra 300GB hard drive.
I am post ing my HT log. Any help would be appreciated!
Thanks! shell63
Logfile of HijackThis v1.99.1
Scan saved at 3:24:25 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files... Read more

A:I think I posted in the wrong place~ Help, PLease?

Please continue here: http://forums.techguy.org/security/493221-help-please-hjt-log-attached.html

Thread closed.
 

Read other 1 answers
RELEVANCY SCORE 54

if the mods would kindly move this post into the correct forum, as i'm unable to post there myself!!

up until today my pc has been working fine, but i have had a few virii detected by AVG that it said it had healed. now i cant browse any web pages to do with virii or anything remotely linked to it as my web browser closes down totally, this is if i use IE, firefox or opera, for instance i cant open the hijack this log forum as my window just shuts down!!

if i try open AVG it gets as far as the grisoft opening page then shuts down before i can do anything, same with system restore, if i click that it tells me it has been switched off through group policy and to contact administrator, for which i have administrator rights on this pc.

i can open every window from control panel, except administrative tools, if i try it just shuts the window down totally, this even happens if i boot up into safe mode, nothing that i know of will help, but then i'm not a pc whizz-kid!!

please help me, i have posted a hijack this log, hopefully someone can stop me throwing my pc out the window in frustration!!

thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 00:08:51, on 17/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Syste... Read more

A:please read even tho i know its in the wrong place!!

To get help faster it would be best to place your thread in the proper forum. For this question it should be placed in the HiJackThis Log Help Forum. :)

Read other 19 answers
RELEVANCY SCORE 54

Could anyone tell me the best utility for fixing the registry/broken links/shortcuts etc in XP Home. My computer has become quite slow and I think I may have a lot of rubbish cluttering up the system.I do tend to trial a lot of progs and then uninstall them.

A:This question may be in the wrong place

Personally I would not 'fix' anything in the Registry. Yes there may be a few broken links but they will be taking up minimal space and will probably not cause your system to slow down that you would notice.. Better to defrag your hard disc and run something like Cleanup! to clear out your temp files etc.

Read other 3 answers
RELEVANCY SCORE 54

Hi, has anyone ever experienced this, in Win XP?

I'll try to explain the best I can... my father (on his computer), was playing around with his taskbar putting it on the sides to see if he'd like there, I guess...

Now he's got repeats of his icons from the desktop sitting on his taskbar, fullsize. We tried to delete them, but if we did, they would also delete the twin that's on the desktop. I found this too be so weird, his taskbar is now about an inch and a quarter high, and we could not reduce it.

Has anyone ever seen such a glitch?

I don't think a restore would do anything, it being icons...

Wogster
 

A:Icons in the wrong place?

Read other 6 answers
RELEVANCY SCORE 54

OK i haven;t actually got one yet but am thinking about getting one. How do i know which one to buy and does it mean i have to replace everything including the extra ram i recently added?

Here is the info on my computer

I MEDIA 5055
Window XP Home Edition

Columbia GX (GA-8SIML) Ver 1.0 µATX motherboard
Name: Columbia GX (GA-8SIML) Ver 1.0
Type: µATX motherboard
Manufacturer: Gigabyte

If you need any other info just let me know
 

A:New Motherboard (Sorry if in wrong place)

Whats you're goal in replacing the motherboard?

Since you have an older system you would need to upgrade nearly everything if you are looking to get a more modern system. Selling you exisitng system and buying/building a new one would be the smart move.
 

Read other 3 answers
RELEVANCY SCORE 54

My download keeps going to the File Explorer. I need it on the desktop. What do I need to do? Could someone help me please.

Thanks.

Read other answers
RELEVANCY SCORE 54

My download keeps going to the File Explorer. I need it on the desktop. What do I need to do? Could someone help me please.

Thanks.

A:downloading to wrong place.

Hello jjj62, and welcome to Eight Forums.

Is this from downloading in Internet Explorer?

Internet Explorer - Change Default Download Location - Windows 7 Help Forums

Read other answers
RELEVANCY SCORE 54

I have WINDOWS XP, and can't figure out what other topic this question might belong in...

I don't know when or how it happened, but two file folders MY SHARED DOCUMENTS and CARRIE'S DOCUMENTS are now in MY COMPUTER.

MY COMPUTER, where it shows the drives. I am pretty sure it never had yellow folders in it before.

I think they should be in C DRIVE? There is a MY DOCUMENTS in C Drive, but it has nothing in it. I'm the only one who uses this computer, but apparenty everything saved goes into CARRIE'S DOCUMENTS. SHARED DOCUMENTS has various folders in it that I suppose would be shared by all, if others used the computer, too.

I've tried dragging them there (or anywhere) but only shortcuts appear in the new area. The folders still say in MY COMPUTER. They won't copy and paste.

When I open something, like in WORD, etc. I can still find them, just they are under MY COMPUTER.

So, they still work, it just seems strange, like they shouldn't be in MY COMPUTER. Unless I have totally missed this for the past year, I don't remember ever seeing them in there before. I take pictures off my memory card with a removable drive, which shows up as F drive, so I look in MY COMPUTER to click on this, all the time.

What happened and how can I fix it? Actually, since it seems to work this way, the only reason to fix it seems to be it looks odd this way.

~ Carrie
 

A:Folders are in the wrong place

Read other 10 answers
RELEVANCY SCORE 54

Okay, I've checked everything I know how to, but cannot figure this out- I'm only putting this here because what I'm hearing comes from the sub of my Logitech z-5500d setup.

Often, when I plug in a USB cable, or touch anything metal to my case, I hear a "click" out of the woofer. I also hear it when I switch speeds on my ceiling fan.
Or when the washing machine switches from wash to spin. (The fan only does it switching from "hi" to "medium," not from med to slow.

Multimeter shows no faults anywhere on/in the case. Any electricians out there?
 

A:What the ??? Short? Wrong place?

I had a subwoofer on my home stereo once that would pick up CB radio jibberish from time to time. When the AC would kick on in the house in the summer I would hear a pop from the sub, etc. etc......turns out the AC plug in the wall was not grounded. At least that is what fixed my problem...
 

Read other 5 answers