Over 1 million tech questions and answers.

TR/Crypt.XPACK.Gen3 Trojan ; Trojan.Hiloti ; Trojan.Agent/Gen-Falint

Q: TR/Crypt.XPACK.Gen3 Trojan ; Trojan.Hiloti ; Trojan.Agent/Gen-Falint

Hello I have an Acer Aspire 5100 laptop running Windows XP Home. All microsoft updates current to Sept 15. Using Avira Antivirus, Malwarebytes, Super Anti Spyware, Spyware Blaster, Spybot Search and Destroy, CCleaner and Windows Defender. All updates current to Sep 15. Windows Defender has disappeared from the task bar.Problems are as follows: all started on Friday, Sept 17 in the morning, no problems before that at all- Ccleaner had entries in registry that looked very suspicous (one included nqagoxiw in the entry) - cannot get to Windows Update site (page says Internet Explorer cannot display the webpage) - could not get Avira, etc to update (some have since started updating)- could not get to forums page (redirect to Godzilla Malware or something close to that) - I connected via the cached link so I could print the instructions- cannot load Task Manager- could not get Control Panel to work (It is now working)- if I try to run Avira or Malwarebytes in safe mode the computer shuts down (also shut down once in regular mode when I was running Malwarebytes)- fixed in time debugger keeps popping up- messages saying Windows Explorer has encountered a problem (could not save error message so this a summary of the message)- gmer runs but freezes and I cannot save the log or copy it - indeed I have to shut down with the power button as laptop becomes totally nonresponsive (I hand copied the last fews lines of the log that were displayed and have posted those at the bottom of this message)Friday I started having a window pop up for Just in Time Debugger no matter what it would come back. Then my Avira guard started going crazy - literally dozens of detection windows - close one and more would pop up. I could not get Avira to update. Ran Avira and it found TR/Crypt.XPACK.Gen3 Trojan in System Volume Information\ restore ....I quarantined it. Problems were still there. Had to turn off Avira guard to get anything else done to try to fix problem. Guard is running now and seems to be finding nothing (I am suspicious of that). I have run Windows Onecare free scan and it found malware that it reported it was unable to remove but there was no information about it.Malwarebytes would not update but here is a copy of the log Objects scanned: 293196Time elapsed: 45 minute(s), 17 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\abrgwmp.dll (Trojan.Hiloti) -> Delete on reboot.Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nqagoxiw (Trojan.Hiloti) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\abrgwmp.dll (Trojan.Hiloti) -> Delete on reboot.C:\Documents and Settings\Thelma Hartman\Local Settings\Temp\lgnwct.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.C:\FOUND.002\FILE0000.CHK (Rootkit.Agent) -> Quarantined and deleted successfully.Super Anti Spyware would not update but here is the log from thatSUPERAntiSpyware Scan LogGenerated 09/17/2010 at 11:10 AMApplication Version : 4.42.1000Core Rules Database Version : 5468Trace Rules Database Version: 3280Scan type : Complete ScanTotal Scan Time : 01:14:44Memory items scanned : 831Memory threats detected : 2Registry items scanned : 7329Registry threats detected : 0File items scanned : 34585File threats detected : 5Trojan.Agent/Gen-Falint C:\DOCUME~1\THELMA~1\LOCALS~1\TEMP\5F.TMP C:\DOCUME~1\THELMA~1\LOCALS~1\TEMP\5F.TMP C:\DOCUME~1\THELMA~1\LOCALS~1\TEMP\61.TMP C:\DOCUME~1\THELMA~1\LOCALS~1\TEMP\61.TMP C:\DOCUMENTS AND SETTINGS\THELMA HARTMAN\LOCAL SETTINGS\TEMP\5F.TMP C:\DOCUMENTS AND SETTINGS\THELMA HARTMAN\LOCAL SETTINGS\TEMP\61.TMP C:\DOCUMENTS AND SETTINGS\THELMA HARTMAN\LOCAL SETTINGS\TEMP\64.TMPHere is the DDS.Txt fileDDS (Ver_10-03-17.01) - FAT32x86 Run by Thelma Hartman at 16:20:44.53 on Sat 09/18/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1046 [GMT -6:00]AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {872969A4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87628DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87266DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873426DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87431B64-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BABA0540-FFA4-00DD-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87336624-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {871B2C1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873723F4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8738AC1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {848C2524-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873B34EC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8468189C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84971A74-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {846666DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8733089C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873606DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8435C9A4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87247464-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89FE6DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873346D4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87346054-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89F9851C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {871B6C1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8726DC1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87476C1C-FFA4-00DD-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {848FB2AC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {846F2B64-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {878C2A5C-FFA4-0100-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8736032C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8765789C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89A677F4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {874317AC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A00381C-FFA4-00DD-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84920A2C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {843846DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {871F1DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8879C2A4-FFA4-00DD-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {849FDA8C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8439235C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876D72AC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89F7BA8C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89F5C814-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A1D34EC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {843C6464-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {846EE6DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8438789C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {846B6B64-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {878ECDDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8727FA5C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87182BE4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87375DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {872B37EC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {872A1C1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87419DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873FCA5C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84733C1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8756835C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8735242C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84712C1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8438F6DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8459E9A4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8793CB64-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873C7434-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {8742C51C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {843A7574-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86F6E274-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8739D624-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873856DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {845A6A64-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87746054-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89F27DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8762EDDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87189A5C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89E3AC34-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8463DAA4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89F99624-FFA4-00DD-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {874626EC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {843CCDDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84582A5C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87910DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873D9424-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873827C4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {FFDFF540-FFA4-00DD-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89F0931C-FFA4-00DD-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {848F2B3C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8735C6EC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8776D7E4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87769944-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875D456C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89F35A8C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87477054-FFA4-00EF-0D24-347CA8A3377C}AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87586DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876D3C4C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8468ADDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {846E4A5C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {873496DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87632A2C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8740CDDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876D9B5C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {878FF754-FFA4-0100-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8A24E6C4-FFA4-00DD-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8470E2A4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89FA4644-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {872F3DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8741D6DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87623DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8730BDDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {843BCA5C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8457289C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87411C1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8746ADDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8762A89C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87760624-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875C1B64-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876D16DC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876F19FC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {843C6C1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {843BB45C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8483051C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875EAB64-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {848DE51C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89DECA64-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87783054-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8733A3C4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {89E625EC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {843B0DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89FBC544-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89E67634-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84850DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {871FFC1C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84718DDC-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875EA7E4-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {843AF89C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8439C624-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89FC051C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {878A6A5C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87903B5C-FFA4-00EF-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8797189C-FFA4-00EF-0D24-347CA8A3377C}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exeSVCHOST.EXESVCHOST.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeSVCHOST.EXEC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\WINDOWS\RTHDCPL.EXEC:\Acer\Empowering Technology\ePower\ePower_DMC.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\PROGRA~1\LAUNCH~1\LManager.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exeC:\Program Files\Pure Networks\Network Magic\nmapp.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.EXEC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\eHome\ehSched.exeC:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXESVCHOST.EXEC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Thelma Hartman\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://start.shaw.ca/start/enCA/uInternet Connection Wizard,ShellNext = iexploreBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No FileuRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [<NO NAME>] mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exemRun: [Boot] c:\acer\empowering technology\epower\Boot.exemRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [LManager] c:\progra~1\launch~1\LManager.exemRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exemRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hidemRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplashmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /mindRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: facebook.com\wwwDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167149369703DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {F3CAAA40-344A-412E-84E3-D176D64EE54F} - hxxp://www.bms2000.org/BMS2000_Access_Control.ocxHandler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: AtiExtEvent - Ati2evxx.dllSEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLSecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,Hosts: 127.0.0.1 www.spywareinfo.com============= SERVICES / DRIVERS ===============R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-17 11608]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 67656]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-17 135336]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-17 267432]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-29 60936]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-7-24 38224]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]============== File Associations ===============regfile=regedit.exe "%1" %*=============== Created Last 30 ================2010-09-18 22:18:43 0 ----a-w- c:\documents and settings\thelma hartman\defogger_reenable2010-09-18 15:09:49 3283 ----a-w- c:\windows\system32\wbem\Outlook_01cb57438953e756.mof2010-09-18 07:41:48 171 ----a-w- c:\windows\system32\MRT.INI2010-09-18 05:49:40 0 d-----w- c:\docume~1\thelma~1\applic~1\Avira2010-09-18 05:40:12 0 d-----w- c:\program files\Avira2010-09-18 05:40:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira2010-09-18 05:19:35 0 d-----w- c:\windows\system32\wbem\Repository2010-09-18 03:39:00 0 d-sh--w- C:\FOUND.0022010-09-17 22:16:10 0 d-sh--w- C:\FOUND.0012010-09-17 19:35:08 120 ----a-w- c:\windows\Hrupog.dat2010-09-17 19:35:08 0 ----a-w- c:\windows\Xlohililunutow.bin2010-09-17 14:29:02 0 ----a-w- c:\windows\system32\drivers\eogok.sys==================== Find3M ====================2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll2010-07-22 15:49:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll2010-07-22 15:49:16 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll2010-06-30 12:31:36 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-30 12:31:36 149504 ------w- c:\windows\system32\dllcache\schannel.dll2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys2010-06-23 12:06:52 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe2010-06-23 12:06:52 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe2010-06-21 15:27:12 354304 ------w- c:\windows\system32\dllcache\srv.sys2007-05-31 17:16:40 320038 ----a-w- c:\program files\JkDefrag-3.8.zip2002-09-11 13:26:52 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf2008-05-09 01:34:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat============= FINISH: 16:23:02.81 ===============GMER LOGand as I could not save or copy the gmer file I will type in the last lines on the screenDisk\Device\Hardisk0\DRO\ sector 62:copy of MBRDisk\Device\Hardisk0\DRO\ sector 63: rootkit-like behaviour; copy...File C:\WINDOWS\system32\drivers\atapi.sys suspicous modificationThanks so very much for any help possible. Thelma

RELEVANCY SCORE 200
Preferred Solution: TR/Crypt.XPACK.Gen3 Trojan ; Trojan.Hiloti ; Trojan.Agent/Gen-Falint

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: TR/Crypt.XPACK.Gen3 Trojan ; Trojan.Hiloti ; Trojan.Agent/Gen-Falint

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 28 answers
RELEVANCY SCORE 158

Hello

I have an ASUS Desktop running Win7Pro 64bit
Using Avira Antivirus, Malwarebytes, Super Anti Spyware and Windows Defender.

My Avira is reporting the TR/Crypt.XPACK.Gen3 & TR/Crypt.ZPACK.Gen2

I ran the above software but it still seems to be here.
I also ran unhide.exe to regain visability of folders.

I have attached the mbam log

Please advise how to proceed. I will not do anything further until I hear back..
Thanks
Falcon
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7011

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

7/3/2011 12:15:16 PM
mbam-log-2011-07-03 (12-15-16).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 416289
Time elapsed: 32 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntvjEpyTyB (Trojan.FakeAlert) -> Value: ntvjEpyTyB -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (... Read more

A:TR/Crypt.XPACK.Gen3 Trojan

Hello I moved thos to Am I Infected as this area needs certain logs for a reply.Please do this next,post logs and tell me how it is running.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool do... Read more

Read other 13 answers
RELEVANCY SCORE 158

Hello, I currently have a trojan that seems to have affected my parents desktop and I've been having trouble removing it. I had Norton Antivirus and Adaware running, and don't know how it got infected. The internet doesnt work on it anymore, it goes to random sites instead of the ones requested. I installed avira and it found that TR/Crypt.XPACK.Gen3 trojan was found in the folder C://WINDOWS/system32/vtrooo.dll and that access is denied to the folder. When I try to run a scan to remove it, it finds a few problems, one being a program lsass.exe and says it is the trojan, but when the computer restarts, the problem is right back to where I started. I tried running combofix and the computer restarts in the middle of it again to the beginning of the problem, I'm kind of stuck and dont' know where to go from here, any help would be greatly appreciated!!! ThanksEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Read other answers
RELEVANCY SCORE 156.4

Computer runs too slow. Takes an hour to boot up. Took about six hours to complete this post. Ran Avira. It quarantined a lot of infected files, but one keeps coming back. It is C:\Windows\System32\gitabiga.dll. GMER would not run to completion. After a while, a Windows error message popped up saying that Volume Shadow Copy has prevented the program from running, and it shut down. I disabled the Windows Service and ran it again. This time the Windows error message popped up saying that something has prevented the program from running, and it shut down.

Here is a Copy/Paste of my DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86
Run by AZTS5 at 16:48:06.00 on Sun 01/16/2011
Internet Explorer: 8.0.6001.18882

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Blue Coat K9 Web Protection&... Read more

A:Crypt.XPACK.Gen3 Trojan (gitabiga.dll)

Hello and welcome. I apologize for the delay. If you no longer need help with this issue, we would appreciate you letting us know. Otherwise, please perform the following steps so I can have a look at the current condition of your machine. I realize that you have already posted logs, but because of the time that has passed I'd like a fresh set. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Please download Rootkit Unhooker and save it on your desktop.Disable your security programsDouble click RKUnhookerLE.exe to run itClick the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find i... Read more

Read other 10 answers
RELEVANCY SCORE 143.6

I happened to run SuperAntiSpyware this morning and found out that it detected Trojan.Agent/Gen-Kryptik. I ran a quick scan of that, then did a full scan with rescue mode enabled. I don't have the log for those scans. I rebooted my computer once and it had trouble, but the second time it didn't.

Later while looking for help on the internet, I see others had the same issue with SuperAntiSpyware. I decide to run Avira Antivir and I found one detection.

Question is do I delete this file (TR/Crypt.XPACK.Gen) because I need to get a log and I don't know what to do next.

A:Trojan.Agent and TR/Crypt.XPACK

Hello,

Where does Avira found the infection?
Can I see the Avira log ?
Roelof

Read other 13 answers
RELEVANCY SCORE 135.6

I've used Malwarebytes and Norton 360 to scan and re-scan my computer to remove any intrusions. I've also read other posts online to remove particular entries in my registry that were associated with these viruses. So far, my MBAM and Norton is saying my computer is clear, but the programs also said that the other day and found something new today. I've backed up my registry as well just in case. The trouble started when I opened up a flash movie file the other day and the security suite kept popping up. So I researched the suite and I knew (general virus knowledge) not to click yes on anything or to download anything. I finally got it to stop but I feel my computer is vulnerable now. Also my Norton 360 is picking up tracking cookies now when it scans, when I never used to have a lot of tracking cookies detected. I'm not 100% confident that my computer is safe. I haven't really used it since I got the Security Suite virus. I've only been running scans and searching online for more information on the removal. I also used Rkill in the process of removing the Security Suite. Your assistance in removing this issue for good is greatly appreciated.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by James Brinson at 22:45:14.70 on Wed 09/15/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1843 [GMT -4:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}=====... Read more

A:Security Suite, Trojan.Hiloti, Trojan.Zefarch, Trojan.Agent.U

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 12 answers
RELEVANCY SCORE 132.8

Avast first alerted me to an infection, which I quarantined, called Win32:malware.gen. I followed some forum info after quarantining the malware which suggested I download Malwarebytes and run a scan. I have done this several times and Malwarebytes continues to find infected .dll files described as TROJAN.HILOTI.GEN, TROJAN.AGENT, and TROJAN.VUNDO.I followed all the prescribed methods from this website from here:http://www.bleepingcomputer.com/virus-remo...undo-virtumondeNeither Vundo Fix or VirtumundoBegone found anything. Malwarebytes keeps finding .dll files every time I run it.Note: I had to rename the mbam.exe file in order to run it. I could download it, but it wouldn't run unless it was named something else.I am now following the instructions from here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Note: I can not run GMER without my machine crashing so I can not attach the required ark.txt log. Finally, once when running MBAM my Avast kicked up a warning that it had stopped malware from executing and gave the reason that Malwarebytes had triggered it.I would appreciate any help on this. I'm at the end of my rope. I've been trying to eradicate this for 3 days now. All my important files have been burned on a CD-R so I am willing to nuke the whole drive/OS if that is required.Thanks in advance and I hope to hear from someone soon.So I will now post the DDS.txt report as requested a... Read more

A:Infected with TROJAN.HILOTI.GEN, TROJAN AGENT, TROJAN VUNDO

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 4 answers
RELEVANCY SCORE 130.4

Internet Explorer was popping up windows, 3 at a time, regardless if I was on the Internet. These popups are continuous, making it almost impossible to do anything. I downloaded and installed Malwarebytes, performed the Quick Scan, and 18 infections were identified. They were quarantined and I deleted them. I then performed a Full Scan and it was clean. However, IE is still launching new windows as quickly as it closes them and placing them at the forefront of everything I do.I was not able get a Gmer log as these popup windows interrupt its process. I tried at least 5 times. Following is my DDS log. I am also including the Malwarebytes log in case that might help as well. Please note that I replaced the user name with [name] in the logs.Many thanks!EDIT: If it helps to know this, when I had Task Manager up to kill IE each time it launched it's trio of windows while Malwarebytes performed its scan, every time the URL it launched with was www.webcrawler.com, and then it redirected to another site. It seemed to be referring to a list of sites as some were repeated..DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by [name] at 17:51:16 on 2011-08-07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.513 [GMT -7:00]..============== Running Processes ===============.C:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.... Read more

A:IE Popups Still Highjacking My Computer, After Removing Trojan.BHO, Trojan.FakeAlert, Trojan.Hiloti, Adware.Agent, Adware.DeepD...

Hello Alda B. Woods and welcome to BC.

Sorry about the delay, do you still need help?

Read other 8 answers
RELEVANCY SCORE 128

I have a Samsung Laptop running Windows 7 and I can't use it at all. Something seems to be using all the system resources and I can't get on the internet, I can't run any programs except in safe mode. Everything freezes. I tried to run Malware Bytes and it showed nothing. Then I ran Super AntiSpyware and it said i was infected with Trojan Agent Gen Falint. I removed it but still can't use the computer in anything other than safe mode.
I followed the instructions given in the Preparation Guide here and have pasted the log file below. My machine is a 64-bit system so I couldn't run GMER.

_________________________________________________________________________________________________________________________________________________________________

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Par at 19:13:00 on 2011-09-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.3094 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
=======... Read more

A:Trojan Agent Gen-Falint

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420206 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 127.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 125.6

My desktop and laptop were recently infected with Trojan viruses (according to malware on my laptop and windows defender on my desktop). My desktop is completely inoperable so this post is in reference to my laptop.My laptop was acting slow and google chrome (my standard web browser) was coming up with unusual error messages (I believe is said "Error, click ok to terminate command". I ran malware and found Trojan Hiloti and Trojan Agent. Here are the files that were infected based on my Malware log;Files Infected:C:\WINDOWS\clefgtu.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\~TM34.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\~TMD.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.C:\WINDOWS\system32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Kevin\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\monxga32.exe (Trojan.Agent) -> Quarantined and deleted successfully.I told malware to remove all the trojans but my problems are getting worse. My laptop will now display a blue screen and restart itself ra... Read more

A:Infected with Trojan Hiloti and Trojan Agent [Laptop]

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS and Attach Log

Read other 22 answers
RELEVANCY SCORE 123.2

ESET is reporting having cleaned
Win32/Agent.HNCVHWF trojan
Win32/Agent.PQGVNB trojan
Win32/Agent.IVMSRVA trojan
and a variant of Win32/TrojanDropper.Agent.OVA trojan

MBAM reports
Trojan.Dropper
Trojan.Crypt
and Adware.Casino

These are the latests reports, I have had a few others recently, and I have tried to disinfect, but I am still getting reported infections. I am also getting very slow Internet browsing, and my sons PC has trouble browsing also if my computer is switched on.

When running GMER as outlined in forum topic34773 - "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" I get a machine hang following the file scan, and cannot save to file.

Any help would be greatly appreciated.

DDS.txt file below.
-------------------

DDS (Ver_10-10-21.02) - NTFSx86
Run by Jamie at 20:33:39.16 on 25/10/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.44.1033.18.3326.2003 [GMT 1:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\sys... Read more

A:ESET Popups for TrojanDropper.Agent.OVE and MBAM reports Trojan.Dropper and Trojan.Crypt

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 14 answers
RELEVANCY SCORE 121.2

Avira is finding these issues but Malawarebytes is not.
Any suggestions???

Avira Scan:
Avira AntiVir Personal
Report file date: Friday, August 05, 2011 08:16
Scanning for 3325332 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SCOTT-PC
Version information:
BUILD.DAT : 10.2.0.696 35934 Bytes 6/29/2011 17:32:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 8/5/2011 00:54:49
AVSCAN.DLL : 10.0.5.0 47464 Bytes 8/5/2011 00:54:49
LUKE.DLL : 10.3.0.5 45416 Bytes 8/5/2011 00:54:49
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 8/5/2011 00:54:50
AVREG.DLL : 10.3.0.9 88833 Bytes 8/5/2011 00:54:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 11:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 15:30:38
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 15:30:40
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 15:30:41
VBASE006.VDF : 7.11.10.252 2048 Bytes 7/7/2011 15:30:41
VBASE007.VDF : 7.11.10.253 2048 Bytes 7/7/2011 15:30:41
VBASE008.VDF : 7.11.10.254 2048 Bytes 7/7/2011 15:30:41
VBASE009.VDF : 7.11.10.255 2048 Bytes 7/7/2011 15:30:41
... Read more

Read other answers
RELEVANCY SCORE 119.6

I have had this virus problem for approximately 4 months. Maybe I am wrong and this is another virus but the name and behaviour is similar. It generates hundreds of virus files. I have tried to remove it with my Avira Antivirus and Malwarebytes but no luck so far. There are even several weeks when virus is being silent and Avira finds nothing but then again something triggers it and I am back to where I started with 1000 of viruses found by Avira (I am scanning my comp on daily basis). I made a backup copy of my pictures to DVD. Is there a possibility that this DVD also will be infected?.DDS (Ver_2011-06-02.01) - NTFSx86 Internet Explorer: 8.0.7600.16385Run by Signe at 19:12:00 on 2011-06-02.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\atiesrxx.exeC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exeC:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exeC:\Program Files\Avira\AntiVir ... Read more

A:TR/Crypt.XPACK.Gen 3 Trojan

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 119.6

Hi!I am using a Dell Dimension 1100 with Windows XP SP 2, 1 gig of ram, 500 gig external Seagate, and nothing on the C partition but the XP operating system and with a Wubi install of ubuntu on C drive. I don't use IE but Firefox, and I run full time with all ActiveX disabled. Java I toggle off and on as needed. I've picked up this - TR/Crypt.XPACK.Gen Trojan - and none of my installed security programs will remove it - most don't even see it. Security programs are: superantispyware, AVG, malwarebytes, spybot, Micro RUBotted, and A-Squared, and Avira PE Classic - the last being the only one activated for full time protection. MicroTrend RUBotted found this trojan. And help in getting rid of this or should I just live with it? It doesn't seem to be doing anything in the system that I've noticed.Many thanks and this looks like a great forum!ToddEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:TR/Crypt.XPACK.Gen Trojan

Hello there rtoddbensel, welcome to Bleeping Computer.Please try a couple of these free online scanners to see if anything has slipped by your protection:(Be advised that some of these scanners will pickup things in "quarantine" from other anti-virus programs - so review the results carefully)http://www.pandasecurity.com/homeusers/solutions/activescan/http://us.mcafee.com/root/mfs/default.asphttp://housecall.trendmicro.comhttp://www.bitdefender.com/scan8/ie.htmlhttp://support.f-secure.com/enu/home/ols.shtmlhttp://onlinescan.avast.com/http://ca.com/us/securityadvisor/virusinfo/scan.aspxhttp://www.eset.com/onlinescan/http://www.kaspersky.com/virusscanner Scan Only - no removalIf you find that you're infected (or the scan doesn't complete or closes unexpectedly), post in the Am I Infected forum located here: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/regards, The weatherman

Read other 3 answers
RELEVANCY SCORE 119.6

My Avira Anti-virus picked up the TR/Crypt.xpack.gen trojan. When I looked at the file path, it leads to a game file which is a legitamate copy. I have looked through different forums to look for ways to remove the trojan but with no success. Here is the DDS log file:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Vincent at 23:24:50.66 on Tue 21/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.4091.2117 [GMT 8:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32 ... Read more

A:TR/Crypt.xpack.gen Trojan

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 3 answers
RELEVANCY SCORE 118.4

hi,

I own a sony vaio running vista home premium. My avira antivirus is finding the following upon start-up, tr/crypt.xpack.gen trojan. I've tried ccleaner, scans by avira, spybot, and panda; and nothing has worked. I've also searched online, and no easy solution seems available, only a personalized one involving posting of scans or advice to reformat. I do have restore dvds I created but will have to back up some personal files created post-infection if a total restore is in order. I'll post my dds file after the salutation and attach the other two. I disabled avira and windows defender before running the necessary files and uninstalled both spybot and superantispyware (seems like a questionable name but was assured it was safe by others and the google) before running the required applications. If it is obvious I did this wrongly, please let me know, and I'll try to correct. Thanks so much, Seth


DDS (Ver_09-10-26.01) - NTFSx86
Run by Seth at 2:31:11.96 on Sat 10/31/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3070.1961 [GMT -4:00]


============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svc... Read more

A:infected with tr/crypt.xpack.gen trojan

Hi,

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

Read other 9 answers
RELEVANCY SCORE 118.4

I have installed avira antivirus in my system. Every hour it popup the message with TR/Crypt.XPACK.Gen[Trojan] virus name showing some file name in system32 folder. I search your site and found the solution to run combofix on my xp system. As per the steps suggested i have run the combofix on my system. It generated the log file which i am attaching with this post. Please help me what to do next to remove this trojan virus.

still virus is there in the system and avira is giving virus alert every hour.

Thanks for your help.

A:TR/Crypt.XPACK.Gen[Trojan] virus

Any solutions for my problem? I am waiting for some solution.

Thanks

Read other 3 answers
RELEVANCY SCORE 118.4

Hi,

I run 64 bit Windows 7 using Avira Antivir personal and recently Avira has been telling me that I have a trojan, TR/crypt.XPACK.gen on my PC. Avira gives me the option to remove the trojan but when I do so it either immediately returns or returns whenever I next use my computer.

I've been unable to get rid of it so am hoping that someone here can help me do so.

DDS log:
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Scott at 9:21:49.70 on 12/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6135.2918 [GMT 0:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Virgin Media Security Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: Virgin Media Security Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Enabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: Virgin Media Security Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Window... Read more

A:Infected with crypt.xpack.gen trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 118.4

I read the pinned "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help." I followed the instructions; however had trouble with GMER. I'm running Windows 7 64bit OS. I downloaded GMER but it wouldn't work (when opened received the following pop up windo: C:\Windows\System32\config\system: The system cannot find the file specified.) .The problem-- I did a scan with my free Avira AntiVer Personal and it detected and quarantined TR/Crypt.XPACK.Gen Trojan.My computer seems to be running normally, but I'd like to make sure everything is ok. Could you please help? I do have the DDS.txt and Attatch.txt I'm also including my Avira AntiVer Personal log file from when it detected the TR/Crypt.XPACK.Gen Trojan. Since quarantining the trojan, I've done a second scan and it didn't detect anything.Thanks in advance for your help!Avira AntiVer Personal Scan 5/5/2010Avira AntiVir PersonalReport file date: Wednesday, May 05, 2010 21:52Scanning for 2075343 virus strains and unwanted programs.Licensee : Avira AntiVir Personal - FREE AntivirusSerial number : 0000149996-ADJIE-0000001Platform : Windows Vista 64 BitWindows version : (plain) [6.1.7600]Boot mode : Normally bootedUsername : SYSTEMComputer name : MARGEAUX-PCVersion information:BUILD.DAT : 9.0.0.422 21701 Bytes 3/9/2010 10:29:00AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33AVSCAN.DLL ... Read more

A:Infected: TR/Crypt.XPACK.Gen Trojan

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Gmer doesn't run on Windows 7. Instead please run Sophos - it shouldn't find anything as rootkits haven't been able to infiltrate the Windows 7 operating system yet.Please download Sophos Anti-rootkit & save it to your desktop.alternate download linkNote: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to s... Read more

Read other 11 answers
RELEVANCY SCORE 118.4

Avira Antivirus picked up the Trojan Crypt/XPACK/Gen on my HP, (with Vista OS). Attempted cleaning with Avira, but comes back with new scan. MalwareBytes did not pick it up. ESET online scanner did not pick it up. Until recently I had Trend Micro Internet Security on this laptop, and it failed to detect it. I also have IObit Security 360, which I am trying out, as well as a-squared trial version of their anti-malware.

I deleted the files containing the original location of the Trojan. Now it is Avira reports:

Begin scan in 'C:\'
C:\WINDOWS\System32\SsiEfr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\System32\wrLZMA.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\WINDOWS\System32\wrLZMA.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b73d4b8.qua'!

Attached are the log files.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Hewlrtt Packard at 14:32:29.56 on Tue 12/15/2009
Internet Explorer: 8.0.6001.18865
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3006.1761 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68D... Read more

A:Infected with Trojan: Crypt/XPACK/Gen

Received Help at MajorGeeks. Issues resolved. Avira anit-virus views SpySweeper files as trojans. THX

Read other 2 answers
RELEVANCY SCORE 118.4

Hello, Malwarebytes came up with "Trojan.Vundo.H" and Avira said "TR/Crypt.XPACK.Gen" the I all of a sudden started receiving a lot of pop ups and when I click a link on the internet from google it gets redirected. Also this error started comning up ?your system has to shut down because of nt authority and then says something about the dcom service ? and it would restart my computer. When I did a hijack this scan I noticed something strange "O4 - HKLM\..\Run: [Otakepos] rundll32.exe "C:\WINDOWS\ukarujomurarana.dll",Startup" ?I ran a malwarebytes scan yesterday and I had the fullscan picked it had found things and cleaned them, but still the same problems exist. So I did everything on the guide that it said to do. Here are the logs that said to post in the guide. I don?t know what else to do now?.. Please help?DDS (Ver_09-12-01.01) - NTFSx86 Run by Jill Marten at 14:52:57.82 on Tue 01/26/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2536 [GMT -6:00]AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\Anti... Read more

A:Trojan.Vundo.H and TR/Crypt.XPACK.Gen

No I have a X in a red circle in my task bar.... PLEASE HELP!!!!

Read other 4 answers
RELEVANCY SCORE 118.4

Hello from Spain,

I've been trying to remove the TR/Crypt.XPACK.Gen trojan without success (I tried trusted online tools and also desktop software).

I use AVIRA and every time I start the PC I get the same warning:

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\jelopez\Configuraci?n local\temp\e03535c28ec5473ca0938496f71798dc\http.dll.

Please any help is welcome

Log:
DDS (Ver_09-10-26.01) - NTFSx86
Run by jelopez at 22:37:42,43 on 06/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1023.186 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Archivos de programa\FileZilla Server\FileZilla Server.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared&#... Read more

A:Can't remove TR/Crypt.XPACK.Gen [trojan]

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 118.4

i have 2 computers. 1 of them is infected (as far as i can tell) with tr/crypt.xpack.gen5. i have avira installed on the computer. when scanning all avira told me was that trojan and it quarantined it. task manager showed an exe. that was a string of of numbers as well as some form of online virus remover that kept popping up and could not end process tree. (denied access) avira notified it was taken care of and that it was low risk and low damage. following the quarantine, the mouse and keyboard stopped functioning. when rebooting the computer the keyboard works till the point of windows loading. i can get into setup and boot from disk. cannot boot in safe mode or any other mode. ive only had the computer for a week. i do not know the specs on it. its a dell dimension 4600. plus extra parts. (ram sticks, sound cards, etc.) it has a dual partition. id love to tell you the specifics if you could tell me how to get them with non functioning mouse and keyboard. i have tried avira rescue cd. only to end in it saying "cannot display video mode" ive tried all video modes that it offers. gets as far as the linux penguin. then the screen is just black. as well as hirens boot cd. however i believe the virus is shutting down the malware removal tools before they can run i.e. combofix. (cmd screen only flashes on. will not run) the other antivirus programs say there are no viruses detected. id be more then happy to provide a hijack this file as well as the others if u can tell... Read more

A:tr/crypt.xpack.gen5 trojan please help

here is a hijack this log but i dont think it will do much good seeing as it was run with minixp off of hirens boot cd really dont know if it will help any sorry..... also i noticed while reading through other malware threads that one of them is about av guard online. that is the same online "antivirus" that was attacking my computer. however, im way past any instructions on that thread seeing as i have no use of normal windows on the system. Also a screenshot of the log for avira and after 4 hours it finally renamed a few items.
 

Read other 3 answers
RELEVANCY SCORE 118.4

This has already corrupted and compromised many areas of my computer.
 
I need help desperately before this computer dies .
 
I asked another question and received no help whatsoever I expect the same from this question.
 
 

A:TR/crypt.xpack.gen2 trojan

Hello michael24, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post. 1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleane... Read more

Read other 3 answers
RELEVANCY SCORE 118.4

My daughter's laptop is infected with the Crypt.XPACK.Gen2 trojan. It no longer can install Windows updates (running Windows 7 Ultimate) either automatically or manually; occasionally shows a warning message about Windows being an unauthorized version (I haven't seen this message while using it today to track down the problem); consistently shows that there is "limited access" to the internet (although it functions close to normal today); is very slow to boot, load programs, etc.; and is nearly impossible to shut down without simply pressing and holding the power button. Avira and Symantec both report a trojan; Avira identifies it as the Gen2 listed above.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by NED at 12:48:35 on 2012-04-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.517 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows... Read more

A:Crypt.XPACK.Gen2 trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 59 answers
RELEVANCY SCORE 118.4

A day ago I started getting Avira detection notices for "TR/Crypt.XPACK.Gen".I have since ran: Avira, Malwarebytes, Super-AntiSpyware, A-squared, True Sword5, ThreatFire, Panda AntiRoot-kit, CCleaner, and Glary Utilities and researched a few othe forums' threads and I still get detection notices from Avira.PLEEEASE help me get my PC back.Thanks in advance.Here's my DDS log:DDS (Ver_09-02-01.01) - NTFSx86 Run by The Banks Family at 21:02:24.93 on Sat 02/28/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.457 [GMT -6:00]AV: ThreatFire *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin ... Read more

A:Infected with TR/Crypt.XPACK.Gen Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 118.4

Avira AntiVir Personal
Report file date: Monday, August 24, 2009 09:21

Scanning for 1656284 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (plain) [6.0.6000]
Boot mode : Normally booted
Username : SYSTEM
Computer name : W-PC

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 21:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 17:21:42
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 8/21/2009 16:14:50
ANTIVIR3.VDF : 7.1.5.155 72192 Bytes 8/24/2009 16:14:50
Engineversion : 8.2.1.3
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 21:31:50
AESCRIPT.DLL : 8.1.2.25 459130 Bytes 8/24/2009 16:15:02
AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 17:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 17:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 21:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 17:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 8/24/2009 16:15:00
AEHELP.DLL : 8.1.6.0... Read more

A:[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Hey Hoov just wanted to let y know a few things here. I cant start in normal mode working in safe mode with networking because I am getting a fake security update each time I try to sign on. Windows start up and get a pitch black window for 3-4 seconds then blue icon circle swirling around and please wait pops up then configuring updates comes up and stays up for about 10 minutes. When I finally logged on went to see what updates where downloaded:NONE!!! supicious. Then i noticed that I have a :wuauserv, wuaueng.dll.mui, wucltux.dll.mui (mui file), wu client self update. I did a little research and believe these are not legimate files. Maybe this is whats update and not the real updates. Because when I run the real windows update it fails to install anyupdates.

Read other 41 answers
RELEVANCY SCORE 118.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:58:44 PM, on 9/28/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Symantec AntiVirus\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Spyware Terminator&... Read more

A:Infected With Trojan: Crypt.xpack.gen

Hello solitude87Welcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 23 answers
RELEVANCY SCORE 118.4

I share a computer with my family and someone has downloading some sort of virus. Everything on my desktop has disapeared? My Avira says it has found TR?Crypt.XPACK.Gen. SpyBot found nothing. I have attached the log from Malware. HijackThis doesn't seem to be working, firstly saying it has been denied access to write access to the hosts file, and then that it cannot find the C:/ProgrammeFiles(x86)/TrendMicro/HiJackThis/hijackthislogfile

Any help would be much appreciated.

Cheers

Andy
 

Read other answers
RELEVANCY SCORE 118.4

Avira found it.
 
Running Win7 64bit sp1.
 
Have not tried anything on it, I turn it over to the pros!
 
Thx,
kilo

A:TR/Crypt.XPACK.Gen7 Trojan

Did Avira remove it?

Read other 3 answers
RELEVANCY SCORE 117.2

Referred from here: http://www.bleepingcomputer.com/forums/topic358639.html ~ OBI received a thinkpoint virus 2 wks ago when attempting to fix my Iphone with jailbreak links/utilies. After beleiving I cleaned my system of the thinkpoitn my system showed no more signs of issue until last week where I encountered a Fraudulent Pop-up Security Window upon logging on to Chase.com site to review my account. Nothing was typed into the said pop-up and the incident was reported to Chase. I ran several scans daily up until ealier in the week this week and my antivirus and malware s/w detected nothing until the Chase.com Fraudulent Pop-up Security Window appeared again this past Tues. I then began running scans again and no detectios found until this evening when TR/Crypt.XPACK.Gen was discovered.System: IBM T42 - XP SP3 on a wireless home networkAvira Antivir Personal Anitivirus:Product version 10.0.0.592 8/9/2010Search engine 8.02.04.86 10/25/2010Virus definition file 7.10.13.78 11/2/2010Control Center 10.00.12.29 11/2/2010Config Center 10.00.13.16 11/2/2010Luke Filewalker 10.00.03.01 11/2/2010AntiVir Guard 10.00.01.52 11/2/2010Filter 10.00.08.01 11/2/2010Scheduler 10.00.00.19 11/2/2010Updater 10.00.00.35 11/2/2010Malwarebytes’ Anit malware:Version 1.46I had posted to initially in the "Am I infected? What do I do?" under the topic "TR/Crypt.XPACK.Gen Trojan along with a few others over past week." and tried several things instructed steps to no avail so far. ... Read more

A:TR/Crypt.XPACK.Gen Trojan along with a few others over past week

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 30 answers
RELEVANCY SCORE 117.2

I am having a serious issue with this nasty bit of work. It seems to have disabled Avira and I managed to place my computer into safe mode. I have no idea how to get rid of this thing. If anyone can please assist me with this, it would be greatly appreciated.
I was unable to get a GMER log, but I do have a DDS log:
DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Owner at 17:46:55.12 on Mon 02/07/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.3096 [GMT -5:00]

AV: AntiVir Desktop *Enabled/Updated* post:21598595
SP: Windows Defender *Enabled/Updated* post:21598594
SP: AntiVir Desktop *Enabled/Updated* post:21598593

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explore... Read more

A:TR/crypt.xpack.gen2 trojan problem

Hi Sarducci21, and welcome to Bleeping Computer.Are you able to access Normal Mode??..If you cannot get into Normal Mode, perform the following steps in Safe Mode:Firstly,Please go to http://www.virustotal.com/ , click on Browse, and upload the following file for analysis:C:\Windows\System32\drivers\kerugrtf.sysThen click Send File. Allow the file to be uploaded and scanned. Then, please post a link to the results page for me to see.Secondly,Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.

Read other 13 answers
RELEVANCY SCORE 117.2

My system runs windows XP SP3 and installed bit defender and avira free + Microsoft Security essentials. and every time Avira pops up and says TR/Crypt.XPACK.Gen [trojan] malware found in temp folder. please help me to clean my pc.

A:TR/Crypt.XPACK.Gen [trojan] im my TEMP Folder please help

Please help me... some one?

Read other 1 answers
RELEVANCY SCORE 117.2

Hi guys,

I am having a real problem with this trojan on my PC.

I have Windows Vista home edition don't know what service pack it is

I use Avira free edition as my antivirus and have had no problems for a while but the last couple of days it pops up saying its discovered TR/Crypt.XPACK.Gen (trojan) so i ask it to delete the file but 5 mins later it pops up again. Apparenty it is located in my Windows/temp folder....

I have run a spyware scan with 'superantispyware' and a malware scan with 'malwarebytes' which picked up a few problems but repairing said issues doesn't seem to have fixed this one

I'm also finding that when i click on certain web links, i am redirected to various adverts for william hill etc - not sure if this is linked?

Any help would be really appreciated as i consider myself fairly well versed in keeping a clean PC, but this one has done me!!

Matt

EDIT: I've just scanned my pc with combifix but this still hasn't helped

A:constant problem with TR/Crypt.XPACK.Gen (trojan)

sorry to bump this one but i got moved from elsewhere and am worried i might have got missed

Since i posted this topic i have also done DDS scan and root repeal scan. I have the logs that i can post if anyone would help me

Thanks and sorry again for the bump

Matt

Read other 1 answers
RELEVANCY SCORE 117.2

I received a thinkpoint virus 2 wks ago when attempting to fix my Iphone with jailbreak links/utilies. After beleiving I cleaned my system of the thinkpoitn my system showed no more signs of issue until last week where I encountered a Fraudulent Pop-up Security Window upon logging on to Chase.com site to review my account. Nothing was typed into the said pop-up and the incident was reported to Chase. I ran several scans daily up until ealier in the week this week and my antivirus and malware s/w detected nothing until the Chase.com Fraudulent Pop-up Security Window appeared again this past Tues. I then began running scans again and no detectios found until this evening when TR/Crypt.XPACK.Gen was discovered.
System: IBM T42 - XP SP3 on a wireless home network

Avira Antivir Personal Anitivirus:
Product version 10.0.0.592 8/9/2010
Search engine 8.02.04.86 10/25/2010
Virus definition file 7.10.13.78 11/2/2010
Control Center 10.00.12.29 11/2/2010
Config Center 10.00.13.16 11/2/2010
Luke Filewalker 10.00.03.01 11/2/2010
AntiVir Guard 10.00.01.52 11/2/2010
Filter 10.00.08.01 11/2/2010
Scheduler 10.00.00.19 11/2/2010
Updater 10.00.00.35 11/2/2010

Malwarebytes’ Anit malware:
Version 1.46

Thank you!

A:TR/Crypt.XPACK.Gen Trojan along with a few others over past week.

Looking forward to assistance. Thank you!

Read other 23 answers
RELEVANCY SCORE 116

Some time last night I contracted the Google Redirect virus. My initial problem was that my computer was infected with a trojan with file name: TR/Crypt.XPACK.Gen. Avira incessantly popped up a threat warning. At or around the same time I encountered the Google Redirect issue. Since I acquired both at the same time, it would seem they are related, but perhaps I acquired two separate malwares simultaneously.I ran Malwarebytes. When the Malwarebytes scan hit temporary files, the Avira "threat" warning worsened as the virus seemed to hop around from temp file to temp file in evasion of removal. Malwarebytes then froze up. I tried system restore, but the only restore point available was less than 2 hours prior. This also did not work. I have since uninstalled and reinstalled or updated Java, Adobe Reader and Malwarebytes in an attempt to get programs up to date. I replaced Avira with Norton (free version from Comcast). When installing Norton (prior to removal of Avira) the Norton install required that I uninstall Advanced System Care due to compatibility issues. I went to Add/Remove Programs where Advanced System Care was listed. I tried to remove the program but received a message that the file could not be found. I tried to remove the file through the Norton install screen with the same results. I then installed Advanced System Care from the internet in order to replace whatever file was missing, so that I could get Norton to install. This did the trick, and Norton su... Read more

A:Google Redirect Virus & TR/Crypt.XPACK.Gen Trojan

Hello and welcome to Bleeping ComputerMy name is etavares and I will be working with you to fix your computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.Please refrain from running tools or applying updates other than those w... Read more

Read other 2 answers
RELEVANCY SCORE 112

hello,I started thread 3595556a few days ago in the XP section for no boot issues. In the meantime I ran AVIRA the anti virus tool on the Ultimate Boot CD. The kind folks there, have redirected me to post here.AVIRA gave me the following warnings:malware: trymedia.gen digstream Trojan: TR/Crypt.XPACK.Gen TrojanSpecs:Dell E520 with Windows XP MCE05U (Media Center Edition 2005)Processor, 6300, 1.86, 2M, Core Duo-conroe, Burn 2Dual In-Line Memory Module, 1G 533M, 128X64, 8, 240, 2RX8 Hard Drive, 320GB, S2, 7.2K, 16M Unleaded, SeagateNo PS/2 PCI for mouse or keyboard -- only USBInitial issue:on Boot -- computer completes Post, brings up windows XP Media Center Edition Splash, then goes blank.Attempted to boot in safe mode without networking, get the safe mode 4 corners on black screen, then log in page. Neither mouse nor Keyboard function (though both are clearly getting power - light indicator on keyboard - laser on optical mouse illuminates.)Reboot and checked BIOS settings -- no "legacy" setting for USB, but there are USB settings and they are all set to "on"I've read many places that windows Safe Mode doesn't support USB -- so I'm not sure how owner was able to run safe mode the first time.Attempt all the other safe mode options: -Safe mode w/ networking: blank screen-Safe mode to command prompt: blank screen-Last known configuration: blank screen-Normal: splash then blank screen.When trying to load Recovery Console from one of my XP Pro CDs, I... Read more

A:TR/Crypt.XPACK.Gen Trojan and malware: trymedia.gen digstream no boot, no safe mode

Rachel_01Assistance from an expert Malware Response Team member has been requested.Sit tight and wait for a reply here.Good luck.

Read other 82 answers
RELEVANCY SCORE 111.2

Hi all,
 
I am trying to help out a friend which I can usually do with Avira, Malwarebytes and other assorted scans but I think this one is out of my league. Avira detects it but won't quarantine it so I don't know if it's protected or regenerating itself right away or what. I have yet to hook my friends computer to my network, but I did run DDS and posted the log below
 
Thanks in advance.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by Owner at 17:50:49 on 2014-10-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3873.2219 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\W... Read more

A:TR/Crypt.XPACK.Gen3

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554050 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 111.2

Hello Everyone,I wonder if you might be able to help me. I have this Trojan Horse on my computer, and don't seem to be able to get rid of it. I have followed all of the steps on Malware removal, but it still seems to be there. I am going to attach the logs that are suggesed in the guide, but please let me know if there is anything missing.Thank you in advance.Here is the remaining log.

A:TR/Crypt.XPACK.Gen3

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 110.8

I am running Microsoft Security Essentials, Malwarebytes' Anti-Malware, Superantispyware Professional. I was running McAfee Security Suite when I got infected. None of the programs find the infections except for Superantispyware. It quarantines and deletes the infections. I restart the computer and then when I run the scan again they are still there.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by akparker at 19:54:02 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1066 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 110.4

Hi Boopme
Are you here?
Do I need to post everything that I have already posted to you here?: http://www.bleepingcomputer.com/forums/forum103.html
or is someone else going to help me? if so please let me know and I will give details to them.
By the way - this morning before work - I deleted my quarentine folders from SuperAntiSpyware and the logs from my desktop and ran a scan and it didn't pick anything up! But my Malwarbytes will not load again from the task bar when I click on it - it would not let me stop it by right clicking either so hoping it wasn't running a script for the DDS scan? - so I'm afraid my trojans might be back! I was going to run the Rkill one more time - but I didn't
I couldn't run GMER - I have Windows 7 64 bit and it would run but it didn't give me any options to check mark. I was using the 34 bit explorer (does that matter?)
Also the defogger - I'm not sure it worked as it didn't come up for me to click the finish button - it just went back to the little box that says disable? But I did get the DDS logs.
Here is my DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by tamhbrih at 18:15:58.57 on Mon 02/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.802 [GMT -7:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/... Read more

A:Infected with Trojan.Agent/Gen-IEFake, Trojan.Agent/Gen-IExplorer[Fake] &Trojan.Agent/Gen-PEC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 23 answers
RELEVANCY SCORE 110

Avira reports this trojan in 'C:\System Volume Information\_restore{5CAB3290-8584-4F85-A167-5FBD4764C68D}\RP484\A0082344.exe. I am sorry but I ran CoboFix twice already. I can't remove the trojan. When I reboot, the bios tells me it is updating which it never has before.

Best Regards,

Dirk

DDS (Ver_10-12-12.02) - NTFSx86
Run by xxxxx at 6:25:33,69 on 03.02.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2558.1934 [GMT 1:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
E:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Google\Update\GoogleUpdate.exe
E:\Programme\Java\jre6 ... Read more

A:Infected with TR/Crypt.XPACK.Gen3

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 110

Hi FolksI picked up on this with AVG, it started running some auto function and may have removed some files. I think they were just game files.I have since run malwarebytes and trojan remover which isolated about 30 files. Then my PC started acting up even more. AVG runs ID shield and tells me I have several infected files. Meanwhile everything goes slow and I see svchost taking 99% of the cpu in task manager. (posting from my sons PC)So in safe mode I ran malwarebytes and TR again and no more reports. However Paretologic Health advisor picked up 900+ issues.I have followed the prep guide and have attached the files as requested. They were run in safe mode. Not sure if I can start my PC normally, will give it a try if the logs need to be rn in normal mode.Gratefully awaiting your assistanceIanDDS (Ver_10-10-31.01) - NTFSx86 NETWORK Run by Ian Hayward at 19:06:19.43 on 31/10/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.684 [GMT 0:00]AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\Windows\system32\svchost -k DcomLaunchsvchost.exeC:\Windows\System32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k NetworkServicesvchost.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\Windows\Explorer.EXEC:\Windows\system32\svcho... Read more

A:crypt.xpack.gen3 infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will a... Read more

Read other 3 answers
RELEVANCY SCORE 110

Hi! Sure hope you can help. I believe the infection of my laptop with the Trojan dropper happened today. This is my system:

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
Processor Count: 2
RAM: 3834 Mb
Graphics Card: AMD M880G with ATI Mobility Radeon HD 4250, 336 Mb
Hard Drives: C: Total - 457455 MB, Free - 401693 MB; D: Total - 19179 MB, Free - 2782 MB;
Motherboard: Hewlett-Packard, 143F, 67.22, P L820 01 1Z ZF 3MC
Antivirus: AntiVir Desktop, Updated and Enabled
​My free Avira Antivirus gave me warnings as my new laptop ran a program claiming to be a microsoft product (with the logo) called "Think(something)". I scanned with the Avira and got this report:Avira AntiVir Personal
Report file date: Saturday, October 16, 2010 20:38

Scanning for 2939810 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ZACKSNEWLAPTOP

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes... Read more

A:TR/crypt.XPACK.Gen3 infection!

Hi

Please run the following:

Download OTL and save it to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Standard output is selected.
Under the Extra Registry section, check Use SafeList
Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
 

Read other 3 answers
RELEVANCY SCORE 108.8

Hello, I currently have a trojan that seems to have affected my computer.Last week Security Suite invaded my computer, and I used rkill to, what I assumed, remove it. Yesterday my computer detected TR/Crypt.XPACK.Gen3 , the avira pop wouldn't go away. I can only provide DDS and Attach logs because GMER froze while opening, scanning and then before saving 3 different times. Also my computer went blue screen three times and shut down. Please help me!!

A:TR/Crypt.XPACK.Gen3 and Security Suite

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 26 answers