WiredWX Hobby Weather ToolsLog in

 


Win32/Cryptor Virus Is There Any Hope ?

4 posters

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
ok doing it now ... give me a few mins

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
ok sorry got all the way to the part where avenger is rebooting the system should i F8 to make it go back into safe mode due to normal mode not working ? and will this mess with the avengers reboot process if i do this ?

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
ok normal mode is up and running and i see in the avenger notepad the logfile hooorray havent seen normal mode in about a week
im posting the avenger text logfile now

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "UACd.sys" deleted successfully.

Error: could not delete file "C:\Windows\system32\drivers\UACnrryvpcimctxiwqpj.sys"
Deletion of file "C:\Windows\system32\drivers\UACnrryvpcimctxiwqpj.sys" failed!
Status: 0xc0000156


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\ControlSet002\Services\UACd.sys" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet003\Services\UACd.sys" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet004\Services\UACd.sys" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet005\Services\UACd.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
I have also noticed the laptop is saying there is no sound device there is this normal?, and will my built in web cam and mic along with the sound work again i havent done anything yet but my laptop is running in normal mode
score cryptor 2
Us 3

ok ready for the next step .....

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
Alright we should be able to run MBAM now:

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
ok i have downloaded the malwarebytes but the program is not responding when i run set up .........

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
Rename it to winlogon.exe and see if it runs.

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
ok perfect running now after renaming it , will post results soon as done

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
ok it set up and installed and i have the desktop icon but when i go to run it , it says a program needs my permission to continue i push continue and nothing happens ... now what should i do ? rename the desktop icon also ?

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
and should i also keep avg's resident shield disabled or should i enable ?

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
Either way it won't effect the scan.

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
ok malwarebytes has updated and is running the scan i will post the results when done

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
Malwarebytes' Anti-Malware 1.39
Database version: 2432
Windows 6.0.6001 Service Pack 1

7/14/2009 7:43:08 PM
mbam-log-2009-07-14 (19-42-52).txt

Scan type: Quick Scan
Objects scanned: 79572
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\Windows\System32\SysRestore.dll (Adware.Ascentive) -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\SysRestore.dll (Adware.Ascentive) -> No action taken.
c:\Windows\System32\UACgpmotwvpqyqeauptj.dll (Trojan.TDSS) -> No action taken.
c:\Windows\System32\UACnbofqwxarxnjrsxea.dll (Trojan.TDSS) -> No action taken.
c:\Windows\System32\UACqemqpysdqcfcpowpu.dll (Trojan.TDSS) -> No action taken.
c:\Windows\System32\UACtloexwmvapmdxehpm.dll (Trojan.TDSS) -> No action taken.
c:\Windows\System32\drivers\UACnrryvpcimctxiwqpj.sys (Trojan.TDSS) -> No action taken.
c:\Users\Kyle\Desktop\avenger.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\uacinit.dll (Trojan.Agent) -> No action taken.

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
ok I have posted the results and the malwarebytes results screen is still up ready to proceed to the next step there are about 20 things cheaked off on the remove selected list .... waiting for instructions ....and the next step of what to do ?

descriptionWin32/Cryptor Virus Is There Any Hope ? - Page 6 EmptyRe: Win32/Cryptor Virus Is There Any Hope ?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum