Trojan horse SHeur3.CDGB + TR/Crypt.XPACK.Gen + Windows Updates Will Not Install

Malwarebytes scan using updated version already installed on the machine:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6923

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/23/2011 1:41:13 AM
mbam-log-2011-06-23 (01-41-13).txt

Scan type: Quick scan
Objects scanned: 161103
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

ESET Online Scan Results:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e3873948dd45f64eb55d545e8c67f595
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-24 08:30:51
# local_time=2011-06-24 03:30:51 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 334354 334354 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 25 9 30415120 76246467 0 0
# scanned=87777
# found=0
# cleaned=0
# scan_time=2729

Hi,

How's your computer running now?

It seems to be running really well, and windows updates from the windowsupdate.com site through Internet Explorer. It's certainly much faster. Performance-wise it seems resolved. Do all of the scans seem to show resolution? Thanks so much for sticking with me!

You're welcome, no problem. The fixes we ran should've killed it. Anything else I can help you with?

No thank you, that'll do it. HUGELY appreciated. You are all saints.

You're welcome, I'm glad to help.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE.
  

You now have a clean restore point.

To get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do a calculation of temporary/old files, and then display a dialogue box.
  
• Select the More Options Tab.
  
• At the bottom will be a System Restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done.
  

========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download [URL="http://www.itxassociates.com/OT-Tools/OTC.exe"]OTC.exe[/URL] by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  

============

Update Programs

Please download the newest version of Adobe Acrobat Reader from [URL="http://www.adobe.com/products/acrobat/readstep2.html"]Adobe.com[/URL]

Please download the newest version of Java from [URL="http://www.java.com/en/download/manual.jsp"]Java.com[/URL].

===============

Staying Protected

If you don't have a anti-virus I recommend to download one of these free anti-virus programs:
1. [URL="http://www.avast.com/"]Avast![/URL]
2. [URL="http://www.avira.com/en/support-download-free-antivirus"]Avira[/URL]
3. [URL="http://www.microsoft.com/security_essentials/default.aspx"]Microsoft Security Essentials[/URL]

If you have Windows XP, then I recommend downloading one of these free firewalls if you do not already have one:
1. [URL="http://www.comodo.com/home/internet-security/firewall.php"]Comodo Firewall[/URL]
2. [URL="http://www.tallemu.com/products-online-armor-free.php"]Tallemu Online Armor[/URL]

I recommend using [URL="http://www.malwarebytes.org/mbam.php"]MalwareBytes Anti-Malware[/URL] for a anti-malware program.

If you don't have a anti-spyware I recommend to download this free program to help keep you spyware free:
1. [URL="http://www.javacoolsoftware.com/spywareblaster.html"]SpywareBlaster[/URL]

Please don't download more than one anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.[URL="http://www.engadget.com/2004/06/29/how-to-tuesday-disable-autorun-on-windows/"]XP[/URL] or [URL="http://www.howtogeek.com/howto/windows-vista/disable-autoplay-in-windows-vista/"]Vista/7[/URL]

4. Always make sure you have the latest [URL="http://windowsupdate.microsoft.com"]Windows update[/URL].

5. Use a Site Advisor so you don't go to sites that will infect you. [URL="http://www.mywot.com/en/download"]Web-of-Trust[/URL] or [URL="http://www.siteadvisor.com/download/windows.html"]Mcafee Siteadvisor[/URL]

6. Also there are many holes and flaws in Internet Explorer I recommend using [URL="http://www.getfirefox.com/"]Firefox[/URL] or [URL="http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95346"]Google Chrome[/URL] to keep you more safe.

7. Always keep your [URL="http://www.java.com/en/download/installed.jsp"]Java[/URL] and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.