k so i tried to restore my settings with system restore because i got the win32/cryptor so i am gunna try this but when i select my date and go to select next it wont let me doesnt matter how many times i click it says it may take a bit but i waited like 20 mins and it still aint working can some1 help me out?
,thanks brady
Which antivirus detected that? --------------------------------------------
To Private Message me Click Here
avg 8.5
AVG didn't fix the virus? Why were you trying to restore? help you out with restore? You can try to restore from recovery console. --------------------------------------------
To Private Message me Click Here
i did that but it didnt work >.< so yea i tried doing a system restore but yea it wont even let me do that so far ive ran pc-cillin avg and a few other anti viruses but none have gotten this win32/cryptor got any ideas on how to remove him lol says i got 3 but i think they are just clones from the original but yea i dunno
Can you please post your AVZ log: 1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.
2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.
3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as AdministratorYou should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.
begin ExecuteStdScr(3); RebootWindows(true); end.Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.
--------------------------------------------
To Private Message me Click Here
im on my laptop right now so yea but the virus sends me to random sites is there a way you could give me a step to step guide on how to remove it without coming to this site on my other computer i know im being hard but its impossable to get my other computer to go anywere on the web without going to random website
Use usb and to transfer between the two computers. Just make sure you scan usb for infection. There are multiple steps involved in cleaning manually. Start with Response Number 5. --------------------------------------------
To Private Message me Click Here
would i be able to send it via e-mail like through hotmail or yahoo?
????? no mean to pressure but yea my computer is getting increasingly more slow and has started to beep alot more often
kk so basically im sending it threw e-mail as an attachment then its gunna restart my comp and bring up the trojan information then im supposta paste it in here
email AVZ tool to infected computer > run avz on infected computer > mail back the log from infected computer > upload it to rapidshare > paste the link here. --------------------------------------------
To Private Message me Click Here
k ive done all that but i got 4 diff virusinfo_syscure 2 are zipped folders and 2 are internet based which 1 do i choose?
virusinfo_syscure.zip look at the image tutorial in above post. --------------------------------------------
To Private Message me Click Here
yea theres 2 zips theres one with absolutly nothing in it and the other has like 2 or 3 things in it
One with 2 things in it. --------------------------------------------
To Private Message me Click Here
k how would i go about sending it through an attachment open it on this comp then send it to you on rapidshare.com
can you figure some steps out how to fix it?
Run this script same way as above in AVZ:
begin SetAVZGuardStatus(True); SearchRootkit(true, true); DelBHO('{39fc2065-c9c7-49cd-8942-44cc2dedc844}'); DelBHO('{07B18EA1-A523-4961-B6BB-170DE4475CCA}'); DelBHO('{00A6FAF1-072E-44cf-8957-5838F569A31D}'); QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe',''); QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL',''); QuarantineFile('C:\Documents and Settings\HP_Administrator\Application Data\winav.exe',''); TerminateProcessByName('C:\Documents and Settings\HP_Administrator\Application Data\winav.exe'); QuarantineFile('C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll',''); QuarantineFile('C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL',''); QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe',''); DeleteService('MyWebSearchService'); StopService('MyWebSearchService'); QuarantineFile('C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL',''); TerminateProcessByName('C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL'); QuarantineFile('c:\progra~1\mywebs~1\bar\1.bin\m3srchmn.exe',''); TerminateProcessByName('c:\progra~1\mywebs~1\bar\1.bin\m3srchmn.exe'); QuarantineFile('C:\WINDOWS\ieocx.dll',''); QuarantineFile('C:\Program Files\Internet Explorer\MSIMG32.dll',''); QuarantineFile('\\?\globalroot\systemroot\system32\UACxgpeimrrnngvrrn.dll',''); QuarantineFile('C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL',''); QuarantineFile('C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL',''); QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll',''); DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll'); DeleteFile('C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL'); DeleteFile('C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL'); DeleteFile('\\?\globalroot\systemroot\system32\UACxgpeimrrnngvrrn.dll'); DeleteFile('C:\Program Files\Internet Explorer\MSIMG32.dll'); DeleteFile('C:\WINDOWS\ieocx.dll'); DeleteFile('c:\progra~1\mywebs~1\bar\1.bin\m3srchmn.exe'); DeleteFile('C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL'); DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe'); DeleteFile('C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL'); DeleteFile('C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll'); DeleteFile('C:\Documents and Settings\HP_Administrator\Application Data\winav.exe'); DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL'); DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end.Your computer will reboot after it reboots. Let me know and i will tell you next step.
--------------------------------------------
To Private Message me Click Here
k done deal
k its not making the beep anymore but winpc antivirus is still on there (thats what the trojan downloaded)
Is you internet working now? System much better? Download: superantispyware
Run full system scan fix what it detects and post scan log here at the end.--------------------------------------------
To Private Message me Click Here
yep internets working crisply ill run a full scan then post it
but yea ok ill send you the scan log tomorrow i gotta get to bed
k wait 1 problem i downloaded it and it gives me the send error report box? that caused by the script you gave me or is that on my part?
and it wont let me access my internet games
Attach a Combofix log, please review and follow these instructions carefully. Download it here -> http://download.bleepingcomputer.co...
Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post.
--------------------------------------------
To Private Message me Click Here
how would i go about pausing AVG 8.5
AVG 8
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.* Click on Tools.
* Select Advanced.
* In the left hand pane, scroll down to "Resident Shield".
* In the main pane, deselect the option to "Enable Resident Shield."
To re-enable AVG 8, please select "Enable Resident Shield" again.--------------------------------------------
To Private Message me Click Here
k i re nemed the file like you said and it did its thing till after the reboot and it gave me an alert saying that the file was compromised and that i needed to re-install that program from the website and it kept telling me to send error it said it about 3 or 4 times is it suppost to do that?
Did it finish or not? You see the log file? Please post a screenshot. --------------------------------------------
To Private Message me Click Here
no log file theres nothing on the screen but my icons if you need a screenshot gimmie 10 seconds
You are seriously infected and even if we can clean up most of the malware, your system may still be compromised. You have a choice of saving your data to a disc and doing a complete reformat and re-install or we can continue with the fixes and see just how bad or good we end up. --------------------------------------------
To Private Message me Click Here
k so if we continue what would be lost? everything that i had downloaded for example windows messanger or would it be everything period?
Best way is to Make antivirus boot disk and scan your PC from it. Take a look at this link: http://www.raymond.cc/blog/archives... That way damage might be minimal to ur data. --------------------------------------------
To Private Message me Click Here
k i read that so what you want me to do is download it and let it do its thing but you talked about saving my data to a disk and reformat what kind of disk would i need to do that
What do you have microsoft windows xp installed? --------------------------------------------
To Private Message me Click Here
yes i have that
What kind of data you want to save? --------------------------------------------
To Private Message me Click Here
lol everything i absolutly need and if possable some of the programs that arnt effected by the trojan
Don't really know effect of spread. See if you can scan from bootdisk and run combofix you might be able to salvage current installation. You also have take into account reinfection when u backup stuff from infected drive. Try asking in: http://www.computing.net/forum/wind... --------------------------------------------
To Private Message me Click Here
what should i be asking about?
One more thing before we move on to other solutions. Boot into Safemode with networking. Re-download combofix again and try to run it. Also try to just boot into safe mode and transfer it via usb. --------------------------------------------
To Private Message me Click Here
lol ummm yea how do i boot into safe mode
* If the computer is running, shut down Windows, and then turn off the power
* Wait 30 seconds, and then turn the computer on.
* Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
* Ensure that the Safe mode or Safe mode with networking option is selected.
* Press Enter. The computer then begins to start in Safe mode.--------------------------------------------
To Private Message me Click Here
k i think it worked this time im just waiting for the log to close itself out so it can be located
k i white box with a bunch of my information on it poped up what do i do?
Did your computer reboot by itself? Please read Response Number 28 carefully and attach that file to rapidshare.com and post a link. --------------------------------------------
To Private Message me Click Here
Wrong file... Read carefully please. --------------------------------------------
To Private Message me Click Here
is that the right 1?
Yes that's the one. Run this in AZV script like before in normal mode:
begin SetAVZGuardStatus(True); SearchRootkit(true, true); QuarantineFile('C:\Program Files\RngInterstitial.dll',''); QuarantineFile('c:\windows\LMI93.tmp',''); DeleteFile('c:\windows\LMI93.tmp'); DeleteFile('C:\Program Files\RngInterstitial.dll'); BC_ImportDeletedList; ExecuteSysClean; ExecuteRepair(1); ExecuteRepair(2); ExecuteRepair(5); ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); ExecuteRepair(10); ExecuteRepair(14); ExecuteRepair(15); BC_Activate; RebootWindows(true); end.Once your Computer reboots. Follow:
Download and run Kaspersky AVP tool:
http://devbuilds.kaspersky-labs.com...
Once you download and start the tool select all the objects/places to be scanned and hit Scan. Fix what it detects and at the end of the scan post screen shot/log of detected items that is fixed and which it could not fix.
--------------------------------------------
To Private Message me Click Here
k ill post when its done scanning its gunna take about an hour or 2
k so far there have bine 31 reported and its only about 50% done lol anything i can do to rilli slow them down cause right now there all cloning
Nothing let it run do its job. Post screenshot of detected window of whatever it found uptill now. Don't stop the scanning or you will have to start all over again. --------------------------------------------
To Private Message me Click Here
k so im gunna have to wait but you want me to post a screen shot right now?
