trojan and win32/cryptor

Asustek computer inc / P5w dh deluxe
August 30, 2009 at 07:10:34
Specs: Microsoft Windows Vista Business, 2.394 GHz / 2046 MB
hi there,

im having quite a few issues with viruses recently. somehow managed to pick up quite a few and my computer is pretty slow now.

anyways i wondered if someone could help me to get rid of them, there are 56 viruses in total.

i have been searching around for answers but my computer knowledge is pretty limited.

i have AVG which constantly pops up informing me of these viruses (annoying), just downloaded and ran MBAM, and also got HijackThis.

but now i need to safely remove them and i dont want to harm my computer.

please help

August 30, 2009 at 07:11:35
MBAM log

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6000

30/08/2009 14:53:10
mbam-log-2009-08-30 (14-53-03).txt

Scan type: Quick Scan
Objects scanned: 92627
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 18

Memory Processes Infected:
C:\Users\Penny\Penny.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\shoppingadshelper.browserwatcher (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\shoppingadshelper.browserwatcher.1 (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\shoppingadshelper.pornpro_bho (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\shoppingadshelper.pornpro_bho.1 (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\shoppingadshelper.precachebrowserhost (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\shoppingadshelper.precachebrowserhost.1 (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af56fd81-28a2-0159-4922-1211155898a9} (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{913e9215-eb81-7e43-76e6-fc26e50e264c} (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2c86c605-6081-d104-96f7-f765c20b22f1} (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{647d5a4e-78b5-53ed-7e75-1940d1dffea4} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2c86c605-6081-d104-96f7-f765c20b22f1} (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c86c605-6081-d104-96f7-f765c20b22f1} (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingadshelper (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Rogue.PlayMp3) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingAdsHelper (Adware.ShoppingAdsHelper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ShoppingAdsHelper.dll (Adware.BHO) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\penny (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> No action taken.
C:\Users\Penny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> No action taken.
C:\Program Files\ShoppingAdsHelper (Adware.ShoppingAdsHelper) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.

Files Infected:
C:\Users\Penny\Penny.exe (Trojan.Agent) -> No action taken.
C:\Users\Penny\AppData\Local\Temp\tem6FA5.tmp.exe (Adware.BHO) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> No action taken.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> No action taken.
C:\Users\Penny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PlayMP3Z) -> No action taken.
C:\Program Files\ShoppingAdsHelper\pcre.dll (Adware.ShoppingAdsHelper) -> No action taken.
C:\Program Files\ShoppingAdsHelper\ShoppingAdsHelper.dat (Adware.ShoppingAdsHelper) -> No action taken.
C:\Program Files\ShoppingAdsHelper\uninstall.exe (Adware.ShoppingAdsHelper) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> No action taken.
C:\Windows\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\Users\Penny\iexplore.exe (Trojan.Agent) -> No action taken.

August 31, 2009 at 23:19:39
hi Norfy,
i dont think mbam removes cryptor virus,.you should try threat fire anti virus, or manual removal steps

September 2, 2009 at 11:43:58
i know mbam doesnt remove viruses, it just lists them.

i thought id post up its findings in the hope someone can aid me with fixing my computer.

September 3, 2009 at 05:13:33
You can try Trojan remover and remove all it finds.
If that still didn't rectify your problem you may have a rootkit installed.
For that you can use the unhackme which is fully functional for 30 days
Beginner instructions:
After the installation is completed, the program should be activated using the menu
Start - Programs - UnHackMe - UnHackMe.
Removal Procedure
1. Click the Check button.
2. If a Trojan will be found you will see the Results page.
3. Click on the Stop button and restart your computer.
4. A rootkit will be completely deleted at the next reboot of your computer.

