Cryp_Neb-2, Mal_FakeAV-11 virus cannot remove

August 30, 2009 at 09:02:10
Specs: Windows XP
i recently got two viruses/trojans trend micro officescan showed me that i had them. They're called Cryp_Neb-2 and Mal_FakeAV-11 but officescan cannot remove them i went to where they were in the file and i thought i deleted them but apparently they're still on my comp. I tried running malwarebytes and adaware but neither worked they both crashed and after that i couldnt even open them. It gave me a warning saying i didnt have permission to open it. i went into safe mode and tryed running both but it gave me the same errors pleeeeaase help

See More: Cryp_Neb-2, Mal_FakeAV-11 virus cannot remove

Report •

August 30, 2009 at 17:13:36
Please download RootRepeal Rootkit Detector and save it to your Desktop.

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.
* Create a new folder on your hard drive called RootRepeal (C:\RootRepeal) and extract (unzip) (click here if you're not sure how to do this. Vista users refer to this link.)
* Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the Report tab at the bottom of the program window
* Click the Scan button
* In the Select Scan dialog, check:

    * Drivers

* Click the OK button
* In the next dialog, select all drives showing
* Click OK to start the scan
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Upload rootrepeal.txt to and post the download link in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

September 20, 2009 at 17:07:56
I have the same problem the original poster has and followed your directions installing and running the Rootrepeal program.

There's the rapidshare url. Any help I can get with removal of the trojan would be greatly appreciated.

Report •

Related Solutions

Ask Question