Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/cryptexe Problem


  • Please log in to reply
5 replies to this topic

#1 Panda23

Panda23

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 23 October 2007 - 05:39 PM

Hi, this is my very first time posting in a forum like this, so I need a lot of help. Last nite I stupidly clicked on and installed a virus through msn messenger. I have AVG free antivirus installed on my computer and had detected the virus. It constantly send messages to everyone on my contact list to click and view a zip folder of pictures. I tried to move the virus to the vault, and even tried to delete and remove the p19.exe file from a few of the folders already, but it continues to stay and send messages. I am currently on Window XP with the SP2 update. I'm not sure on how to proceed, if someone could help me out that would be great. I know how to use a computer, but just not that literate with how to remove these nasty virus/malware kind of stuff. After searching I found that I should download HijackThis program and save it in the c:\ as a separate folder, but have not installed/run it yet.

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 23 October 2007 - 07:00 PM

Hello Panda23

Your infections is a related to a backdoor Trojan. Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. Read the Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect your computer from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Although the backdoor Trojan has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS - "When should I re-format?".

While we are always willing to assist with malware removal there is no guarantee of success. For XP users, the easiest thing is to do a System Restore and choose a restore point with a creation date before the date of infection. However, should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy. Let me know how you wish to proceed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Panda23

Panda23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 24 October 2007 - 12:43 AM

So that means that the 2 options are re-formatting my computer or system restore my computer to a point before the infection, rite? If I do a system restore, would that completely remove it from my computer?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 24 October 2007 - 06:44 AM

Your decision as to what action to take should be made by asking yourself the questions presented in the "When should I re-format? link". Reformatting is the safest action while using System Restore is the easiest.

Keep in mind that System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. If you have a clean restore point you probably would be fine. If you cannot use System Restore or it does not resolve the problem, then there are still alternative cleaning methods which can be used. However, since your computer has likely been compromised, even after cleaning we cannot cannot guarantee it to be trustworthy. You need to be aware of that and all available options so you can make an informed decision. Regardless of which decision you make, we will do our best to assist you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Panda23

Panda23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 24 October 2007 - 12:19 PM

I think that I will try to re-format after all, I have already tried to system restore to different points but haven't been working. I also installed a different antivirus which seems to be working, but I want to be more on the safe side and just reformat it since i don't have much stuff on my computer. Want the peace of mind more. so if you could help me with the steps to reformat that would be great as I have already tried to search for a link for reformat & tried using the recovery dvd to initiate a format but doesnt seem to want to work. I don't think it makes a difference but i'm formatting a laptop.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 24 October 2007 - 01:02 PM

Read Starting Over: Repartitioning, Reformatting and Reinstalling for some background information on performing this task.

There are excellent step by step instructions in these articles:
"Clean Install Windows XP".
"XP Clean Install (Interactive Setup)".
"Clean Install Procedure with Illustrative Screen Captures".

Note:
By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific recovery disk or recovery partition for performing a clean factory restore.

A Recovery Disk is a CD-ROM or DVD data disc that contains a complete copy/image of the entire contents of the hard drive that will restore the system to its factory default state at a certain time. Essentially, it will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. You will lose all data and have to reinstall all programs that you added afterwards. This includes all security updates from Microsoft so you will need to download/install them again.

Some factory restore CDs give you all the options of a full Microsoft Windows CD, but with better instructions and the convenience of having all the right hardware drivers. Others can do nothing except reformat your hard drive and restore it to the condition it was in when you bought the computer. Before using a factory recovery disk make sure you back up all your data to another source such as a CD or external hard drive. If you do a Google Search, you will find links to topics on how to obtain a replacement recovery disk from various vendors.

Other OEM manufacturers (Dell, HP, IBM, Gateway) use a hidden Recovery Partition instead of a recovery disk to store a complete copy of the hard disk's factory default contents for easy restoration. This consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition that will allow you to restore the computer to the state it was in when you first purchased it. The recovery software will then re-hide its own partition after creating a new partition and installing the software to it. Before using a recovery partition make sure you back up all your data to another source such as a CD or external hard drive.

Recovery partitions may only work with a start-up floppy disk or the user may be prompted immediately after the "Out Of Box Experience" (OOBE) to create backup CD-R disks for the software on the hard drive image for future use. Once the CD's are made, the Operating System, Drivers, or Applications can be reinstalled using the files on the hard drive or the backup CDs.

Some built in recovery partitions can be accessed by hitting Ctrl+F11, just F11 or F10 during bios startup. Others like those used by IBM Thinkpads will display a message at bootup instructing you to press F11 to boot from the recovery partition. For more information, see Understanding Partition recovery.

Again, if you do a Google search on recovery partitions, you can find information specifically related to the manufacturer of your machine. If you need additional assistance, you can start a new topic in the Windows XP Home and Professional forum. Each manufacturer's instructions is somewhat different and members with the same type machine as yours could better help with step by step instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users