Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Cryp_t - 2 Virus & Malware


  • Please log in to reply
2 replies to this topic

#1 Britzy

Britzy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 April 2008 - 04:04 AM

Hi all, i am new here and would really appreciate your help.
I am running win xp pro sp2 on a dell d610 laptop.
i am using trend micro pc-cillan internet security 2007.
somehow and somewhere between obtaining a keygen for pc bug doctor on 07 april 2008 i managed to get my laptop infected.
my laptop is slow, i cant access the internet with my 3g modem unless i close down pc-cillan and my desktop background pic has been replaced by a background saying "Warning: spyware threat has been detected on your pc"

i ran a full system scan with pc-cillan and found adware/malware and the crypt_t-2 virus. pc-cillan couldn't manage to delete/quarantine/clean the cryp virus so i searched google and downloaded the following programmes: counterspy, super antispyware and malwarebytes anti-malware. i have done full system scan with all except the malwarebytes software which i am running now. i have also run a tm housecall 6.6 scan. after each scan i rebooted before using the next software. they always found infected files and deleted them but as i sit here watching the malwarebytes scan it shows so far 9 infected objects.
i am at a loss as how to proceed. i have the logs available of each of the scan done so far. here is the housecall log:

2008-04-07 23:41:20.453 WARNING [java:hc.util.LocalProxy] 404 http://housecall65.trendmicro.com:80/house...ate/ini_xml.zip
2008-04-07 23:46:25.875 WARNING [java:hc.impl.lib.engine.CommonEngineImpl#Native] Read ini: Failed to read threat values, set to default values.
2008-04-07 23:46:26.62 WARNING [java:hc.impl.lib.engine.CommonEngineImpl#Native] Read ini: Failed to read threat values, set to default values.
2008-04-07 23:48:32.390 SEVERE [java:hc.applet.process.GetThreatInformation] Could not get threat information for:COOKIE_DIDIT
2008-04-07 23:48:46.734 SEVERE [java:hc.applet.process.GetThreatInformation] Could not get threat information for:COOKIE_LIVEPERSON
2008-04-07 23:49:02.359 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-07 23:49:21.859 WARNING [java:com.trendmicro.web.housecall.share.engine.BootSectorScanProcess] Scanning the bootsector 'H:\', caused a return value of '-33'
2008-04-07 23:53:21.750 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-27,
2008-04-07 23:53:21.750 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-27,
2008-04-08 14:56:22.578 WARNING [java:hc.util.LocalProxy] 404 http://housecall65.trendmicro.com:80/house...ate/ini_xml.zip
2008-04-08 14:57:42.312 WARNING [java:com.trendmicro.web.housecall.share.engine.BootSectorScanProcess] Scanning the bootsector 'H:\', caused a return value of '-33'
2008-04-08 14:59:42.156 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-27,
2008-04-08 14:59:42.156 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-27,
2008-04-08 15:05:25.328 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.328 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.437 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.437 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.734 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.750 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.890 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.890 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:11:28.78 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:11:28.78 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:11:28.718 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:13:42.250 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:13:42.250 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:13:43.359 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:20:37.750 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:29.796 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:43.781 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:43.781 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:43.921 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:43.921 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.15 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.15 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.15 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.15 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.46 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.46 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:05:17.93 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-08 16:05:17.109 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-08 16:05:17.109 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-08 16:05:17.109 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-08 16:05:18.609 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined


2008-04-07 23:46:24.187 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Version 6.51-1020
2008-04-07 23:46:25.875 WARNING [java:hc.impl.lib.engine.CommonEngineImpl#Native] Read ini: Failed to read threat values, set to default values.
2008-04-07 23:46:26.62 WARNING [java:hc.impl.lib.engine.CommonEngineImpl#Native] Read ini: Failed to read threat values, set to default values.
2008-04-07 23:46:32.31 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Spyware scanner initialized (threadid=908)
2008-04-07 23:49:21.859 WARNING [java:com.trendmicro.web.housecall.share.engine.BootSectorScanProcess] Scanning the bootsector 'H:\', caused a return value of '-33'
2008-04-07 23:53:21.750 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-27,
2008-04-07 23:53:21.750 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-27,
2008-04-07 23:58:54.203 INFO [java:com.trendmicro.web.housecall.share.engine.FileScanProcess] Requesting the current scan process to stop!
2008-04-08 14:57:03.140 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Version 6.51-1020
2008-04-08 14:57:08.656 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Spyware scanner initialized (threadid=e18)
2008-04-08 14:57:42.312 WARNING [java:com.trendmicro.web.housecall.share.engine.BootSectorScanProcess] Scanning the bootsector 'H:\', caused a return value of '-33'
2008-04-08 14:59:42.156 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-27,
2008-04-08 14:59:42.156 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-27,
2008-04-08 15:05:25.328 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.328 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.437 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.437 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.734 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.750 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.890 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:05:25.890 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:11:28.78 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:11:28.78 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:11:28.718 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:13:42.250 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:13:42.250 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:13:43.359 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 15:20:37.750 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:29.796 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:43.781 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:43.781 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:43.921 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:43.921 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.15 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.15 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.15 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.15 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.46 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:01:44.46 SEVERE [java:hc.impl.lib.engine.CommonEngineImpl#Native] File scanner error=-94,
2008-04-08 16:22:59.812 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Spyware scanner process threat clean.


2008-04-07 23:40:27.656 INFO [java:hc.applet.Implementation] Starting the java based HouseCall client with id:hc-impl-1
2008-04-07 23:40:40.218 INFO [java:hc.applet.Implementation] OS: WinXP - x86 - win32
2008-04-07 23:40:40.218 INFO [java:hc.applet.Implementation] Browser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.1)
2008-04-07 23:40:40.218 INFO [java:hc.applet.ResourceLoader] Bypass loading bindings in the initial context!
2008-04-07 23:40:40.218 INFO [java:hc.applet.Implementation] Switching the context to "initial"
2008-04-07 23:41:14.31 INFO [java:hc.applet.ResourceLoader] Loading all bindings now!
2008-04-07 23:41:14.875 INFO [java:hc.applet.ResourceLoader] Bindings loaded!
2008-04-07 23:41:14.890 INFO [java:hc.applet.Implementation] Switching the context to "preparing"
2008-04-07 23:41:15.640 INFO [java:hc.applet.process.UpdateActiveUpdate] Local-Version not found for ; updating-engine-engine
2008-04-07 23:41:19.375 INFO [java:hc.impl.lib.activeupdate.UpdateImpl] Setting the proxy configuration to: Host: 127.0.0.1:33233 Proxy-Type:http Login: "null" using Password: no
2008-04-07 23:41:19.375 INFO [java:hc.impl.lib.activeupdate.UpdateImpl] Using internal proxy transport
2008-04-07 23:41:19.375 INFO [java:hc.impl.lib.activeupdate.UpdateImpl] Setting the proxy configuration to: Host: 127.0.0.1:33233 Proxy-Type:http Login: "null" using Password: no
2008-04-07 23:41:19.375 INFO [java:hc.impl.lib.activeupdate.UpdateImpl] Using internal proxy transport
2008-04-07 23:41:20.453 WARNING [java:hc.util.LocalProxy] 404 http://housecall65.trendmicro.com:80/house...ate/ini_xml.zip
2008-04-07 23:41:21.953 INFO [java:hc.applet.process.UpdateActiveUpdate] Local-Version not found for ; updating-pattern-malware
2008-04-07 23:41:22.734 INFO [java:hc.applet.process.UpdateActiveUpdate] Local-Version not found for ; updating-pattern-grayware
2008-04-07 23:41:23.46 INFO [java:hc.applet.process.UpdateActiveUpdate] Local-Version not found for ; updating-engine-system-engine
2008-04-07 23:41:23.46 INFO [java:hc.applet.process.UpdateActiveUpdate] Local-Version not found for ; updating-engine-system-engine
2008-04-07 23:41:23.46 INFO [java:hc.applet.process.UpdateActiveUpdate] Local-Version not found for ; updating-engine-system-engine
2008-04-07 23:41:23.656 INFO [java:hc.applet.process.UpdateActiveUpdate] Local-Version not found for ; updating-pattern-system-malware
2008-04-07 23:41:23.906 INFO [java:hc.applet.process.UpdateActiveUpdate] Local-Version not found for ; updating-pattern-system-grayware
2008-04-07 23:41:24.187 INFO [java:hc.applet.process.UpdateActiveUpdate] Local-Version not found for ; updating-pattern-system-vulnerability
2008-04-07 23:42:32.656 INFO [java:hc.applet.Implementation] Switching the context to "checking"
2008-04-07 23:46:24.187 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Version 6.51-1020
2008-04-07 23:46:25.875 WARNING [java:hc.impl.lib.engine.CommonEngineImpl#Native] Read ini: Failed to read threat values, set to default values.
2008-04-07 23:46:26.62 WARNING [java:hc.impl.lib.engine.CommonEngineImpl#Native] Read ini: Failed to read threat values, set to default values.
2008-04-07 23:46:32.31 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Spyware scanner initialized (threadid=908)
2008-04-07 23:48:10.593 INFO [java:hc.applet.process.UpdateActiveUpdate] Finalizing the Update-Session now
2008-04-07 23:49:02.359 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-07 23:58:50.234 INFO [java:hc.applet.Implementation] Stopping the java based HouseCall client with id:hc-impl-1
2008-04-08 14:56:11.734 INFO [java:hc.applet.Implementation] Starting the java based HouseCall client with id:hc-impl-1
2008-04-08 14:56:17.437 INFO [java:hc.applet.Implementation] OS: WinXP - x86 - win32
2008-04-08 14:56:17.437 INFO [java:hc.applet.Implementation] Browser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.1)
2008-04-08 14:56:17.453 INFO [java:hc.applet.ResourceLoader] Bypass loading bindings in the initial context!
2008-04-08 14:56:17.453 INFO [java:hc.applet.Implementation] Switching the context to "initial"
2008-04-08 14:56:18.578 INFO [java:hc.applet.ResourceLoader] Loading all bindings now!
2008-04-08 14:56:19.93 INFO [java:hc.applet.ResourceLoader] Bindings loaded!
2008-04-08 14:56:19.93 INFO [java:hc.applet.Implementation] Switching the context to "preparing"
2008-04-08 14:56:21.593 INFO [java:hc.impl.lib.activeupdate.UpdateImpl] Setting the proxy configuration to: Host: 127.0.0.1:33233 Proxy-Type:http Login: "null" using Password: no
2008-04-08 14:56:21.593 INFO [java:hc.impl.lib.activeupdate.UpdateImpl] Using internal proxy transport
2008-04-08 14:56:21.593 INFO [java:hc.impl.lib.activeupdate.UpdateImpl] Setting the proxy configuration to: Host: 127.0.0.1:33233 Proxy-Type:http Login: "null" using Password: no
2008-04-08 14:56:21.593 INFO [java:hc.impl.lib.activeupdate.UpdateImpl] Using internal proxy transport
2008-04-08 14:56:22.578 WARNING [java:hc.util.LocalProxy] 404 http://housecall65.trendmicro.com:80/house...ate/ini_xml.zip
2008-04-08 14:57:03.125 INFO [java:hc.applet.process.UpdateActiveUpdate] Finalizing the Update-Session now
2008-04-08 14:57:03.140 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Version 6.51-1020
2008-04-08 14:57:08.656 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Spyware scanner initialized (threadid=e18)
2008-04-08 14:57:35.0 INFO [java:hc.applet.Implementation] Switching the context to "checking"
2008-04-08 16:05:17.93 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-08 16:05:17.109 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-08 16:05:17.109 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-08 16:05:17.109 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-08 16:05:18.609 WARNING [java:hc.applet.process.GetThreatInformation] Failed to update information about a threat in the context options for the threat:no-threat-defined
2008-04-08 16:12:24.156 INFO [java:hc.applet.Implementation] Switching the context to "resolving"
2008-04-08 16:22:59.812 INFO [java:hc.impl.lib.engine.CommonEngineImpl#Native] Spyware scanner process threat clean.



thank you
britzy

Edited by Britzy, 09 April 2008 - 04:25 AM.


BC AdBot (Login to Remove)

 


#2 Britzy

Britzy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 17 April 2008 - 03:28 AM

hey guys, thanks for all the replies!! sarcasm of note!!!! i posted my problem on 6 april and still no help by today and i this forum was for helping people like me.
i managed to sort it out my self.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 17 April 2008 - 08:54 AM

i posted my problem on 6 april and still no help by today.

Sorry your thread was overlooked but we are all volunteers and sometimes a topic will get missed.

somehow and somewhere between obtaining a keygen for pc bug doctor on 07 april 2008 i managed to get my laptop infected.

BC does not condone the use of crack and keygen tools.

Not only is that practice a security risk, it is considered illegal activity and a violation of our BC Discussion/Message Boards Rules.

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.

However, we would have tried to assist with cleaning your system if the problem was not resolved.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users