Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Cryptor/ Moved


  • Please log in to reply
1 reply to this topic

#1 enninjess

enninjess

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:28 PM

Posted 07 April 2009 - 05:27 PM

I am running Windows XP SP2. When I use a search engine on IE or Firefox, any link I click on routes me to an Ad site. I don't have any issues while using Opera. I tried to backup my data and run system recovery only to find that none of my drives are responsive, I can see them all but I cannot access any of them and if I insert a blank disc, thumb drive or SD card I cannot move anything to them. I no longer have any system restore points, nor can I create a new one.

AVG 8.5 ran its usual daily scan yesterday and found 8 copies each (6 total)of these two items:

\\?\globalroot\systemroot\system32\UAXynjvnfqv.dll
and
C:\WINDOWS\system32\svchost.exe(872)

AVG shows the result/infection for both of these items to be: Virus Identified Win32/Cryptor

This is what the AVG scan results screen shows:
"\\?\globalroot\systemroot\system32\UACynjvnfqv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACynjvnfqv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACynjvnfqv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACynjvnfqv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACynjvnfqv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACynjvnfqv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACynjvnfqv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\iexplore.exe (2784)";"Virus identified Win32/Cryptor";""
"\\?\globalroot\systemroot\system32\UACynjvnfqv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\iexplore.exe (3932)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1028)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1024)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1396)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (592)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (876)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (988)";"Virus identified Win32/Cryptor";""


AVG moves these threats to the virus vault but can never get rid of them. I uninstalled AVG and downloaded Avast. It only finds 2 copies of each and "gets rid" of them. I Uninstalled Avast and reinstalled AVG and it still finds 16 infections. I downloaded Malwarebytes but cannot run the program, so I uninstalled it.

I downloaded DDS per the preperation guide, but everytime I try to start it I get this error:

cmd is not a valid Win32 application.

I'm at a complete loss as to how to fix this and could really use some help.

Thanks

Edited by enninjess, 08 April 2009 - 04:35 AM.

I'm all in favor of keeping dangerous weapons out of the hands of fools. Let's start with keyboards.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:28 PM

Posted 07 April 2009 - 08:37 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users