Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 cryptor


  • Please log in to reply
2 replies to this topic

#1 paraprosdokian

paraprosdokian

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 01 March 2010 - 04:58 AM

I was infected by win32 cryptor. My AVG flagged a warning and claimed to block it, but since then stuff has been going wrong with my computer. There are random pop-up ads even when there is no internet (the ads don't work if there's no internet). When the computer starts up, windows explorer will screw up (no specific message, Windows will just tell me that it's stopped working and restarts it). I ran AVG a few times and that found a few viruses (and removed them) but it didn't solve the problem.

I installed Malwarebytes (successfully) but it has difficulties working. Either it doesn't open when I click it, or it just shuts down (with no notice or error) if I try to run a scan. I renamed the .exe file and ran a scan. As Malwarebytes was scanning, AVG detected a lot of trojans and stuff and removed them. Malwarebytes only detected and removed 3 errors. However - one error needed a reboot, and when I allowed Malwarebytes to reboot, it just crashed and didn't reboot. However, I can see that file in the quarantine.

I just wanted to know if there's anythign else I need to do to purge cryptor from my computer. The pop-ups are still occuring.

Thanks,

Paraprosdokian

Edited by paraprosdokian, 01 March 2010 - 05:39 AM.


BC AdBot (Login to Remove)

 


#2 paraprosdokian

paraprosdokian
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 01 March 2010 - 05:30 AM

By the way, here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/03/2010 8:41:29 PM
mbam-log-2010-03-01 (20-41-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 369700
Time elapsed: 2 hour(s), 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ronofugika (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PVN74ABL\vzgomuf[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\VirtualStore\Windows\System32\fxer.slo (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\clk341.nls (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\cd118dee-4112-4f5a-8572-0d09a06acc19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\hupetetu\hupetetu.dll (Trojan.Agent) -> Delete on reboot.

#3 paraprosdokian

paraprosdokian
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 01 March 2010 - 03:12 PM

And this morning when I turned on my computer, there was an error message that said "C:\ProgramData\hupetetu\hupetetu.dll" could not be found.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users