Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help


  • This topic is locked This topic is locked
19 replies to this topic

#1 Bipolargandolf

Bipolargandolf

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 05 April 2010 - 03:41 PM

the name of the virus is called Trojan horse Crypt.RTI. The problem is that every so often I would get an error message that things like Itunes helper, adobe acrobat or avg antivirus tray would stop working, also there would be pop ups regardless of what website I would be on.

My virus scan did find it, moved it to the virus vault, then shortly after that it would return. I've tried scanning with Avg antivirus, I've tried to go into CCleaner and first deleting the entry under startup and then tried to disable it from starting, in both cases it would return.

I'm not sure what else I can do, any help would be appreciated.

thanks Greg

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 05 April 2010 - 04:15 PM

Hi Gregg, I am moving this from Vista to the Am I Infected forum..


Let's run some tools and see the logs.

First RKill....

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
If the computer is rebooted or a reboot occurs along the way you will need to run the application again as the malware programs will start again.


Next run ATF:
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Bipolargandolf

Bipolargandolf
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 05 April 2010 - 07:27 PM

ok, first of all, thank you for the fast response

I did as you asked I saved the rkill and the other program to my desktop, however I got stuck on the second program I downloaded it, saved the icon to my desktop, although it wouldn't launch, at first I clicked on it and nothing happened, then after I clicked on it a couple of times then an error message flashed very quickly saying that this version doesn't work and to download the latest version, I also clicked on and downloaded that separate link that you had just in case the other did not work, and again that did nothing or that same error message quickly flashed on my screen

thanks again for the help

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 05 April 2010 - 08:57 PM

Hi,you are talking about MBAM not ATF.
Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like zztoy.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Bipolargandolf

Bipolargandolf
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 06 April 2010 - 04:16 PM

ok, more problems I got malwarebytes to run but when I try to run a quick scan I got an error message and I didn't see the error message in FAQ. The error message said. An error has occured. Please report this error to our support team.

MBAM_ERROR_NO_ITEMS_SELECTED (0,0)

you did want me not to change any of the settings in the program around, right?
like changing the location of what would be scanned?

thanks in advance

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 06 April 2010 - 07:20 PM

Hi, actually I would like you to follow thru with their request.
e-mail the address below and a customer support representative will assist you as soon as possible.

If you are seeking assistance please send an email to support@malwarebytes.org.
there appears to be an issue with the application. We can kill two birds with one stone. They will fix the tool for all of us and they will finish cleaning the computer.


got malwarebytes to run but when I try to run a quick scan I got an error message and I didn't see the error message in FAQ. The error message said. An error has occurred. Please report this error to our support team.

MBAM_ERROR_NO_ITEMS_SELECTED (0,0)



I am not sending you away ,as we work together. Just trying to benefit the community. Let us know how you make out and thanks.

Edited by boopme, 06 April 2010 - 08:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Bipolargandolf

Bipolargandolf
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 06 April 2010 - 07:39 PM

it's ok, thank you for you help

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 06 April 2010 - 08:50 PM

Thank you very much.. :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Bipolargandolf

Bipolargandolf
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 12 April 2010 - 03:06 PM

hello, again hopefully this is the correct place to post this as it is the same problem as before, I talked to the technical support as you had told me to however they had me download and run a program of combofix and if that didn't work some other upgraded version of malwarebytes or malwarebytes from some other link.

Regardless, niether one of them worked and I had replied back to them and now they don't seem to be answering my emails and I'm still stuck with the adware/trojan in my PC. One thing that I believe that I neglected to tell them and you when I originally posted this was that I have windows vista 64 bit. It appeared as though the combofix and the other version of malwarebytes didn't work with either Vista, 64 bit, or both. Is there another program that I can try that would be compatable? Am I wrong, is it in fact compatable and I'm doing something wrong?

any help again would be appreciated thank you in advance

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 12 April 2010 - 07:43 PM

Hello, let's post a DDS LOG as you need some specialized tools here with 64.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 and not here,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Bipolargandolf

Bipolargandolf
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 14 April 2010 - 04:48 PM

Hi again and thank you for the reply.

I did follow the link and went through the steps in the guide, however I got stuck on step # 8, I was able to download, and run gmer, and it found no problems on the first scan. However, all the options that they want me to check off were greyed out. I didn't want to go further into the guide because I didn't know if things had to happen in order. I do have the logs from the previous steps, I would post, but I don't know how to attach the files

just copy and paste?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 14 April 2010 - 07:25 PM

Hi, post only the DDS log. Add this line
I got stuck on step # 8, I was able to download, and run gmer, and it found no problems on the first scan. However, all the options that they want me to check off were greyed out.

Reference this post also. So they can see any info we've gone over. Copy /paste this link>>
http://www.bleepingcomputer.com/forums/ind...p;#entry1715682

Edited by boopme, 14 April 2010 - 07:26 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Bipolargandolf

Bipolargandolf
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 15 April 2010 - 03:19 PM

the link brings me back here, and when I copy and paste it, just shows an error.

also how do I post the DDS log?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:55 AM

Posted 15 April 2010 - 03:29 PM

:thumbsup: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Bipolargandolf

Bipolargandolf
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 15 April 2010 - 05:22 PM

I seem to be having all kinds of difficulties zipping the file and attaching it, I'm assuming I have to zip the file, the guide you showed me wasn't real clear


sorry for all of the difficulties




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users