Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Cryptic.ZE (Rogue: Antispyware Soft)


  • Please log in to reply
5 replies to this topic

#1 helandros

helandros

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 31 May 2010 - 07:46 PM

Computer infected. Below is as much info as I can provide to get your help.

System: Windows XP
security: AVG free

All of the sudden the computer started spewing legitimate looking security warnings...but if you clicked on them they opened the page for Antispyware Soft. Then, nothing would work except Firefox. Below are bullet-point facts which I hope will help you to help me get this off the machine.

AVG issued "Resident Shield Alert" with following info:
Threat: Trojan horse Cryptic.ZE
File: C:\Documents and Settings\Lesley\Local Settings\Temporary Internet Files\Content.IE5\UF0C3S89\omni[1].gif

Rogue security warning says:
Infected by 186.133.32.88 port 16416
Attacked port 835
Threat Win32/Nuqel.E

cannot run scan with AVG
cannot open IE
cannot open Google Chrome
cannot install jack This
cannot install Norton free scan (which requires IE)
cannot install McAfee free scan (required to install due to Firefox as browser)
Malwarebytes installed to desktop but will not open and cannot run scan from right click option
cannot install Ad-Aware

Each time I try to do anything (except open Firefox and surf via Firefox), I get the following error message - which is tied to the rogue Antispyware Soft:
"Security Warning
Application cannot be executed. The file XXXX (insert all that I have tried to install here) is infected. Do you want to activate your antivirus software now?"

If you click on 'yes', the Antispyware Soft gui opens. If you click on 'no', you continue to get this error message each time you try to install any security program or scans.

I cannot run any online scans because they all require IE, which is evidently disabled by this infection.

Await your help.
Thanks.
Helandros

BC AdBot (Login to Remove)

 


#2 helandros

helandros
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 31 May 2010 - 08:09 PM

I also cannot run any programs on the computer like Works, MS Explorer,etc.

The Windows Security alert boxes are now popping every 5 seconds or so and I can't get them to stop.

And...periodic porn sites are popping up now.

Await help.

#3 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:09:58 AM

Posted 31 May 2010 - 11:06 PM

Hi,
Let me tell you. AVG, I must give it credit for letting you know of the issue, but it is unreliable especially in terms of rogue software situations. The reason why you cannot install any security apps is because the rogue is trying to stop you as a way to protect itself from being removed. There are a few ways around this though. First of all, there is a guide on removing this very rogue here on this site. You can either look at it from another computer (preferable), or you can use firefox to view it. I can tell you what you did to get the darn thing though based on what you put in about AVG's detection. You clicked on a nasty, tainted image file that was actually thee trojan to install the rogue. .GIF is an image file extension.

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#4 helandros

helandros
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 01 June 2010 - 02:50 AM

Thanks for info, Chromebuster. I have tried to search this site for both 'Antispyware Soft' as well as 'Trojan horse Cryptic.ZE', but no results come up for either. Can you tell me what I am searching for to get the removal instructions?

Cheers,
Helandros

#5 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:09:58 AM

Posted 01 June 2010 - 02:52 PM

Hi again,
No problem. You can't always search the site directly for what you are looking for. I know, it seems odd to some, but it is so true. You should try searching www.bing.com for antispywareSoft removal and it should come right up. Though I never have had a rogue in my life, I often search for instructions on how to remove them. Bing is a great way to search. You can't find Cryptic.z because it is a generic detection provided by AVG. Generic detections do not help when it comes to looking for stuff like this, but I learned from one of the moderators at Eset that that is often the detection for variants that install rogue programs. The only difference between the two detections is that eset spells it "Kryptik" instead of "Cryptic". Eset is based in Slavakia and AVG is based in the Czech republic. let me know if that helps.

Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,095 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:58 AM

Posted 01 June 2010 - 10:36 PM

Hello,

Belay what I just posted and removed. I see that your new topic doesn't contain any logs. If I merged it with this topic, it would mess up the post order, so I'm going to delete that topic.

If you haven't already followed this removal guide: http://www.bleepingcomputer.com/virus-remo...-antivirus-soft please do so.

If you still experience issues once you have followed that guide
, then please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 01 June 2010 - 10:38 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users