Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Crypt.ZPACK.Gen 60 instances - all drivers?


  • Please log in to reply
2 replies to this topic

#1 delerium

delerium

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 09 July 2010 - 08:45 AM

I could really use your help, Internet!

Last night Avira started popping up multiple instances of this TROJAN and they are all in windows/system32. I put them all in quarantine but I'm pretty sure I need drivers for my computer to work? Earlier Chrome was crashing and my memory is running low. Windows XP OS.

I ran Malwarebytes and it found two instances of VIRTUMONDE trojans. I don't even know if this is related. I ran Hijack This but I really don't know what I'm looking at........

I'm not all that computer literate but I can follow instructions, so if there's anything you can help me with, any advice at all, I would love that! Thank you for your time.

BC AdBot (Login to Remove)

 


#2 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:03:30 AM

Posted 09 July 2010 - 11:04 AM

Just so that I'm clear, it is saying that your drivers are infected with this trojan? Maybe you could put out the malwarebytes log so that we can see what you are dealing with here? Maybe also paste the Avira log into your next post as well so that we can see the files that it is flagging.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#3 delerium

delerium
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 09 July 2010 - 11:56 AM

Thank you so much for responding!

Here is the Avira log, it's long!

Exported events:

7/9/2010 7:14 [Guard] Malware found
Virus or unwanted program 'BAT/Agent.143 [virus]'
detected in file 'C:\WINDOWS\system32\fjhdyfhsn.bat.
Action performed: Move file to quarantine

7/9/2010 2:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD140.tmp.
Action performed: Move file to quarantine

7/9/2010 2:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD13A.tmp.
Action performed: Move file to quarantine

7/9/2010 2:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD134.tmp.
Action performed: Move file to quarantine

7/9/2010 2:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD131.tmp.
Action performed: Move file to quarantine

7/9/2010 2:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD12A.tmp.
Action performed: Move file to quarantine

7/9/2010 2:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD126.tmp.
Action performed: Move file to quarantine

7/9/2010 2:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD122.tmp.
Action performed: Move file to quarantine

7/9/2010 2:01 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD11D.tmp.
Action performed: Move file to quarantine

7/9/2010 2:01 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD115.tmp.
Action performed: Move file to quarantine

7/9/2010 2:01 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD111.tmp.
Action performed: Move file to quarantine

7/9/2010 2:01 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD10D.tmp.
Action performed: Move file to quarantine

7/9/2010 2:01 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\OLD109.tmp.
Action performed: Move file to quarantine

7/9/2010 1:23 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\1783970510.sys.
Action performed: Move file to quarantine

7/9/2010 1:23 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\wudfrd.sys.
Action performed: Move file to quarantine

7/9/2010 1:23 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\wudfpf.sys.
Action performed: Move file to quarantine

7/9/2010 1:23 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\WDICA.sys.
Action performed: Move file to quarantine

7/9/2010 1:23 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\usbuhci.sys.
Action performed: Move file to quarantine

7/9/2010 1:23 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\usbstor.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\usbscan.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\usbprint.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\usbccgp.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\usbaudio.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\TDTCP.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\TDPIPE.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\swmidi.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\splitter.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\Sfloppy.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\Serial.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\secdrv.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\rtl8139.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\RDPWD.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\processr.sys.
Action performed: Move file to quarantine

7/9/2010 1:22 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\PDRFRAME.sys.
Action performed: Move file to quarantine

7/9/2010 1:21 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\PDRELI.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\PDFRAME.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\PDCOMP.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\PCIDump.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\parport.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\nwlnkfwd.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\nwlnkflt.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\mspqm.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\mspclock.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\mskssrv.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\mouhid.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\lbrtfdc.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\kbdhid.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\irenum.sys.
Action performed: Move file to quarantine

7/9/2010 1:18 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\ipinip.sys.
Action performed: Move file to quarantine

7/9/2010 1:17 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\ipfltdrv.sys.
Action performed: Move file to quarantine

7/9/2010 1:17 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\ip6fw.sys.
Action performed: Move file to quarantine

7/9/2010 1:16 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\i2omgmt.sys.
Action performed: Move file to quarantine

7/9/2010 1:15 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\hpzius12.sys.
Action performed: Move file to quarantine

7/9/2010 1:15 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\hpzipr12.sys.
Action performed: Move file to quarantine

7/9/2010 1:12 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\hpzid412.sys.
Action performed: Move file to quarantine

7/9/2010 1:12 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\hidusb.sys.
Action performed: Move file to quarantine

7/9/2010 1:03 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\Flpydisk.sys.
Action performed: Move file to quarantine

7/9/2010 1:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\Fdc.sys.
Action performed: Move file to quarantine

7/9/2010 0:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\drmkaud.sys.
Action performed: Move file to quarantine

7/9/2010 0:58 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\dmusic.sys.
Action performed: Move file to quarantine

7/9/2010 0:58 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\Changer.sys.
Action performed: Move file to quarantine

7/9/2010 0:58 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\Cdaudio.sys.
Action performed: Move file to quarantine

7/9/2010 0:55 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\asyncmac.sys.
Action performed: Move file to quarantine

7/9/2010 0:51 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\aec.sys.
Action performed: Move file to quarantine



I noticed the batch virus detection when i re-booted. The Virtumonde.prx was actually detected by Search and Destroy, and for the life of me I can't figure out how to get a log from that...

1. autorun settings (Uruzeni) HKEY_LOCAL_MAHCHINE\SOFTWARE\microsoft\windows\currentversion\run\uruzeni
2. c:\\WINDOWS\aziloruz.dll

These were "fixed" by Search and Destroy and when i re-booted the batch virus appeared. Also re-ran Malwarebytes and three more popped up

Database version: 4296

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/9/2010 9:37:26 AM
mbam-log-2010-07-09 (09-37-26).txt

Scan type: Quick scan
Objects scanned: 136001
Time elapsed: 19 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvuko (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\d32enm.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~TM102.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

When i re-booted the my computer was running at 100% due to a rundll32.exe in my task manager. I found that "d32enm.dll" in Process Explorer running as the "rundll32". I hope I am making sense.......
Until yesterday my computer was fine so this is kind of blowing me away. I don't play farmville!

Do you have any advice? Thanks again for responding.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users