Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast detects Kryptic Trojan Horse


  • Please log in to reply
6 replies to this topic

#1 HuntieBoy

HuntieBoy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 25 March 2011 - 10:04 AM

Avast detects Kryptic Trojan Horse!

Randomly my avast detects Kryptic Trojan Horse, which from my searching is a virus that reproduces itself.
It is 99% of all times in the Windows TEMP folder. It creates a setup.exe there in a folder with 4 random letters (djop,bxzm,etc.) Anyone knows how to get rid of it.


PS: If it's unpossible or too hard to get rid of it, i might aswell just put W7 on my PC. I have Windows XP right now.

BC AdBot (Login to Remove)

 


#2 HuntieBoy

HuntieBoy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 25 March 2011 - 12:26 PM

Also, Avast safely blocks them, so i'm safe, but the setup.exe's just stack up :|

#3 HuntieBoy

HuntieBoy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 26 March 2011 - 03:18 PM

Ok, i fixed it myself somehow...
Deleted full TEMP folder and did Windows Recovery to get the TEMP's back from before the virus... All fixed now

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:45 PM

Posted 26 March 2011 - 07:10 PM

Hello, good to hear, you should double check with am online scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 HuntieBoy

HuntieBoy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 29 March 2011 - 02:21 AM

Full log:

C:\Documents and Settings\Rick Calle\Application Data\8589379E807DC86E4A2CE1F4AAB85679\asp70vdviss.exe a variant of Win32/Kryptik.LZW trojan cleaned by deleting - quarantined

C:\Documents and Settings\Rick Calle\Bureaublad\tttt.rar Win32/HackTool.Patcher.A application deleted - quarantined

C:\Documents and Settings\Rick Calle\Bureaublad\My Rommel\LobbyTracker.exe Win32/Packed.Themida.AAF trojan cleaned by deleting - quarantined

C:\Documents and Settings\Rick Calle\Bureaublad\My Rommel\MW2 Liberation\4ee74C3.tmp probably a variant of Win32/Obfuscated.JRKVWDH trojan cleaned by deleting - quarantined

C:\Documents and Settings\Rick Calle\Bureaublad\My Rommel\MW2 Liberation\5c95348.tmp probably a variant of Win32/Obfuscated.JRKVWDH trojan cleaned by deleting - quarantined

C:\Documents and Settings\Rick Calle\Mijn documenten\Downloads\Bulletstorm-FLT\flt-bull.iso a variant of Win32/Packed.VMProtect.AAD trojan deleted

C:\Program Files\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined

C:\Program Files\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined

C:\Program Files\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined

C:\Program Files\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined

C:\Program Files\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined

C:\WINDOWS\kbjent.dll a variant of Win32/Cimag.GJ trojan cleaned by deleting - quarantined



I am pretty happy with the results, as actually 2-3 of the 12 files ACTUALLY are infected. Some more info:

Probably Real Virus!
C:\Documents and Settings\Rick Calle\Application Data\8589379E807DC86E4A2CE1F4AAB85679\asp70vdviss.exe a variant of Win32/
Kryptik.LZW trojan cleaned by deleting - quarantined

I thought it was a backup i made of MW2 liberation
C:\Documents and Settings\Rick Calle\Bureaublad\tttt.rar Win32/HackTool.Patcher.A application deleted - quarantined

Program i use to get into 'modded MW2 lobbies'
C:\Documents and Settings\Rick Calle\Bureaublad\My Rommel\LobbyTracker.exe Win32/Packed.Themida.AAF trojan cleaned by deleting - quarantined

The process that MW2 liberation uses, but stores afterwards
C:\Documents and Settings\Rick Calle\Bureaublad\My Rommel\MW2 Liberation\4ee74C3.tmp probably a variant of Win32/Obfuscated.JRKVWDH trojan cleaned by deleting - quarantined

The process that MW2 liberation uses, but stores afterwards
C:\Documents and Settings\Rick Calle\Bureaublad\My Rommel\MW2 Liberation\5c95348.tmp probably a variant of Win32/Obfuscated.JRKVWDH trojan cleaned by deleting - quarantined

A 'pirated' version of BulletStorm, probably crack was detected as a virus
C:\Documents and Settings\Rick Calle\Mijn documenten\Downloads\Bulletstorm-FLT\flt-bull.iso a variant of Win32/Packed.VMProtect.AAD trojan deleted

A program i use to hack flash games for fun, to get infinite money or smth
C:\Program Files\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined

A program i use to hack flash games for fun, to get infinite money or smth
C:\Program Files\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined

A program i use to hack flash games for fun, to get infinite money or smth
C:\Program Files\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined

A program i use to hack flash games for fun, to get infinite money or smth
C:\Program Files\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined

A program i use to hack flash games for fun, to get infinite money or smth
C:\Program Files\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined

Probably Real Virus!
C:\WINDOWS\kbjent.dll a variant of Win32/Cimag.GJ trojan cleaned by deleting - quarantined


Additional Info:

MW2 liberation: Program used to create modded lobbies in MW2 (Had it for a year)
LobbyTracker: Program used to join modded lobbies in MW2 (A half year)
Cheat Engine: Program used to hack flash games, just for fun!(A year)
flt-bullet.iso: I wanted to try the game before buying it...

ESET online scanner is a good scanner, but it tags everything that contains a string of a virus.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:45 PM

Posted 30 March 2011 - 08:57 AM

That's what makes it good. Also ir quarantined those so if they were not actual malware you can restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 HuntieBoy

HuntieBoy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 02 April 2011 - 06:49 AM

Okay, still no viruses, thx!

Plz close this




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users