Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

krypt.msp - cman


  • This topic is locked This topic is locked
5 replies to this topic

#1 gmanmarine

gmanmarine

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 18 April 2011 - 07:39 PM

Seems yesterday got hit with a trojan by the name Krypt.msp and it killed my desktop. Seems all is under a grouping variation of cman. Please give a look and assist if you can. I can not not get back to my original desktop. Nor can not access any of my files or original programs. Thanks in advance gang.

Best Regards,
Todd

Edited by gmanmarine, 18 April 2011 - 07:42 PM.


BC AdBot (Login to Remove)

 


#2 gmanmarine

gmanmarine
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 19 April 2011 - 10:33 PM

Seems yesterday got hit with a trojan by the name Krypt.msp and it killed my desktop. Seems all is under a grouping variation of cman. Please give a look and assist if you can. I can not not get back to my original desktop. Nor can not access any of my files or original programs. Thanks in advance gang.

Best Regards,
Todd


We think we eradicated the malware forementioned in the last 2 days. You folks are busy for sure. However, had a 'whoopsie' as my 3 year old twin daughters would exclaim. And ran 'ComboFix' prior to seeing the disclaimer of advisory, not to do that. The Krypt.msp or Cman malware has not reared it's ugly head in 2 days. However, request assistance in getting back to our original desktop and program settings. Thank you in advance, you folks have been wonderful in assisting us in previous fixes. Atleast we have a working platform to work with - without the interuptions of the malware. When you get a chance we just ask of some assistance in recovering our last working desktop. We can see the file folders of personal data - but can not actuate them active in access to our files.

We would like to know how bleepingcomputer.com gets reimbursement as we would like to contribute in your sustaining efforts as a team. Castlecops was a wonderful assistance program but we are guessing it just dried up and we do not wish to see the same thing happen.

Thank you and best regards my friends.
Todd

#3 gmanmarine

gmanmarine
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 19 April 2011 - 10:43 PM


Seems yesterday got hit with a trojan by the name Krypt.msp and it killed my desktop. Seems all is under a grouping variation of cman. Please give a look and assist if you can. I can not not get back to my original desktop. Nor can not access any of my files or original programs. Thanks in advance gang.

Best Regards,
Todd


We think we eradicated the malware forementioned in the last 2 days. You folks are busy for sure. However, had a 'whoopsie' as my 3 year old twin daughters would exclaim. And ran 'ComboFix' prior to seeing the disclaimer of advisory, not to do that. The Krypt.msp or Cman malware has not reared it's ugly head in 2 days. However, request assistance in getting back to our original desktop and program settings. Thank you in advance, you folks have been wonderful in assisting us in previous fixes. Atleast we have a working platform to work with - without the interuptions of the malware. When you get a chance we just ask of some assistance in recovering our last working desktop. We can see the file folders of personal data - but can not actuate them active in access to our files.

We would like to know how bleepingcomputer.com gets reimbursement as we would like to contribute in your sustaining efforts as a team. Castlecops was a wonderful assistance program but we are guessing it just dried up and we do not wish to see the same thing happen.

Thank you and best regards my friends.
Todd



I could be wrong but I am assuming you utilize those in training in these matters in your assistance programs, which is wonderful and meeting two purposes for all parties, yet still requires funding I am sure. So please advise in these regards.

#4 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:18 AM

Posted 27 April 2011 - 10:07 PM

Hi
Welcome to Bleeping Computer.
I'm maranatha and I'll see what we can do to get things fixed up.

I need to see some scans and their logs.

I need to see the Combofix log that was produced when you ran it, if it is not on your desktop you can maybe find it here.
C:\ComboFix.txt

Also please run this and post the log.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box copy and paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and post them back here.

Thanks
maranatha

FYI'
Bleeping Computer Donations.
As our other advertisements are able to offset the cost of the site, Bleeping Computer is no longer accepting site donations.
Thanks.
Grinler
Site Administrator

Edited by maranatha, 27 April 2011 - 10:23 PM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#5 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:18 AM

Posted 03 May 2011 - 08:18 PM

Hi
If you still require help. please respond to this thread or it will be closed in 48 hours.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#6 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:18 AM

Posted 05 May 2011 - 10:41 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users