Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Trojan.Agent/Gen-Cryptic from my computer and had to do a fresh install of Windows XP..However, I think my computer is still infected?


  • Please log in to reply
13 replies to this topic

#1 Nacster

Nacster

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 06 July 2011 - 02:35 PM

Hello to everyone on bleepingcomputers.com,

First off, I would like to apologize in advance if I've posted in the wrong forum..I would also like to mention that my computer skills/knowledge are average at best..So, I apologize for making things more complicated for everyone. :(

I will try to describe my situation as brief and accurate as possible..I recently had my computer infected by a terrible Trojan Virus (Trojan.Agent/Gen-Cryptic)..I had help from someone, to remove the Trojan from my computer..They guided me through certain steps like MBR Check, DDS, Rootkit Unhooker, ComboFix, OTL, etc..After guiding me through all the necessary steps, my computer was declared clean..Unfortunately after the clean, my computer wasn't performing properly..It was extremely slow/sluggish, when opening apps and connecting to the internet..I also had Windows Firewall shutting OFF, from time to time..I was then told at this point, to do a fresh install of Windows XP..Which brings me to my current problem..I've performed a fresh install twice, and for the life of me I cannot figure out why my computer feels like it's still infected..After the first fresh install of Windows XP I ran a scan with Malewarebytes Anti-Malware and it found:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7032

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

06/07/2011 8:23:28 AM
mbam-log-2011-07-06 (08-23-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 240111
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\REAL\WEATHERBUG\MINIBUGTRANSPORTER.DLL (Adware.Minibug) -> Value: MINIBUGTRANSPORTER.DLL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\common files\Real\weatherbug\minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.


I then downloaded Avast and performed a Boot Scan..It found three infections, I don't have the log because it got deleted after my second attempt at re-installing Windows XP..However, I do recall the infection being called something like Win32Gen/Malware..After my second attempt at a fresh install of Windows XP..Malewarebytes found the exact same infections as previously posted above and I can't seem to download some of the Windows XP updates..I don't know much about computers, but I know that something is definitely not right here..I'm wondering if there is an infection much deeper in my hard drive..I'm really worried that my computer is no longer operable..Any help, or suggestions would be greatly appreciated..Thanking everyone in advance for their time and patience. :(


P.S I forgot to mention that System Restore has been corrupted and I'm currently running my computer in Safe Mode.


If it helps any, my computer specifications are as follows:

HP Pavilion Desktop Media Center
Pentium D
Windows XP Media Center Edition (OS)
HP System Recovery Discs (OEM)

Edited by Nacster, 06 July 2011 - 05:06 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 06 July 2011 - 08:48 PM

Couple of questions to start with...

1. When you reinstalled Windows, was it clean installation, including formatting hard drive?
2. Was your computer physically connected to the net during reinstallation?
3. Did you put any backed up files back on freshly installed Windows?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Nacster

Nacster
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 06 July 2011 - 10:07 PM

Hey Broni,

Thanks for the response..I will try to answer your questions, to the best of my knowledge:

1. Clean install, but I did not format the hard drive.(I'm afraid I'm not sure how to reformat the hard drive) :(

2. No the computer was not connected to the internet during the clean installation..I unplugged the connection from my modem.

3. No back up files were put back on the freshly installed Windows XP..All I did was immediately download Malewarebytes and Avast, from cnet.com downloads.


Thanks for your time and patience..Have a great day.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 06 July 2011 - 10:16 PM

1. Clean install, but I did not format the hard drive.(I'm afraid I'm not sure how to reformat the hard drive)

It wasn't a clean installation then. You perform so called "over-the-top" installation, which will leave most files untouched, thus your infection remains.
The only sure way to get rid of all "baddies" is clean installation, including hard drive formatting.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Nacster

Nacster
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 06 July 2011 - 10:47 PM

Hi Broni,

My bad..Like I mentiond before, my computer skills are not the greatest..If it's not too much trouble, can you please direct me on how to proceed with a proper install of Windows XP and reformatting of the hard drive..Thanks once again for your time and patience..Have a great day.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 06 July 2011 - 10:52 PM

Sure thing :)
http://www.michaelstevenstech.com/cleanxpinstall.html

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Nacster

Nacster
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 15 July 2011 - 05:47 PM

Hello again to everyone on the forum,

Unfortunately, my computer problem has not gone away..It's been a month and my computer is still crippled..I tried searching google to see if I could come up with anything that relates to my problem..I'm starting to think that maybe I have a persistent rootkit that continually activates each time I reboot the computer..Again, my computer knowledge is average at best..However, I truly beleive that my problem has something to do with a nasty virus that is hidden and really embedded in some file, or something..My biggest fear is that my computer has become a huge paper weight..Any help, or suggestions would be greatly appreciated..I thank you all in advance for your time and patience regarding this matter..Have a great day. :(


P.S If I were to purchase a brand new hard drive and get rid if the infected one..Would that completely eliminate my problem? :unsure:

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 15 July 2011 - 05:49 PM

I thought you're planning on clean Windows installation.
No need for a new drive. There is nothing wrong with it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Nacster

Nacster
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 15 July 2011 - 06:28 PM

Hi Broni,

I truly appreciate all the help and support that you have given me, through this ordeal..I tried doing a clean install a few different ways, but I keep getting the same results..I tried the boot menu on start up and selected DVD drive with the recovery disk inside..I remember selecting the option for destructive recovery..Again not sure if I did it correctly, but I keep getting this blasted Win32:Malware-Gen right after recovery..The link that you provided me was also very appreciative..However, it was a little too advanced for my computer knowledge..I'm guessing that I probably didn't do a proper recovery, or a reformatting of the hard drive..Are there any other links that would be a little more detailed in the step by step process of performing a destructive recovery for a novice like myself? :huh:

P.S If it helps any, I have an HP Pavilion Desktop Media Center m7480n running Windows XP..The computer is from 2005-2006.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 15 July 2011 - 09:01 PM

I'm pretty sure you didn't format your drive and that's why your problem is still there.
That link I provided is the best one I know.
Maybe you could ask a friend who is little bit more computer savvy to help you out with those steps?

Another option...
Your computer may have recovery partition, which if used will return the computer to factory settings.
Start the computer and press F10 at HP logo.
If recovery partition is there you should see some on-screen instructions.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 Nacster

Nacster
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 15 July 2011 - 09:20 PM

Hi Broni,

Thanks once again for the information, it's greatly appreciated..I will give both a try..Have a great day. :thumbsup:


P.S So I can relieve some stress..lol..My computer is still ok and not a write off? :huh:

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 15 July 2011 - 09:37 PM

Of course not :)

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 Nacster

Nacster
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 16 July 2011 - 03:02 PM

Thanks again Broni..Have a great weekend :thumbsup:

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:11 AM

Posted 16 July 2011 - 03:06 PM

Same to you :)

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users