tr/crypt.xpack.gen trojan and worm/autorun.blw worm

[kent adrian]

here are the 3 logs



[Saving space - attachment deleted by admin]

[evilfantasy]

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
- O4 - HKLM..Run: [RRT-Auto] \200.200.200.21installer\RRT.exe auto
- O18 - Protocol: <- Place a check mark next to ALL of the O18 entries. There is 100 or more of them.

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

Run CCleaner.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"RRT-Auto"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

----------

Do you use the Crawler Toolbar?

[kent adrian]

where can i find ccleanner?


i dont know what is crawler toolbar?

[kent adrian]

good day, before i do you instruction i already done some actions for those viruses.


i scan my system with AVG anti virus and after that i also try to use the symantec anti virus..

then i do what you have advice


here is the log of combo fix

[Saving space - attachment deleted by admin]

[evilfantasy]

CCleaner is one of the tools you were supposed to download in the malware removal guide...

Go to Add/Remove Programs and uninstall Crawler Toolbar


----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
C:\Program Files\Crawler

File::
C:\WINDOWS\system32\rrt_is.wav
C:\WINDOWS\system32\rrt_vf.wav
C:\WINDOWS\system32\rrt_tv.wav
C:\WINDOWS\system32\rrt_tn.wav
C:\WINDOWS\system32\blastclnnn.exe
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[kent adrian]

hi here is the log, i think my computer are now ok... hehe

[Saving space - attachment deleted by admin]

[kent adrian]

before i forgot, i have this the same problem on a laptop... em i going to do the same process?

[evilfantasy]

Yes do the malware removal guide. Be sure to start a

new topic for any separate computer.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

Important: Restart the computer before continuing.

----------

Final steps.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[kent adrian]

hey thanks for all the thing you advice, pls help me again..  i have 10 to 20 more computers that are infected of this Trojan and 1 more laptop infected of this two virus... thanks again and more power


ill post later or maybe the next day the logs from the laptop that i mentioned...

[evilfantasy]

i have 10 to 20 more computers that are infected of this Trojan and 1 more laptop infected of this two virus

This web site and the helpers are here to assist home users with common PC problems and we are in no way ready to replace an IT department which is who you need to maintain all of those computers.

[kent adrian]

to everyone,

hmmm... i want to ask something... is there any way of manual deleting of this tr/crypt.xpack.gen? like using command prompt or dos command.. if you know some thing... pls teach me how..  and pls i want an effective solution...




thanks

[patio]

Do a Format and clean install on all 20 machines...Post back with the results.

[kent adrian]

is ther any other way, formating may cause file missing or corupt. even i backup files