Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]

Started by tired of virus , Nov 05 2009 11:01 PM

This topic is locked

#1 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #1$
tired of virus

Posted 05 November 2009 - 11:01 PM

New Member

Member
6 posts

Hi thanks for the help. My computer was running slower and I just heard of Avira antivirus software. Right after installing it I got a warning of and infecetion. C:\Windows\system32\fhcafhc.dll called TR/Crypt/Morphine.gen. I surfed the web found some "fixes" and downloaded them. Now I got a new virus detection. C:\WINDOWS\system32\sccrdbxy.dll. Next I found your web site. As I was following the begining instruction A different named virus with the same file name. C:\WINDOWS\system32\fhcafhc.dll. I have followed the steps asked but the system restore program asked for me to install a version of a .NET Framework but I didn't know what that ment.

mbam_log_2009_11_05__21_05_26_.txt 9.57KB 93 downloads

OTL.Txt 72.71KB 116 downloads

roo.txt 3.46KB 129 downloads

Extras.Txt 40.71KB 174 downloads

Attached Files

mbam_log_2009_11_05__21_05_26_.txt 9.57KB 94 downloads

#2 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #2$
fenzodahl512

Posted 06 November 2009 - 09:48 PM

Malware Removal
9,863 posts

Hello, welcome to Geekstogo.. Please don't attach files unless requested.. Just post it here as it is

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:

Tools->Options->Main tab
Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

#3 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #3$
tired of virus

Posted 08 November 2009 - 10:41 AM

New Member

Topic Starter
Member
6 posts

here is my combo-fix log

ComboFix 09-11-07.04 - mfortier 09-11-08 8:50.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.246.97 [GMT -7:00]
Running from: c:\documents and settings\mfortier\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\as.txt
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\hqevnwyy.sys
c:\windows\system32\drivers\mfchtxkj.sys
c:\windows\system32\fhcafhc.dll
c:\windows\system32\jdytuqn.dll
c:\windows\system32\pwdmon.dll
c:\windows\system32\sccrdbxy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EXAMPLE
-------\Legacy_EXAMPLE1
-------\Legacy_MFCHTXKJ
-------\Legacy_MSASVC
-------\Service_mfchtxkj
-------\Service_MsaSvc

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-07 17:48 . 2009-11-07 17:48 -------- d-----w- c:\program files\WildBlue
2009-11-06 03:53 . 2009-11-06 03:53 -------- d-----w- c:\documents and settings\mfortier\Application Data\Malwarebytes
2009-11-06 03:53 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 03:53 . 2009-11-06 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-06 03:53 . 2009-11-06 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-06 03:53 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 03:49 . 2009-11-06 03:49 -------- d-----w- c:\program files\ERUNT
2009-11-02 03:29 . 2009-11-02 03:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\kwkkphjy
2009-11-02 03:29 . 2009-11-02 03:29 -------- d-----w- c:\documents and settings\NetworkService\Application Data\kwkkphjy
2009-11-02 03:22 . 2009-11-02 03:22 -------- d-----w- c:\documents and settings\mfortier\Local Settings\Application Data\kwkkphjy
2009-11-02 03:22 . 2009-11-02 03:22 -------- d-----w- c:\documents and settings\mfortier\Application Data\kwkkphjy
2009-11-02 02:04 . 2009-11-02 02:17 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-11-02 02:03 . 2009-11-02 02:03 -------- d-----w- c:\documents and settings\mfortier\Local Settings\Application Data\Downloaded Installations
2009-11-02 01:37 . 2009-11-02 01:37 -------- d-----w- c:\program files\CCleaner
2009-11-01 01:46 . 2009-07-28 22:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 01:46 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 01:46 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-01 01:46 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-01 01:46 . 2009-11-01 01:46 -------- d-----w- c:\program files\Avira
2009-11-01 01:46 . 2009-11-01 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-01 01:08 . 2009-11-01 01:08 -------- d-----w- c:\program files\DISHMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 03:26 . 2006-01-31 04:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 04:03 . 2005-11-11 03:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-06 01:03 . 2008-04-12 00:38 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-02 02:58 . 2005-12-14 22:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 02:57 . 2005-12-14 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-02 02:18 . 2005-12-14 22:09 -------- d-----w- c:\program files\Lavasoft
2009-11-02 02:18 . 2006-09-02 16:51 -------- d-----w- c:\documents and settings\mfortier\Application Data\Lavasoft
2009-11-02 01:48 . 2007-09-19 15:10 -------- d-----w- c:\program files\Citrix
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-12-11 446464]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-12-13 100056]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MSWin.exe]
backup=c:\windows\pss\MSWin.exeCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axpdaaaa

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\Infogrames Interactive\\Scrabble Complete\\ScrabbleComplete.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\NovaLogic\\Comanche 4\\Update.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48455:TCP"= 48455:TCP:@xpsp2res.dll,-22009
"51003:TCP"= 51003:TCP:@xpsp2res.dll,-22009
"28228:TCP"= 28228:TCP:@xpsp2res.dll,-22009
"18746:TCP"= 18746:TCP:@xpsp2res.dll,-22009

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-12-16 63616]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mfchtxkj

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vrglgbxo
.
Contents of the 'Scheduled Tasks' folder

2009-11-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-11-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - mfortier.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 19:54]

2009-11-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-11-11 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mStart Page = hxxp://www.dishmail.net
mSearch Bar = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local;<local>
mSearchURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
Trusted Zone: alltel.com\care
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-axpdaaaa - c:\windows\system32\axpdaaaa.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 09:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP00000012AFB717240B9C6CCF 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SNDSrvc]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1020)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dumprep.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\dumprep.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-11-08 9:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 16:25

Pre-Run: 64,345,407,488 bytes free
Post-Run: 64,412,897,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect

- - End Of File - - 9FBFC60DE2DB7E024BE55845ABA7A41F

#4 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #4$
fenzodahl512

Posted 08 November 2009 - 11:09 AM

Malware Removal
9,863 posts

1. Please open Notepad

If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

NetSvc::
vrglgbxo

Driver::
vrglgbxo

Folder::
c:\documents and settings\NetworkService\Local Settings\Application Data\kwkkphjy
c:\documents and settings\NetworkService\Application Data\kwkkphjy
c:\documents and settings\mfortier\Local Settings\Application Data\kwkkphjy
c:\documents and settings\mfortier\Application Data\kwkkphjy

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#5 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #5$
tired of virus

Posted 09 November 2009 - 05:13 PM

New Member

Topic Starter
Member
6 posts

hi Here are the log that you requested. I am not getting any more virus warning from Avira anymore so you are fixing my problem. Thanks

ComboFix 09-11-07.04 - mfortier 09-11-09 15:36.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.246.100 [GMT -7:00]
Running from: c:\documents and settings\mfortier\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\mfortier\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mfortier\Application Data\kwkkphjy
c:\documents and settings\mfortier\Application Data\kwkkphjy\profiles.ini
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\cert8.db
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\compatibility.ini
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\compreg.dat
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\cookies.sqlite
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\formhistory.sqlite
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\key3.db
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\localstore.rdf
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\permissions.sqlite
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\places.sqlite-journal
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\places.sqlite
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\pluginreg.dat
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\prefs.js
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\secmod.db
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\webappsstore.sqlite
c:\documents and settings\mfortier\Application Data\kwkkphjy\Profiles\0tf8f03f.default\xpti.dat
c:\documents and settings\mfortier\Local Settings\Application Data\kwkkphjy
c:\documents and settings\mfortier\Local Settings\Application Data\kwkkphjy\Profiles\0tf8f03f.default\urlclassifier3.sqlite
c:\documents and settings\mfortier\Local Settings\Application Data\kwkkphjy\Profiles\0tf8f03f.default\XPC.mfl
c:\documents and settings\NetworkService\Application Data\kwkkphjy
c:\documents and settings\NetworkService\Application Data\kwkkphjy\profiles.ini
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\cert8.db
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\compatibility.ini
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\compreg.dat
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\cookies.sqlite
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\formhistory.sqlite
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\key3.db
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\localstore.rdf
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\parent.lock
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\permissions.sqlite
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\places.sqlite-journal
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\places.sqlite-stmtjrnl
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\places.sqlite
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\pluginreg.dat
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\prefs.js
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\secmod.db
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\webappsstore.sqlite
c:\documents and settings\NetworkService\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\xpti.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\kwkkphjy
c:\documents and settings\NetworkService\Local Settings\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\urlclassifier3.sqlite
c:\documents and settings\NetworkService\Local Settings\Application Data\kwkkphjy\Profiles\w7kvg9ng.default\XPC.mfl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSASVC
-------\Legacy_VRGLGBXO

((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-09 22:13 . 2009-11-09 22:13 -------- d-----w- c:\program files\Trend Micro
2009-11-07 17:48 . 2009-11-07 17:48 -------- d-----w- c:\program files\WildBlue
2009-11-06 03:53 . 2009-11-06 03:53 -------- d-----w- c:\documents and settings\mfortier\Application Data\Malwarebytes
2009-11-06 03:53 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 03:53 . 2009-11-06 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-06 03:53 . 2009-11-06 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-06 03:53 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 03:49 . 2009-11-06 03:49 -------- d-----w- c:\program files\ERUNT
2009-11-02 02:04 . 2009-11-02 02:17 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-11-02 02:03 . 2009-11-02 02:03 -------- d-----w- c:\documents and settings\mfortier\Local Settings\Application Data\Downloaded Installations
2009-11-02 01:37 . 2009-11-02 01:37 -------- d-----w- c:\program files\CCleaner
2009-11-01 01:46 . 2009-07-28 22:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 01:46 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 01:46 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-01 01:46 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-01 01:46 . 2009-11-01 01:46 -------- d-----w- c:\program files\Avira
2009-11-01 01:46 . 2009-11-01 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-01 01:08 . 2009-11-01 01:08 -------- d-----w- c:\program files\DISHMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 16:37 . 2005-11-11 03:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-08 16:37 . 2005-11-11 03:58 -------- d-----w- c:\program files\Symantec
2009-11-08 16:30 . 2005-11-11 03:59 -------- d-----w- c:\program files\Norton AntiVirus
2009-11-08 16:30 . 2005-11-11 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-07 03:26 . 2006-01-31 04:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 01:03 . 2008-04-12 00:38 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-02 02:58 . 2005-12-14 22:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 02:57 . 2005-12-14 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-02 02:18 . 2005-12-14 22:09 -------- d-----w- c:\program files\Lavasoft
2009-11-02 02:18 . 2006-09-02 16:51 -------- d-----w- c:\documents and settings\mfortier\Application Data\Lavasoft
2009-11-02 01:48 . 2007-09-19 15:10 -------- d-----w- c:\program files\Citrix
.

((((((((((((((((((((((((((((( SnapShot@2009-11-08_16.07.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-26 11:16 . 2008-10-16 21:09 43544 c:\windows\system32\wups2.dll
+ 2004-08-09 21:24 . 2008-10-16 21:08 34328 c:\windows\system32\wups.dll
+ 2004-08-09 21:24 . 2008-10-16 21:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-11-09 03:07 . 2008-10-16 21:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-11-09 03:07 . 2008-10-16 21:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2004-08-09 21:24 . 2008-10-16 21:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2004-08-09 21:24 . 2008-10-16 21:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 1980-01-01 08:00 . 2008-10-16 21:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 1980-01-01 08:00 . 2008-10-16 21:09 92696 c:\windows\system32\cdm.dll
+ 2004-08-09 21:24 . 2008-10-16 21:12 202776 c:\windows\system32\wuweb.dll
+ 2004-08-09 21:24 . 2008-10-16 21:12 323608 c:\windows\system32\wucltui.dll
+ 2004-08-09 21:24 . 2008-10-16 21:12 561688 c:\windows\system32\wuapi.dll
+ 2009-11-09 03:07 . 2008-10-16 21:12 561688 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll
+ 2004-08-09 21:24 . 2008-10-16 21:12 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-09 21:24 . 2008-10-16 21:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-09 21:24 . 2008-10-16 21:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-09 21:24 . 2008-10-16 21:13 1809944 c:\windows\system32\wuaueng.dll
+ 2004-08-09 21:24 . 2008-10-16 21:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-12-11 446464]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MSWin.exe]
backup=c:\windows\pss\MSWin.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\Infogrames Interactive\\Scrabble Complete\\ScrabbleComplete.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\NovaLogic\\Comanche 4\\Update.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48455:TCP"= 48455:TCP:@xpsp2res.dll,-22009
"51003:TCP"= 51003:TCP:@xpsp2res.dll,-22009
"28228:TCP"= 28228:TCP:@xpsp2res.dll,-22009
"18746:TCP"= 18746:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09-10-31 18:46 108289]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [04-12-16 05:12 63616]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [06-11-03 17:19 13592]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-11-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-11-11 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mStart Page = hxxp://www.dishmail.net
mSearch Bar = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local;<local>
mSearchURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
Trusted Zone: alltel.com\care
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 15:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2212)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-09 15:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-09 22:53
ComboFix2.txt 2009-11-08 16:25

Pre-Run: 64,441,663,488 bytes free
Post-Run: 64,436,133,888 bytes free

- - End Of File - - EC77501D96539435E88A972F29AA9A56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07, on 09-11-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dishmail.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] c:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1257735890703
O16 - DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} (CLaunchPrint Object) - http://photosmart.hp...sLocalPrint.CAB
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5914 bytes

#6 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #6$
fenzodahl512

Posted 09 November 2009 - 07:15 PM

Malware Removal
9,863 posts

Looks good, how about you do a fullscan with your Avira and tell us if it detects anything

#7 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #7$
tired of virus

Posted 11 November 2009 - 07:15 PM

New Member

Topic Starter
Member
6 posts

hi here are the logs that you requested. I am not getting any virus warning anymore so you must be fixing the problem thanks.

ComboFix 09-11-07.04 - mfortier 09-11-08 8:50.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.246.97 [GMT -7:00]
Running from: c:\documents and settings\mfortier\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\as.txt
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\hqevnwyy.sys
c:\windows\system32\drivers\mfchtxkj.sys
c:\windows\system32\fhcafhc.dll
c:\windows\system32\jdytuqn.dll
c:\windows\system32\pwdmon.dll
c:\windows\system32\sccrdbxy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EXAMPLE
-------\Legacy_EXAMPLE1
-------\Legacy_MFCHTXKJ
-------\Legacy_MSASVC
-------\Service_mfchtxkj
-------\Service_MsaSvc

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-07 17:48 . 2009-11-07 17:48 -------- d-----w- c:\program files\WildBlue
2009-11-06 03:53 . 2009-11-06 03:53 -------- d-----w- c:\documents and settings\mfortier\Application Data\Malwarebytes
2009-11-06 03:53 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 03:53 . 2009-11-06 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-06 03:53 . 2009-11-06 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-06 03:53 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 03:49 . 2009-11-06 03:49 -------- d-----w- c:\program files\ERUNT
2009-11-02 03:29 . 2009-11-02 03:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\kwkkphjy
2009-11-02 03:29 . 2009-11-02 03:29 -------- d-----w- c:\documents and settings\NetworkService\Application Data\kwkkphjy
2009-11-02 03:22 . 2009-11-02 03:22 -------- d-----w- c:\documents and settings\mfortier\Local Settings\Application Data\kwkkphjy
2009-11-02 03:22 . 2009-11-02 03:22 -------- d-----w- c:\documents and settings\mfortier\Application Data\kwkkphjy
2009-11-02 02:04 . 2009-11-02 02:17 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-11-02 02:03 . 2009-11-02 02:03 -------- d-----w- c:\documents and settings\mfortier\Local Settings\Application Data\Downloaded Installations
2009-11-02 01:37 . 2009-11-02 01:37 -------- d-----w- c:\program files\CCleaner
2009-11-01 01:46 . 2009-07-28 22:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 01:46 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 01:46 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-01 01:46 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-01 01:46 . 2009-11-01 01:46 -------- d-----w- c:\program files\Avira
2009-11-01 01:46 . 2009-11-01 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-01 01:08 . 2009-11-01 01:08 -------- d-----w- c:\program files\DISHMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 03:26 . 2006-01-31 04:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 04:03 . 2005-11-11 03:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-06 01:03 . 2008-04-12 00:38 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-02 02:58 . 2005-12-14 22:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 02:57 . 2005-12-14 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-02 02:18 . 2005-12-14 22:09 -------- d-----w- c:\program files\Lavasoft
2009-11-02 02:18 . 2006-09-02 16:51 -------- d-----w- c:\documents and settings\mfortier\Application Data\Lavasoft
2009-11-02 01:48 . 2007-09-19 15:10 -------- d-----w- c:\program files\Citrix
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-12-11 446464]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-12-13 100056]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MSWin.exe]
backup=c:\windows\pss\MSWin.exeCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axpdaaaa

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\Infogrames Interactive\\Scrabble Complete\\ScrabbleComplete.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\NovaLogic\\Comanche 4\\Update.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48455:TCP"= 48455:TCP:@xpsp2res.dll,-22009
"51003:TCP"= 51003:TCP:@xpsp2res.dll,-22009
"28228:TCP"= 28228:TCP:@xpsp2res.dll,-22009
"18746:TCP"= 18746:TCP:@xpsp2res.dll,-22009

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-12-16 63616]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mfchtxkj

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vrglgbxo
.
Contents of the 'Scheduled Tasks' folder

2009-11-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-11-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - mfortier.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 19:54]

2009-11-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-11-11 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mStart Page = hxxp://www.dishmail.net
mSearch Bar = 687474703a2f2f7777772e476f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local;<local>
mSearchURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f
Trusted Zone: alltel.com\care
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-axpdaaaa - c:\windows\system32\axpdaaaa.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 09:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP00000012AFB717240B9C6CCF 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SNDSrvc]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1020)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Norton AntiVirus\IWP\NPFMntor.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dumprep.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\dumprep.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-11-08 9:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 16:25

Pre-Run: 64,345,407,488 bytes free
Post-Run: 64,412,897,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect

- - End Of File - - 9FBFC60DE2DB7E024BE55845ABA7A41F

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07, on 09-11-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dishmail.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] c:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1257735890703
O16 - DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} (CLaunchPrint Object) - http://photosmart.hp...sLocalPrint.CAB
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5914 bytes

#8 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #8$
fenzodahl512

Posted 12 November 2009 - 01:14 PM

Malware Removal
9,863 posts

Lets do an online scan with ESET Online Scanner to make sure we don't miss any..

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

#9 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #9$
tired of virus

Posted 14 November 2009 - 01:39 PM

New Member

Topic Starter
Member
6 posts

hi sorry about the double posts. Avira scan came up clean. Eset scan also came up clean. here is the log. Thanks

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16608 (vista_gdr.071204-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d1eea513eb62744594678556b60df7ad
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-14 07:35:19
# local_time=2009-11-14 12:35:19 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 338582 338582 0 0
# compatibility_mode=1797 16775145 100 100 0 34551844 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=50965
# found=0
# cleaned=0
# scan_time=1133

#10 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #10$
fenzodahl512

Posted 16 November 2009 - 09:29 AM

Malware Removal
9,863 posts

Looks good to me.. Lets do some cleanup...

Please download OTC and save it to Desktop.

Make sure you have internet connection..
Double-click OTC
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes

Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos

Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Read these great info's about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread

Have a safe and happy computing day!

Regards
fenzodahl512

#11 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #11$
tired of virus

Posted 17 November 2009 - 07:45 PM

New Member

Topic Starter
Member
6 posts

Downloaded OTC and ran it. Computer is running just fine. The articles above gave me an idea of how to surf more carefully. I am now using Firefox to surf. Thanks for all your help. Hope I don't need anymore help, But I probably will.

Thanks again!!

#12 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #12$
fenzodahl512

Posted 19 November 2009 - 05:21 AM

Malware Removal
9,863 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,500 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]

#1 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #1$
tired of virus

Posted 05 November 2009 - 11:01 PM

Attached Files

Advertisements

#2 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #2$
fenzodahl512

Posted 06 November 2009 - 09:48 PM

#3 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #3$
tired of virus

Posted 08 November 2009 - 10:41 AM

#4 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #4$
fenzodahl512

Posted 08 November 2009 - 11:09 AM

#5 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #5$
tired of virus

Posted 09 November 2009 - 05:13 PM

#6 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #6$
fenzodahl512

Posted 09 November 2009 - 07:15 PM

#7 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #7$
tired of virus

Posted 11 November 2009 - 07:15 PM

#8 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #8$
fenzodahl512

Posted 12 November 2009 - 01:14 PM

#9 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #9$
tired of virus

Posted 14 November 2009 - 01:39 PM

#10 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #10$
fenzodahl512

Posted 16 November 2009 - 09:29 AM

#11 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #11$
tired of virus

Posted 17 November 2009 - 07:45 PM

#12 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #12$
fenzodahl512

Posted 19 November 2009 - 05:21 AM

Similar Topics

1 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]

#1 tired of virus Posted 05 November 2009 - 11:01 PM

Attached Files

Advertisements

#2 fenzodahl512 Posted 06 November 2009 - 09:48 PM

#3 tired of virus Posted 08 November 2009 - 10:41 AM

#4 fenzodahl512 Posted 08 November 2009 - 11:09 AM

#5 tired of virus Posted 09 November 2009 - 05:13 PM

#6 fenzodahl512 Posted 09 November 2009 - 07:15 PM

#7 tired of virus Posted 11 November 2009 - 07:15 PM

#8 fenzodahl512 Posted 12 November 2009 - 01:14 PM

#9 tired of virus Posted 14 November 2009 - 01:39 PM

#10 fenzodahl512 Posted 16 November 2009 - 09:29 AM

#11 tired of virus Posted 17 November 2009 - 07:45 PM

#12 fenzodahl512 Posted 19 November 2009 - 05:21 AM

Similar Topics

1 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #1$
tired of virus

Posted 05 November 2009 - 11:01 PM

#2 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #2$
fenzodahl512

Posted 06 November 2009 - 09:48 PM

#3 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #3$
tired of virus

Posted 08 November 2009 - 10:41 AM

#4 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #4$
fenzodahl512

Posted 08 November 2009 - 11:09 AM

#5 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #5$
tired of virus

Posted 09 November 2009 - 05:13 PM

#6 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #6$
fenzodahl512

Posted 09 November 2009 - 07:15 PM

#7 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #7$
tired of virus

Posted 11 November 2009 - 07:15 PM

#8 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #8$
fenzodahl512

Posted 12 November 2009 - 01:14 PM

#9 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #9$
tired of virus

Posted 14 November 2009 - 01:39 PM

#10 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #10$
fenzodahl512

Posted 16 November 2009 - 09:29 AM

#11 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #11$
tired of virus

Posted 17 November 2009 - 07:45 PM

#12 $TR\Crypt.Morphine.gen TR\Crypt.XPack.gen [Solved]: post #12$
fenzodahl512

Posted 19 November 2009 - 05:21 AM