2 replies to this topic

[himaness]

So, recently I have been having problems booting up into windows... about 75% of the time it would go to a black screen with a movable mouse instead of brining up the blue user selection screen on Windows XP. I scanned with AVG and it said it found win32/Cryptor on my winlogon.exe. A reliable source near me told me that I would be able to remove it with Malwarebytes Anti-malware, and when I tried to install it it would not install, and gave me the generic 'Windows must close this program', error, and no matter what I did it absolutely woould not install. I posted this topic : http://www.malwareby...showtopic=12611 in the main forum and it directed me to this forum, with instructions to install avira and HijackThis and scan with each. hijackThis would not install just like Malwarebytes, so I proceeded with the avira scan on only my windows system folder. Below is the result. The only thing I found odd is the fact it did not detect Win32/cryptor on winlogon....

Avira AntiVir Personal
Report file date: Saturday, March 14, 2009 17:15

Scanning for 1297221 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: Owner
Computer name: DAVE

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 15:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 23:09:28
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 3/11/2009 23:09:39
ANTIVIR3.VDF : 7.1.2.171 61952 Bytes 3/13/2009 23:09:40
Engineversion : 8.2.0.114
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/14/2009 23:10:06
AESCRIPT.DLL : 8.1.1.63 364923 Bytes 3/14/2009 23:10:04
AESCN.DLL : 8.1.1.8 127346 Bytes 3/14/2009 23:10:01
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 20:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/14/2009 23:10:00
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/14/2009 23:09:57
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/14/2009 23:09:55
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/14/2009 23:09:46
AEGEN.DLL : 8.1.1.28 336244 Bytes 3/14/2009 23:09:45
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 17:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/14/2009 23:09:42
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 19:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, March 14, 2009 17:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgui.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'opera.exe' - '1' Module(s) have been scanned
Scan process 'RtlWake.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'trillian.exe' - '1' Module(s) have been scanned
Scan process 'SimpleMU.exe' - '1' Module(s) have been scanned
Scan process 'uTorrent.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'VCDDaemon.exe' - '1' Module(s) have been scanned
Scan process 'avgtray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'avgemc.exe' - '1' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
Scan process 'npkcmsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'acsd.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LexBceS.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
51 processes with 51 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '74' files ).


Starting the file scan:

Begin scan in 'C:\windows\system32'
C:\windows\system32\pac.txt
[DETECTION] Is the TR/Dldr.VB.VPG Trojan
[NOTE] The file was moved to '4a1f3b2e.qua'!
C:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\0b5a00961.dll
[DETECTION] Is the TR/Agent.btax Trojan
[NOTE] The file was moved to '49f13b47.qua'!
C:\windows\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: Saturday, March 14, 2009 17:17
Used time: 01:53 Minute(s)

The scan has been done completely.

212 Scanning directories
5745 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
5742 Files not concerned
11 Archives were scanned
1 Warnings
2 Notes

[miekiemoes]

Hi,

Please read the following tutorial and perform the steps:

http://www.malwareby...showtopic=12709

Then you should be able to run MBAM afterwards. Also, make sure you update MBAM (Update tab > check for updates), before you run the scan.
Then, once the scan has finished, reboot!
After reboot,
Post the log from MBAM in your next reply.

[miekiemoes]

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.