Jump to content

Windows Command Processor (trojan)-Win32/Kryptik.AHES trojan


Recommended Posts

The manufacturer is Hewlett-Packard. Here is the log.

ListParts by Farbar Version: 23-06-2012

Ran by Patrick Fong (administrator) on 01-07-2012 at 02:14:57

Windows Vista (X86)

Running From: C:\Users\Patrick Fong\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 60%

Total physical RAM: 2046.57 MB

Available physical RAM: 802.93 MB

Total Pagefile: 4332.16 MB

Available Pagefile: 2870.92 MB

Total Virtual: 2047.88 MB

Available Virtual: 1964.57 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:289.41 GB) (Free:74.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (Recovery) (Fixed) (Total:8.68 GB) (Free:1.01 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 289 GB 32 KB

Partition 2 Primary 9 GB 289 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C HP NTFS Partition 289 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D Recovery NTFS Partition 9 GB Healthy

======================================================================================================

Windows Boot Manager

--------------------

identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}

device partition=C:

description Windows Boot Manager

locale en-US

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

default {b646ad0b-2031-11dc-83db-001bfc5eda91}

resumeobject {b646ad0c-2031-11dc-83db-001bfc5eda91}

displayorder {b646ad0b-2031-11dc-83db-001bfc5eda91}

toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}

timeout 30

resume No

Windows Boot Loader

-------------------

identifier {572bcd55-ffa7-11d9-aae2-0007e994107d}

device ramdisk=[D:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}

path \windows\system32\boot\winload.exe

description HP Recovery Manager

osdevice ramdisk=[D:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}

systemroot \windows

nx OptIn

detecthal Yes

winpe Yes

Windows Boot Loader

-------------------

identifier {b646ad0b-2031-11dc-83db-001bfc5eda91}

device partition=C:

path \Windows\system32\winload.exe

description Microsoft Windows Vista

locale en-US

inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d}

recoveryenabled Yes

osdevice partition=C:

systemroot \Windows

resumeobject {b646ad0c-2031-11dc-83db-001bfc5eda91}

nx OptIn

Resume from Hibernate

---------------------

identifier {b646ad0c-2031-11dc-83db-001bfc5eda91}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale en-US

inherit {1afa9c49-16ab-4a5c-901b-212802da9460}

filedevice partition=C:

filepath \hiberfil.sys

pae Yes

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {b2721d73-1db4-4c62-bf78-c548a880142d}

device partition=C:

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-US

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

badmemoryaccess Yes

Windows Legacy OS Loader

------------------------

identifier {466f5a88-0af2-4f76-9038-095b170dc21c}

device partition=C:

path \ntldr

description Earlier Version of Windows

EMS Settings

------------

identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}

bootems Yes

Debugger Settings

-----------------

identifier {4636856e-540f-4170-a130-a84776f4c654}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings

---------------

identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

inherit {4636856e-540f-4170-a130-a84776f4c654}

{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}

{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings

--------------------

identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Resume Loader Settings

----------------------

identifier {1afa9c49-16ab-4a5c-901b-212802da9460}

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options

--------------

identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

description Ramdisk Device Options

ramdisksdidevice partition=D:

ramdisksdipath \boot\boot.sdi

Setup Ramdisk Options

---------------------

identifier {ae5534e0-a924-466c-b836-758539a3ee3a}

description RAM Disk Settings

ramdisksdidevice partition=D:

ramdisksdipath \boot\boot.sdi

****** End Of Log ******

Link to post
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

You indicated that you do not have the Windows Vista CD/DVD for this HP system.

It looks like the HP factory restore patition is on the 2nd partition of your hard-disk-drive.

I would suggest you contact HP support, see http://www8.hp.com/u...hp/contact.html

Ask them if they can provide the Vista CD or if they can provide a recovery CD/DVD.

For sure, they can guide you to document/reference for putting back your system to "factory state" from the "factory restore partition".

Meantime, backup your personal files, documents, etc. to offline media (USB external drive, or USB-flash-thumb drive, oc CD/DVD).

A reset to factory state will result in your losing all personal files/documents, and any programs you added on after getting the new pc.

A rest to factory state (from the HP recovery partition) will put back the pc to the same state as when the pc shipped out from factory.

IF they included any antivirus package (from factory) you would need to de-install it.....before re-installing 'your' antivirus.

Note also, if Vista service pack 2 was not included when you got the pc, you will have to get & apply Service pack 2 from Microsoft (after the system restore). Plus all subsequent MS updates.

Link to post
Share on other sites

If I transfer files to USBs/External harddrives, will I have a chance of transferring the virus to another PC? If there is a risk I'd prefer to lose the files than the other PC.

Also, in your personal opinion, which AV protection do you prefer? I'm not sure if we should stick with TrendMicro or change back to Norton

Link to post
Share on other sites

As regards the saved personal files, The proviso is that you would scan them with antivirus app and MBAM before copying them back onto the system.

imho, my preferences are for MS Security Essentials or Avira. If cost is not an issue, then ESET antivirus.

I would discourage use of Norton/Symantec unless you refer to Symantec business-class antivirus.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.