|
|
Post by Lynnrose on Feb 19, 2012 12:49:18 GMT
Posting for Icewhite..........
you guys no how to get rid of the win32/kryptik.AAug or something along those lines
I think i got it I used the superantispyware thing from a flash drive in safe mode after reading through lol thank you
It found over 500 files nearly fell of my seat oh me oh my there coming to take me away haha
well I hope I have my anti virus is scanning which it wouldnt do before hmm how will I know for sure can I ask it you dont mind thank you
hmm maybe I spoke to soon It just dumped again but the antivirus is scanning
|
|
|
|
Post by icewhite15 on Feb 19, 2012 13:13:44 GMT
Thanks Lynnrose ok I have scanned again with Avg, it found nothing it did a whole scan and didnt just go off after 3 secs saying it did a whole scan, I leave defender on but when I restart I always have to go to services to start it again i notice that it is a bit faster today but am still worried I have the bug, it didnt find the one I said but still a trojan I forgot to write the name down in panic the ones that avg removed in the first place said it was win32/kryptik also Dydaig.exe and ewpyo.exe I havnt a clue at all its been such a long time since I had anything on the computer Im running Dell Vista Inspiron 531 hehe thats how long ok thanks in advance for any help and Its nice to find you again XX
|
|
biker
Junior Member
Posts: 80
|
Post by biker on Feb 19, 2012 22:31:26 GMT
that's a self replicating trojan---I'd probably add malewarebytes to compliment my avg---- It could still be hiding in your system
|
|
|
|
Post by mikkh on Feb 19, 2012 23:43:59 GMT
|
|
|
|
Post by icewhite15 on Feb 20, 2012 10:39:32 GMT
Thank you I used it and it said hmm found Handle.3xe,110, processes terminated, 76 files deleted, 3 registry keys deleted, is it gone now  thanks in advance Liz |
|
|
|
Post by icewhite15 on Feb 20, 2012 11:01:20 GMT
I just thought do I need to do it in safe mode or from a key drive I should of asked hmm sorry X
|
|
|
|
Post by mikkh on Feb 20, 2012 13:09:16 GMT
Safe mode is usually best for things like this, but glad it worked for you
|
|
|
|
Post by icewhite15 on Feb 20, 2012 16:03:27 GMT
I thought it had I did online scan at Eset that found 2 variants of the win32/kryptik.AAvg trojan and java expliot cve-2011-3544 T trojan oh my life Im over run sits in the corner to cry into her keyboard X |
|
|
|
Post by icewhite15 on Feb 20, 2012 16:05:14 GMT
if I dl that thing onto a key drive can I use it again or is it unsafe to do so I should have asked first also I didnt stop the avg when i did it hmm thiko me X
|
|
|
|
Post by mikkh on Feb 21, 2012 2:59:12 GMT
It's updated on a fairly regular basis, and will update itself if it finds it to be out of date when first run - for a short while anyway AVG is poor, the worst of the freebies by a long way, so stop it permanently by uninstalling it would be my advice Use Avira or Avast instead. Use Avira if the pc/laptop is more than 2 years old because it's lighter on resources or either one if it's a newer model And don't take online scans as 100% accurate, they're not Download and run 'rkill' to terminate any memory resident nasties before running combofix www.bleepingcomputer.com/download/anti-virus/rkill |
|
|
|
Post by icewhite15 on Feb 21, 2012 7:33:21 GMT
Already changed to avast lol by time i read this I had the same thoughts, I am running rkill, I have been scanning all night so far and it has found nothing as yet hopefully after running rkill and another scan I can at least sleep a little better thank you again for taking time out I will let younoif it finds anything Liz X
hmm how long does this rkill take to scan it was only a few seconds see below
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 21/02/2012 at 7:28:46.
Operating System: Windows Vista (TM) Home Premium
Processes terminated by Rkill or while it was running:
Rkill completed on 21/02/2012 at 7:29:15.
|
|
|
|
Post by mikkh on Feb 21, 2012 9:36:39 GMT
The blank message from rkill basically means it found nothing lurking in RAM
MBAM run after combofix is usually enough to clean most PC's. You could virtually set yourself up as a virus cleaning business with those two programs alone. of course a little knowledge of the registry and understanding programs like hijackthis also helps for completeness
|
|
|
|
Post by icewhite15 on Feb 21, 2012 15:07:57 GMT
Well I will run it again combifix that is when i restart in safe mode its seems to be running a lot smoother now and no blue screen or things that were happening are not, the avast scan has found nothing I did a full scan then a boot scan also did another online scan it has found narda Im still worried I have it but thats just me always been the same this puta I have never had to do anything too it have a partitioned drive would the virus get onto the other part of the drive and how would I reformat it with a partitioned drive if I need too hopefully I wont fingers crossed thank you again Liz X
PS: is it normal for windows search to keep starting specially when I move files or delete them I have never paid much attention to the task manager lmao but lets say Im taking more intreast in it hmmm forgive my ignorance
|
|
|
|
Post by icewhite15 on Feb 21, 2012 17:18:19 GMT
Ok I have a log file do I post it here Its quite long and I dont know what information it holds lmao sorry
|
|
|
|
Post by icewhite15 on Feb 24, 2012 15:17:25 GMT
I have had so many free virus scans in the last day or so so doing online scan again and its found a win32/krypitik.ABGF trojan do you think this is the same one or another because I havnt done anything on here excpt see FB and play games on pogo I have run combofix and rkill I have just dl'ed malwarebytes and running a scan in normal mode before i try later in safe mode also have something called multi-av to do I really wanted to avoid formatting this machine but maybe it would be for the best nothing on here I really need, but how do i do it with partioned drive carring the main vista program do I do both partitions or just the one I have the disk the puta came with Im scared to do this machine even though I do a clean install on my brothers many times hehe but this is the only puta I have and I dont want to make a B****s up off it thanks in advance Liz X
|
|
|
|
Post by mikkh on Feb 24, 2012 18:36:09 GMT
First, stop doing the online scans - if combofix, malwarebytes and your virus checker say clean, then basically it's clean
Let's just analyse what a virus checker is first - it's a pretty simple program at heart, it just checks fragments of code to see if they match known virus signatures/code. False positives can be tripped by programmers not being thorough enough or just by bad/lazy programming.
You could try multi-av, it seems genuine enough but I've never tried it myself
|
|
|
|
Post by icewhite15 on Feb 24, 2012 19:40:13 GMT
Ok lmao I am paranoid I hate the thought of stuff running on my puta that shouldn’t I’m just doing av scan it’s a program simple enough for me lmao it’s just a matter of hitting a number hehe I hope it’s got me so worried I hate dl ing any thing hmm I wouldn’t mind but I don’t dl at all usually I hit a link on FB without thinking one day and this is the trouble it has caused what satisfaction do they get from infecting computers I just don’t understand it I have no on line banking cos for one I can’t afford a bank lol two I don’t keep any information on the puta that isn’t already on the internet someplace so with no money to steal no details that aren’t available what can they hope to gain sorry Im a bit peeved It’s ok for the big companies and ppl that can afford C**p like this that have the best but if like me you can hardly afford a p in a bucket I just don’t understand at all ahh enough of the pity party, thank you again, find log file that xp pro thing was for my brother hmm Lizxxx Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.orgDatabase version: v2012.02.24.01 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 ice :: ICE-PC [administrator] 24/02/2012 14:23:10 mbam-log-2012-02-24 (14-23-10).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 387684 Time elapsed: 3 hour(s), 46 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\XPRepairPro2007 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
thanks in advance 
