Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
How to remove win32/Cryptor Virus ?
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > How to remove win32/Cryptor Virus ?  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : How to remove win32/Cryptor Virus ?
[ << Previous Thread | Next Thread >> ]

Qasim Ali
New Member


Date Joined May 2009
Total Posts : 6
  		   Posted 5-27-2009 8:13 (GMT +1)    Quote: How to remove win32/Cryptor Virus ?Alert an admin about: How to remove win32/Cryptor Virus ?
Hi,
I have recently found Win32/cryptor virus in my PC which is detected by AVG Free 8.5 but not deleted permanently. I have also scanned my PC by mbam, hijackthis, True Sword and combofix but they didn't detect any virus. Now plz tell me what I should have to do for removing this Virus permanently?

I have also given my Hijackthis and Combofix log with this thread too.

Regards,

Qasim Ali
http://qaswallpapers.sitesled.com


Here is my Hijack log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:39 PM, on 5/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Qasim Ali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Qasim Ali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Qasim Ali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Qasim Ali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Qasim Ali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Software\Antiviruses\Removing flashy.exe\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Qasim Ali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 4771 bytes






Here is my Combofix log:

ComboFix 09-05-23.04 - Qasim Ali 05/27/2009 21:51.2 - NTFSx86
Running from: c:\documents and settings\Qasim Ali\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 15:45 . 2009-05-27 16:22 -------- d-----w c:\program files\True Sword 5
2009-05-26 19:19 . 2009-05-26 19:19 -------- d-----w c:\documents and settings\Qasim Ali\Application Data\Malwarebytes
2009-05-26 19:18 . 2009-05-26 19:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-26 19:18 . 2009-05-27 16:23 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-26 15:47 . 2009-05-11 13:59 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-26 15:47 . 2009-05-11 13:59 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-26 15:47 . 2009-05-11 14:00 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-26 15:47 . 2009-05-11 13:59 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-26 15:47 . 2009-05-11 13:59 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-26 15:47 . 2009-05-11 13:59 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-26 15:47 . 2009-05-11 13:59 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-26 15:47 . 2009-05-11 13:59 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-26 15:44 . 2009-05-11 13:59 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-26 15:44 . 2009-05-11 13:59 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-26 09:14 . 2009-05-26 09:14 -------- d-----w c:\program files\Common Files\Adobe
2009-05-26 09:13 . 1998-10-29 11:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-25 15:40 . 2009-05-26 19:05 95744 ----a-w c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-05-25 09:16 . 2009-05-25 09:16 -------- d-----w c:\program files\Common Files\xing shared
2009-05-24 08:01 . 2009-05-24 08:01 -------- d-----w c:\program files\Microsoft Works
2009-05-24 07:58 . 2009-05-24 07:58 -------- d-----w c:\documents and settings\Qasim Ali\Local Settings\Application Data\Microsoft Help
2009-05-24 07:58 . 2009-05-27 15:12 -------- d-----w c:\program files\Google
2009-05-21 11:39 . 2009-05-21 11:39 390664 ----a-w c:\documents and settings\Qasim Ali\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-18 16:43 . 2009-04-13 12:39 4656976 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{215A1629-FC39-45E6-A624-822ED556C845}\mpengine.dll
2009-05-18 11:41 . 2009-04-13 12:39 4656976 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-18 11:28 . 2009-05-24 08:02 -------- d-----w c:\program files\Windows Defender
2009-05-17 08:36 . 2009-05-17 08:36 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-05-17 08:36 . 2009-05-24 07:47 -------- d-----w c:\program files\CyberLink
2009-05-15 11:21 . 2009-05-24 08:02 -------- d-----w c:\program files\FLV Player
2009-05-14 16:51 . 2009-05-14 16:51 17920 ----a-w c:\windows\system32\drivers\aksusb.sys
2009-05-14 11:37 . 2009-05-14 11:40 -------- d-----w c:\windows\SHELLNEW
2009-05-14 11:32 . 2009-05-24 08:02 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-14 11:30 . 2009-05-14 11:30 -------- d--h--r C:\MSOCache
2009-05-12 09:44 . 2004-08-03 18:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-11 19:47 . 2009-05-11 19:47 -------- d-sh--w c:\documents and settings\Qasim Ali\IECompatCache
2009-05-11 19:08 . 2009-05-11 19:08 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-11 17:34 . 2009-05-11 17:34 -------- d-sh--w c:\documents and settings\Qasim Ali\PrivacIE
2009-05-11 17:32 . 2009-05-11 17:32 -------- d-sh--w c:\documents and settings\Qasim Ali\IETldCache
2009-05-11 17:25 . 2007-08-13 13:45 78336 ----a-w c:\windows\system32\ieencode.dll
2009-05-11 17:25 . 2007-08-13 13:45 78336 -c--a-w c:\windows\system32\dllcache\ieencode.dll
2009-05-11 17:19 . 2009-05-27 16:19 -------- d--h--w C:\$AVG8.VAULT$
2009-05-11 15:35 . 2009-05-27 09:20 -------- d-----w c:\documents and settings\Qasim Ali\Local Settings\Application Data\Google
2009-05-11 15:28 . 2009-05-16 09:29 43752 ----a-w c:\documents and settings\Qasim Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 14:00 . 2009-05-11 14:00 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-11 14:00 . 2009-05-11 14:00 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-11 14:00 . 2009-05-11 14:00 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-11 14:00 . 2009-05-11 14:00 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-11 14:00 . 2009-05-27 09:13 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-11 13:59 . 2009-05-11 13:59 -------- d-----w c:\program files\AVG
2009-05-11 13:59 . 2009-05-11 13:59 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-11 13:42 . 2009-05-11 13:42 83456 ----a-w c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-05-11 13:42 . 2009-05-11 13:42 3530776 ----a-w c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA23_DAPSO.exe
2009-05-11 13:41 . 2009-05-27 16:35 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-11 13:41 . 2009-05-11 13:41 -------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-05-11 13:40 . 2009-05-11 13:40 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-05-11 13:40 . 2009-05-11 13:42 -------- d-----w c:\program files\DAP
2009-05-11 13:07 . 2009-05-11 13:07 -------- d-----w c:\program files\Mobile Action
2009-05-11 13:05 . 2004-05-24 22:48 43264 ----a-w c:\windows\system32\drivers\UTS2pl.sys
2009-05-11 13:05 . 2004-01-11 19:38 159744 ----a-w c:\windows\DrvRemover98_2K.exe
2009-05-11 13:02 . 2003-07-16 09:27 43264 ------w c:\windows\system32\drivers\ser2pl.sys
2009-05-11 13:02 . 2009-05-17 08:36 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 13:01 . 2009-05-11 13:02 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-10 18:37 . 2009-05-25 09:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-10 18:37 . 2009-05-25 09:14 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-10 18:37 . 2009-05-25 09:15 -------- d-----w c:\program files\Common Files\Real
2009-05-10 18:37 . 2009-05-10 18:37 -------- d-----w c:\program files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 11:14 . 2009-05-10 10:41 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-10 11:13 . 2009-05-10 11:12 -------- d-----w c:\program files\Microsoft Firewall Client
2009-05-10 10:47 . 2009-05-10 10:47 -------- d-----w c:\program files\microsoft frontpage
2009-05-10 10:35 . 2009-05-10 10:35 21640 ----a-w c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-05-24_08.49.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 00:56 . 2007-08-13 13:36 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 00:56 . 2007-08-13 13:01 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-04 00:56 . 2007-08-13 13:32 45568 c:\windows\system32\mshta.exe
+ 2004-08-04 00:56 . 2007-08-13 13:44 40960 c:\windows\system32\licmgr10.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 27136 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 92672 c:\windows\system32\inseng.dll
+ 2004-08-04 00:56 . 2007-08-13 13:36 36352 c:\windows\system32\imgutil.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 55296 c:\windows\system32\iesetup.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 43008 c:\windows\system32\iernonce.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 54784 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 00:56 . 2007-08-13 13:36 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 00:56 . 2007-08-13 13:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 00:56 . 2007-08-13 13:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-04 00:56 . 2007-08-13 13:44 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 27136 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 92672 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 00:56 . 2007-08-13 13:36 36352 c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 43008 c:\windows\system32\dllcache\iernonce.dll
+ 2009-05-10 10:36 . 2007-08-13 13:44 69120 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 00:56 . 2007-08-13 13:39 54784 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-05-10 10:36 . 2007-08-13 13:18 60416 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-05-10 10:37 . 2007-08-13 13:54 33792 c:\windows\system32\dllcache\custsat.dll
+ 2004-08-04 00:56 . 2007-08-13 13:42 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 71680 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 00:56 . 2007-08-13 13:42 17408 c:\windows\system32\corpol.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 71680 c:\windows\system32\admparse.dll
+ 2009-05-10 18:37 . 2009-05-25 09:14 5632 c:\windows\system32\pndx5032.dll
- 2009-05-10 18:37 . 2009-05-10 18:37 5632 c:\windows\system32\pndx5032.dll
- 2009-05-10 18:37 . 2009-05-10 18:37 6656 c:\windows\system32\pndx5016.dll
+ 2009-05-10 18:37 . 2009-05-25 09:14 6656 c:\windows\system32\pndx5016.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 818688 c:\windows\system32\wininet.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 231424 c:\windows\system32\webcheck.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 413696 c:\windows\system32\vbscript.dll
+ 2004-08-04 00:56 . 2007-08-13 13:44 105984 c:\windows\system32\url.dll
+ 2004-08-04 00:56 . 2006-09-23 08:12 474112 c:\windows\system32\shlwapi.dll
+ 2009-05-10 18:37 . 2009-05-25 09:15 185920 c:\windows\system32\rmoc3260.dll
+ 2009-05-10 18:37 . 2009-05-25 09:14 278528 c:\windows\system32\pncrt.dll
- 2009-05-10 18:37 . 2009-05-10 18:37 278528 c:\windows\system32\pncrt.dll
+ 2004-08-04 00:56 . 2007-08-13 13:44 101376 c:\windows\system32\occache.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 670720 c:\windows\system32\mstime.dll
+ 2004-08-04 00:56 . 2007-08-13 13:44 192000 c:\windows\system32\msrating.dll
+ 2001-08-23 14:00 . 2007-08-13 13:54 156160 c:\windows\system32\msls31.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 475648 c:\windows\system32\mshtmled.dll
+ 2004-08-04 00:56 . 2007-08-13 13:38 491520 c:\windows\system32\jscript.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 191488 c:\windows\system32\iepeers.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 382976 c:\windows\system32\iedkcs32.dll
+ 2001-08-23 14:00 . 2007-08-13 12:56 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 152064 c:\windows\system32\ieakeng.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 131584 c:\windows\system32\extmgr.dll
+ 2004-08-04 00:56 . 2007-08-13 13:35 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 00:56 . 2007-08-13 13:35 346624 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 818688 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 231424 c:\windows\system32\dllcache\webcheck.dll
+ 2009-05-10 10:37 . 2007-08-13 13:54 765952 c:\windows\system32\dllcache\VGX.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 413696 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 00:56 . 2007-08-13 13:44 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 00:56 . 2006-09-23 08:12 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 00:56 . 2007-08-13 13:44 101376 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 670720 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 00:56 . 2007-08-13 13:44 192000 c:\windows\system32\dllcache\msrating.dll
+ 2001-08-23 14:00 . 2007-08-13 13:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 475648 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 00:56 . 2007-08-13 13:38 491520 c:\windows\system32\dllcache\jscript.dll
+ 2009-05-10 10:36 . 2007-08-13 13:43 622080 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 00:56 . 2007-08-13 13:54 191488 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 382976 c:\windows\system32\dllcache\iedkcs32.dll
+ 2001-08-23 14:00 . 2007-08-13 12:56 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 152064 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 131584 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 00:56 . 2007-08-13 13:35 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 00:56 . 2007-08-13 13:35 346624 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 123904 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 00:56 . 2007-08-13 13:39 123904 c:\windows\system32\advpack.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 1162240 c:\windows\system32\urlmon.dll
+ 2004-08-04 00:56 . 2006-09-23 08:12 1497088 c:\windows\system32\shdocvw.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 3578368 c:\windows\system32\mshtml.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 1162240 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 00:56 . 2006-09-23 08:12 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 00:56 . 2007-08-13 13:54 3578368 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 00:56 . 2006-09-23 08:12 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 00:56 . 2006-09-23 08:12 1022976 c:\windows\system32\browseui.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-05-11 2811392]
"Google Update"="c:\documents and settings\Qasim Ali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-25 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-26 113664]
Firewall Client Connectivity Monitor.LNK - c:\program files\Microsoft Firewall Client\ISATRAY.EXE [2009-5-10 52496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-11 14:00 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-11 325896]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-11 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-05-11 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-11 298776]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - AvgTdiX
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-515967899-1801674531-1003.job
- c:\documents and settings\Qasim Ali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 15:35]

2009-05-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.pk/
uInternet Settings,ProxyServer = 10.0.0.1:8080
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Microsoft Firewall Client\wspwsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 21:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2212)
c:\windows\system32\msi.dll
.
Completion time: 2009-05-27 22:05
ComboFix-quarantined-files.txt 2009-05-27 17:05
ComboFix2.txt 2009-05-24 08:53

Pre-Run: 8,416,092,160 bytes free
Post-Run: 8,430,477,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

348
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1424
  		   Posted 5-27-2009 10:28 (GMT +1)    Quote: How to remove win32/Cryptor Virus ?Alert an admin about: How to remove win32/Cryptor Virus ?
Duplicate request - see here:

http://forum.bullguard.com/forum/8/How-to-remove-win32cryptor-vir_73882.html
Back to Top
 
New Topic Locked Topic Printable version of : How to remove win32/Cryptor Virus ?
 
Forum Information
Currently it is Monday, March 15, 2010 5:08 PM (GMT +1)
There are a total of 76.216 posts in 17.600 threads.
In the last 3 days there were 8 new threads and 78 reply posts. View Active Threads
Who's Online
This forum has 31139 registered members. Please welcome our newest member, booboo1.
38 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Another Pesky Redirect Issue (7)15-03-2010 12:52:00 (markusg)
Someone please check my hijack log, thank you! (2)15-03-2010 09:22:28 (felipemenezes)
I also have a Re-direct Virus (9)15-03-2010 05:27:42 (Touch)
Windows 7 HomeGroup and streaming to Xbox 360/PS3 (49)14-03-2010 19:32:38 (wills_b)
My computer is running slow (1)14-03-2010 19:02:22 (markusg)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard