francescod Posted November 4, 2010 ID:339691 Share Posted November 4, 2010 hello,I have recently been infected with TR/Crypt.Epack.Gen2 but my antivirus can not remove it,i make all this things: * Download OTL to your desktop. * Double click on OTL to run it. * When the window appears, underneath Output at the top change it to Minimal Output. * Under the Standard Registry box change it to All. * Under Custom scan's and fixes section paste in the below in bold netsvcs %SYSTEMDRIVE%\*.* %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\Spool\prtprocs\w32x86\*.dll * Check the boxes beside LOP Check and Purity Check. * Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop. * Double-click RKUnhookerLE.exe to run it. * Click the Report tab, then click Scan * Check Drivers, Stealth Code, Files, and Code Hooks * Uncheck the rest, then click OK * When prompted to Select Disks for Scan, make sure C:\ is checked and click OK * Wait till the scanner has finished then go File > Save Report * Save the report somewhere you can find it, typically your desktop. Click Close * Copy the entire contents of the report and paste it in your next reply.now these are my reports...PLEASE HELP ME!what i have to do now?thank u allExtras.TxtOTL.TxtReport.txt Link to post Share on other sites More sharing options...
LDTate Posted November 6, 2010 ID:340296 Share Posted November 6, 2010 Please don't attach the scans / logs, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.I suggest you do this:XP UsersDouble-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab.Uncheck "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Uncheck "Hide protected operating system files." Click Apply, and then click OK.Vista UsersTo enable the viewing of hidden and protected system files in Windows Vista please follow these steps:Close all programs so that you are at your desktop.Click on the Start button. This is the small round button with the Windows flag in the lower left corner.Click on the Control Panel menu option.When the control panel opens you can either be in Classic View or Control Panel Home view: If you are in the Classic View do the following: Double-click on the Folder Options icon.Click on the View tab.If you are in the Control Panel Home view do the following: Click on the Appearance and Personalization link.Click on Show Hidden Files or Folders.Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.Remove the checkmark from the checkbox labeled Hide extensions for known file types.Remove the checkmark from the checkbox labeled Hide protected operating system files.Please do not delete anything unless instructed to. Next:Please download ATF Cleaner by Atribune.Download - ATF Cleaner Link to post Share on other sites More sharing options...
francescod Posted November 8, 2010 Author ID:341501 Share Posted November 8, 2010 hellothank u for helpthis is my report:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgVersione database: 5072Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870208/11/2010 12.52.55mbam-log-2010-11-08 (12-52-55).txtTipo di scansione: Scansione veloceElementi esaminati: 153375Tempo trascorso: 10 minuti, 1 secondiProcessi infetti in memoria: 0Moduli di memoria infetti: 0Chiavi di registro infette: 3Valori di registro infetti: 2Voci infette nei dati di registro: 3Cartelle infette: 0File infetti: 4Processi infetti in memoria:(Non sono stati rilevati elementi nocivi)Moduli di memoria infetti:(Non sono stati rilevati elementi nocivi)Chiavi di registro infette:HKEY_CURRENT_USER\SOFTWARE\65MWRMP54G (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.Valori di registro infetti:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65mwrmp54g (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.Voci infette nei dati di registro:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Cartelle infette:(Non sono stati rilevati elementi nocivi)File infetti:C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\Dtapoa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Documents and Settings\fdanza\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.and now?! Link to post Share on other sites More sharing options...
LDTate Posted November 8, 2010 ID:341523 Share Posted November 8, 2010 Run another MBAM scan, post the results and let me know how it's running. Link to post Share on other sites More sharing options...
LDTate Posted November 13, 2010 ID:344446 Share Posted November 13, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts