Jump to content

Recommended Posts

Hello n00bster! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

What about cryptic.fj? Give more details about your problem.

Link to post
Share on other sites

Hey!

Sorry I was away from work. My work pc is the lucky stable.

One day i used my computer and it just turned off randomly and on the other time just freezed. I ran a scan with AVG Internet Security 2011. It found: "C:\WINDOWS\system32\services.exe (1188):\memory_01270000";"Trojan horse Cryptic.FJ"

"C:\WINDOWS\system32\services.exe (1188)";"Trojan horse Cryptic.FJ"

I googled the problem and found You, contacted you and did those tests You asked me. Havent done anything else.

Link to post
Share on other sites

I dont use utorrent so i have removed it.

Here is the file:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000000fc

Kernel Drivers (total 128):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 isapnp.sys

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xBA0B8000 MountMgr.sys

0xB9F49000 ftdisk.sys

0xBA330000 PartMgr.sys

0xBA338000 pavboot.sys

0xBA0C8000 VolSnap.sys

0xB9F31000 atapi.sys

0xBA0D8000 disk.sys

0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9F11000 fltMgr.sys

0xB9EFF000 sr.sys

0xBA0F8000 PxHelp20.sys

0xB9EE8000 KSecDD.sys

0xB9E5B000 Ntfs.sys

0xB9E2E000 NDIS.sys

0xB9E14000 Mup.sys

0xBA340000 avgrkx86.sys

0xBA108000 AVGIDSEH.Sys

0xBA318000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB8EB8000 \SystemRoot\system32\DRIVERS\igxpmp32.sys

0xB8EA4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB8E7C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB8E62000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys

0xBA418000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB8E3E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA420000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xBA138000 \SystemRoot\system32\DRIVERS\serial.sys

0xBA570000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB8E2A000 \SystemRoot\system32\DRIVERS\parport.sys

0xB94DE000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xBA428000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA430000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB94CE000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB94BE000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB94AE000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB8E07000 \SystemRoot\system32\DRIVERS\ks.sys

0xBA438000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xBA440000 \SystemRoot\system32\DRIVERS\avgfwdx.sys

0xBA74E000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB949E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA57C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB8DF0000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB948E000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB947E000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xBA448000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB8DDF000 \SystemRoot\system32\DRIVERS\psched.sys

0xB946E000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA458000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB945E000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA5D0000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB8D81000 \SystemRoot\system32\DRIVERS\update.sys

0xBA584000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB944E000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xA8520000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xA84FC000 \SystemRoot\system32\drivers\portcls.sys

0xBA188000 \SystemRoot\system32\drivers\drmk.sys

0xBA1A8000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA5E2000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xBA1B8000 \SystemRoot\system32\DRIVERS\avgmfx86.sys

0xBA5E4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA6C7000 \SystemRoot\System32\Drivers\Null.SYS

0xBA5E8000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA4A0000 \SystemRoot\System32\drivers\vga.sys

0xBA5EA000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA5EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA4A8000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB8D75000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA8479000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA8420000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xA83D8000 \SystemRoot\system32\DRIVERS\avgtdix.sys

0xA83B2000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xA838A000 \SystemRoot\system32\DRIVERS\netbt.sys

0xA8368000 \SystemRoot\System32\drivers\afd.sys

0xBA208000 \SystemRoot\system32\DRIVERS\netbios.sys

0xA833D000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xBA218000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xA82A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA228000 \SystemRoot\System32\Drivers\Fips.SYS

0xA8269000 \SystemRoot\system32\DRIVERS\avgldx86.sys

0xBA350000 \SystemRoot\System32\Drivers\EMVSCARD.sys

0xA84F8000 \SystemRoot\System32\Drivers\SMCLIB.SYS

0xBA370000 \SystemRoot\system32\DRIVERS\OVCD.sys

0xBA238000 \SystemRoot\system32\DRIVERS\OVCAM2.sys

0xBA248000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0xA8213000 \SystemRoot\system32\DRIVERS\OVCODEK2.sys

0xBA380000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xBA388000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xA84D8000 \SystemRoot\system32\DRIVERS\usbscan.sys

0xBA390000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xBA2F8000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA80E3000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xBA644000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xA816B000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA410000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA789000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF024000 \SystemRoot\System32\igxpgd32.dll

0xBF012000 \SystemRoot\System32\igxprd32.dll

0xBF04F000 \SystemRoot\System32\igxpdv32.DLL

0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL

0xBF47A000 \SystemRoot\System32\ATMFD.DLL

0xA7F8C000 \SystemRoot\system32\DRIVERS\WudfPf.sys

0xA7F74000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA7C07000 \SystemRoot\system32\drivers\wdmaud.sys

0xA7D9C000 \SystemRoot\system32\drivers\sysaudio.sys

0xA77CA000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xBA666000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xA7B84000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

0xA78DF000 \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys

0xA74CA000 \SystemRoot\system32\DRIVERS\srv.sys

0xA73EA000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys

0xA7182000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys

0xBA3F8000 \SystemRoot\System32\Drivers\TDTCP.SYS

0xA6F57000 \SystemRoot\System32\Drivers\RDPWD.SYS

0xA6ABC000 \SystemRoot\System32\Drivers\HTTP.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 58):

0 System Idle Process

4 System

916 C:\WINDOWS\system32\smss.exe

948 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

1120 csrss.exe

1144 C:\WINDOWS\system32\winlogon.exe

1188 C:\WINDOWS\system32\services.exe

1200 C:\WINDOWS\system32\lsass.exe

1384 C:\WINDOWS\system32\svchost.exe

1472 svchost.exe

1584 C:\WINDOWS\system32\svchost.exe

1624 C:\WINDOWS\system32\svchost.exe

1844 svchost.exe

1928 svchost.exe

156 C:\WINDOWS\system32\spoolsv.exe

232 scardsvr.exe

376 C:\WINDOWS\explorer.exe

476 C:\WINDOWS\system32\hkcmd.exe

484 C:\WINDOWS\system32\igfxpers.exe

548 C:\WINDOWS\RTHDCPL.EXE

576 C:\WINDOWS\system32\igfxsrvc.exe

728 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

764 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

808 C:\Program Files\AVG\AVG10\avgtray.exe

820 C:\WINDOWS\system32\ctfmon.exe

896 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

1092 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

1512 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

1672 C:\Program Files\Legacy\LegacyV3430.exe

1232 C:\Program Files\Privador\SSA Client\ssa.exe

1868 C:\Program Files\Microsoft ActiveSync\rapimgr.exe

1908 C:\Program Files\OpenOffice.org 3\program\soffice.exe

272 C:\Program Files\OpenOffice.org 3\program\soffice.bin

196 svchost.exe

868 C:\Program Files\AVG\AVG10\avgfws.exe

2024 C:\Program Files\AVG\AVG10\avgwdsvc.exe

1780 C:\Program Files\Java\jre6\bin\jqs.exe

2320 C:\Program Files\Remote Control PC\apc_host.exe

2588 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

2760 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

3128 C:\WINDOWS\system32\svchost.exe

3560 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

2052 C:\Program Files\AVG\AVG10\avgam.exe

2112 C:\Program Files\AVG\AVG10\avgnsx.exe

1264 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

3456 C:\Program Files\AVG\AVG10\avgemcx.exe

4548 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

4836 alg.exe

4908 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

640 C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe

4620 C:\Program Files\Windows Live\Contacts\wlcomm.exe

4168 C:\Program Files\Mozilla Firefox\firefox.exe

4392 C:\Program Files\Mozilla Firefox\plugin-container.exe

680 C:\PROGRA~1\AVG\AVG10\avgrsx.exe

4516 C:\Program Files\AVG\AVG10\avgcsrvx.exe

2208 C:\Program Files\Windows Live\Messenger\msvs.exe

2276 C:\WINDOWS\system32\wuauclt.exe

2256 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3250310AS, Rev: 3.AAF

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 MBR Code Faked (known infection: Whistler / Black Internet)!

SHA1: ED0B19E36914D028E2802BBB4AC96BBF34B6CF5B

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.