MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > Majorgeeks.Com - Support Forums > Malware Removal
Reload this Page TR/Crypt.ZPACK.Gen Trojan
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.

Reply
 
Thread Tools Display Modes
  #1  
Old 04-20-09, 11:32
Shadow1 Shadow1 is offline
Private E-2
  
Join Date: Apr 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default TR/Crypt.ZPACK.Gen Trojan
I,ve done the Vista Cleaning Procedure and still have this trojan. The four logs that were generated are attached. Thanks in advance for any help provided.
Attached Files
File Type: txt log.txt (21.8 KB, 14 views)
File Type: txt filelog.txt (6.8 KB, 7 views)
File Type: txt ComboFix.txt (21.8 KB, 9 views)
File Type: zip MGlogs.zip (173.9 KB, 21 views)
Reply With Quote
Sponsored links
  #2  
Old 04-20-09, 11:43
Shadow1 Shadow1 is offline
Private E-2
  
Join Date: Apr 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: TR/Crypt.ZPACK.Gen Trojan
I missed this log.
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 04-20-2009 - 06-43-17.log (44.8 KB, 9 views)
Reply With Quote
  #3  
Old 04-23-09, 01:42
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Malware Expert
  
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 64,187
Thanks: 36
Thanked 3,819 Times in 1,498 Posts
Default Re: TR/Crypt.ZPACK.Gen Trojan
Welcome to Major Geeks!

Please only attach the logs that we requested. Log.txt is just another copy of the ComboFix log and we did not ask for it. Also we did not ask for filelog.txt in the MGtools folder. You still need to attach the requested log from Malwarebytes. The log can be found in the below folder
Code:
 
"C:\Users\Bud\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
Apr 20 2009        5559  "mbam-log-2009-04-20 (07-06-13).txt"

Uninstall the below software:
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

After clicking Fix, exit HJT.


Now we need to use ComboFix to remove a bunch of malware files.
  • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
  • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
  • Open Notepad and copy/paste the text in the below quote box into it:
Quote:
KILLALL::

Driver::
ovfsthrwrtnqrxppaovwkmptpqiqgebtwxxmqc

File::
c:\windows\system32\ovfsthenlfisxoetbwcrfaiypqfdsyvckxercg.dat
c:\windows\system32\ovfsthepslptaltpkvuwptymibbesqkcuhwbve.dll
c:\windows\system32\ovfsthiochopjvdiwebsvhjkcestarftedfinw.dll
c:\windows\system32\ovfsthlqqqqctrpuysevdkwduyfjvpiquramqp.dll
c:\windows\system32\ovfsthmrxfnrvcnyririvvdvfnbovhisjcdyqk.dat
c:\windows\system32\ovfsthnwkecbpeipwxpmaylbvgyqhjepjdwpih.dll
c:\windows\system32\ovfsthnwxmteeoimfuqptdljpxdeqjhxlinwxq.dll
c:\windows\system32\ovfsthonoanhjkutvxrxgmporqehwnobrirkup.dll
c:\windows\system32\ovfsthqiyldcykdbmwuvemifhrvthomkvqfqjr.dat
c:\windows\system32\ovfsthuxvwpdctyogtexotprmahxqqglcaadgf.dll
c:\windows\system32\ovfsthvcdqxiesqyvyobutbnobaieyevtyuodc.dll
c:\windows\system32\ovfsthwnqrxtvrpqhdsowbskbbiqfkmhnexvwm.dat
c:\windows\system32\drivers\ovfsthrwrtnqrxppaovwkmptpqiqgebtwxxmqc.sys
C:\Windows\Tasks\ParetoLogic Registration.job

Folder::
c:\users\Bud\AppData\Local\Temp\ovfsth000

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthafioiheodrbbtsxacxuygvwstcwjpqsc]
"imagepath"=-

RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthafioiheodrbbtsxacxuygvwstcwjpqsc]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthrwrtnqrxppaovwkmptpqiqgebtwxxmqc.sys"
"inst"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthafioiheodrbbtsxacxuygvwstcwjpqsc]
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below
Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:
  • the missing Malwarebytes log
  • C:\ComboFix.txt
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."
Reply With Quote
  #4  
Old 04-23-09, 17:08
Shadow1 Shadow1 is offline
Private E-2
  
Join Date: Apr 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: TR/Crypt.ZPACK.Gen Trojan
Chaselang, thank you very much for taking the time to share your malware expertise with me. I reformatted my laptop yesterday to remove the trojan.

Regards and thanks again for your time and effort on my malware problem.
Reply With Quote
  #5  
Old 04-27-09, 02:03
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Malware Expert
  
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 64,187
Thanks: 36
Thanked 3,819 Times in 1,498 Posts
Default Re: TR/Crypt.ZPACK.Gen Trojan
You're welcome. Then you should now follow the below instructions:

How to Protect yourself from malware!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."
Reply With Quote
Sponsored links
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
TR/Crypt.ZPACK.Gen sexymum25 Malware Removal 1 03-28-09 02:30
TR/Crypt.XPACK.Gen [trojan]..... navisangha Malware Removal 1 03-03-09 17:34
TR/Crypt.XPACK.Gen Trojan wendybrendy Malware Removal 6 02-05-09 17:43
Win32.Trojan.Crypt oneriogrande Malware Removal 1 04-04-08 03:14
trojan crypt b slayer1970 Malware Removal 1 10-10-06 13:52


All times are GMT -5. The time now is 11:04.

Contact Us - MajorGeeks - Archive - Top

MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous|

-->
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger