MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Closed Thread
 
Thread Tools Display Modes
  #1  
Old 03-06-12, 08:24
callisti's Avatar
callisti callisti is offline
Private E-2
 
Join Date: Mar 2012
Location: Scotland
Posts: 8
Thanks: 3
Thanked 0 Times in 0 Posts
Default Removal of Malware - Trojan Crypt.AQLW?

Here goes...

The PC (Windows XP [32-bit] SP3) I'm working on has been infected with a trojan - the internet connection settings have changed and it won't connect automatically as it did before. When I attempted manual connecting (Enabling Wifi) and opened a browser they would redirect after homepage to various spumy sites.

AVG on startup picked up a threat and and I quarantined it, I then ran SAS, MBAM and AVG both in normal boot Windows XP (where some rootkit infections seemed to be picked up to be dealt with on reboot) and then when AVG picked up infection again after reboot, did all three scans again in Safe Mode.

On next start up AVG found same issue so I came did some online searches about Trojan AQLW and came here!

- - - - -

I've tried to go through the list of preparatory clean ups and downloaded as many of the tools as I can.

Note: CCleaner on each reboot would find temporary internet files to clean even though no obvious internet connection

- - - - -

1. Ran SAS again - saved log file but no infections found.

Log file attached -


2. Ran MBAM again - saved log file but no infections found.

Log file attached -


3. Installed ComboFix to desktop - tried to disable AVG2012 as per bleepingcomputer but combofix still detected it, so removed AVG using AVG removal tool as advised on your guide.

Was then able to run ComboFix - had to connect briefly to internet to allow recovery console to be downloaded and installed, then closed connection.

ComboFix message - tcp/ip stack infected by rootkit - seemed to find, delete and fix some issues but hung for ages on blue "rebooting windows" screen.

Forced to reboot manually after no activity for an hour.

Restarted fine except that the keyboard stopped working so I couldn't enter profile password, so restarted in Safe Mode where ComboFix was preparing log report

Log file attached -


4. Ran RootRepeal from desktop in Safe Mode - scanned Files.

Log file attached -


5. Installed and ran MGTools from C:\

Note: in Safe Mode still as keyboard had stopped working

Log file attached to next post - MGlogs.zip

- - - - -

I need to quickly source a keyboard!

contd...
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 03-06-2012 - 09-53-43.log (578 Bytes, 3 views)
File Type: txt mbam-log-2012-03-06 (10-06-45).txt (1.8 KB, 4 views)
File Type: txt ComboFix.txt (15.1 KB, 8 views)
File Type: txt RRlog.txt (910 Bytes, 2 views)
Sponsored links
  #2  
Old 03-06-12, 08:26
callisti's Avatar
callisti callisti is offline
Private E-2
 
Join Date: Mar 2012
Location: Scotland
Posts: 8
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

contd...

5. Installed and ran MGTools from C:\

Note: in Safe Mode still as keyboard had stopped working

Log file attached - MGlogs.zip
Attached Files
File Type: zip MGlogs.zip (210.6 KB, 10 views)
  #3  
Old 03-06-12, 23:21
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

Hello and welcome to Major Geeks, callisti!

This is one of the newer variants of ZeroAccess. I need to gather a bit more information before we attempt a fix.

Please download aswMBR to your desktop.
  • Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
  • Select No when asked "Would you like to download latest Avast! virus definitions?"
  • Click the [Scan] button.
  • On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop. (Vista/7 right-click and select Run as Administrator)
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the text-field.
    Code:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    /md5start
    afd.sys
    i8042prt.sys
    ipsec.sys
    netbt.sys
    pacsptisvr.dll
    pcx1nd5.dll
    rtfknph8.exe
    svchost.exe
    tcpip.sys
    /md5stop
    %windir%\system32\drivers\*.sys /lockedfiles
    %windir%\*.* /mp
    %windir%\*.* /rp
    %windir%\*.* /sl
    %systemdrive%\mgtools\*.*
  • Now click the button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Attach OTL.txt to your next message. (How to attach)
__________________
Facebook . Twitter . Blog . VirusTotal

Last edited by thisisu; 03-06-12 at 23:29..
The Following User Says Thank You to thisisu For This Useful Post:
callisti (03-07-12)
  #4  
Old 03-07-12, 06:53
callisti's Avatar
callisti callisti is offline
Private E-2
 
Join Date: Mar 2012
Location: Scotland
Posts: 8
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

Hello thisisu and thank you for taking this on.

I've downloaded aswMBR and OTL from the links you supplied and have run the scans from desktop of troubled machine. (Normal boot up now - can enter windows password with new usb keyboard)

For information - the troubled PC is not connected to the internet (have removed wifi dongle) and AVG was removed to run ComboFix so am transferring files across to and from PC desktop via usb memory stick to macbook which has internet connection.

The 2 log files should be attached.
Attached Files
File Type: txt aswMBR.txt (1.6 KB, 3 views)
File Type: txt OTL.Txt (227.8 KB, 2 views)

Last edited by callisti; 03-07-12 at 06:54.. Reason: attachments not attached
  #5  
Old 03-07-12, 13:30
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the text-field.
Code:
:otl
SRV - File not found [Auto | Stopped] --  -- (zfdwm)
SRV - File not found [Auto | Stopped] --  -- (wtwservice)
SRV - File not found [Auto | Stopped] --  -- (webrootenterpriseupdateservice)
SRV - File not found [Auto | Stopped] --  -- (uleadburninghelper)
SRV - File not found [Auto | Stopped] --  -- (tfsndrct)
SRV - File not found [Auto | Stopped] --  -- (ser2plms)
SRV - File not found [Auto | Stopped] --  -- (rppkt)
SRV - File not found [Auto | Stopped] --  -- (radclock)
SRV - File not found [Auto | Stopped] --  -- (NTIDrvr)
SRV - File not found [Auto | Stopped] --  -- (nnsvc)
SRV - File not found [Auto | Stopped] --  -- (M2500)
SRV - File not found [Auto | Stopped] --  -- (iirsp)
SRV - File not found [Auto | Stopped] --  -- (helpsvc)
SRV - File not found [Auto | Stopped] --  -- (ccevtmgr)
SRV - File not found [Auto | Stopped] --  -- (awhost32)
SRV - File not found [Auto | Stopped] --  -- (avupdsvc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (i2omp)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (dac960nt)
DRV - File not found [Kernel | Disabled | Unknown] --  -- (dac2w2k)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Atdisk)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aswMBR)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] --  -- (Abiosdsk)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
NetSvcs: radclock -  File not found
NetSvcs: tfsndrct -  File not found
NetSvcs: iirsp -  File not found
NetSvcs: NTIDrvr -  File not found
NetSvcs: webrootenterpriseupdateservice -  File not found
NetSvcs: wtwservice -  File not found
NetSvcs: rppkt -  File not found
NetSvcs: wampmysqld -  File not found
NetSvcs: SNMPTRAP -  File not found
NetSvcs: ccevtmgr -  File not found
NetSvcs: uleadburninghelper -  File not found
NetSvcs: awhost32 -  File not found
NetSvcs: avupdsvc -  File not found
NetSvcs: zfdwm -  File not found
NetSvcs: nnsvc -  File not found
NetSvcs: M2500 -  File not found
NetSvcs: ser2plms -  File not found
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/03/06 01:08:24 | 022,291,240 | ---- | M] () -- C:\SAS_998B98D5.COM
[2012/03/05 12:14:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\emH77rYm.dat
[2012/03/05 12:04:53 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[C:\WINDOWS\$NtUninstallKB59772$] -> Error: Cannot create file handle -> Unknown point type
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
:files
C:\WINDOWS\system32\drivers\i8042prt.sys|C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys /replace
rd /s/q C:\WINDOWS\$NtUninstallKB59772$ /c
ipconfig /flushdns /c
C:\$Avg
C:\Documents and Settings\Administrator\Local Settings\temp\MPC2.tmp
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"=-
"QuickTime Task"=-
"iTunesHelper"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"startup"=dword:00000000
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
:commands
[emptytemp]
[resethosts]
Now click the button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

Let me know if this fix restored your PS/2 keyboard and mouse.
_________________

Now attempt to fix internet:

Tcp/ip stack is completely dead.

Here are the steps to resolve this:

I would like you try the below.

Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
In Registry Editor, locate the following keys, right-click each key, and then click Delete:
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
When you are prompted to confirm the deletion, click Yes.
Close the Registry Editor.

Locate the Nettcpip.inf file in C:\WINDOWS\inf and then open the file in Notepad.
Locate the [MS_TCPIP.PrimaryInstall] section. Change the Characteristics = 0xA0 entry by replacing 0xA0 with 0x80. Save the file. Exit Notepad.
In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
On the General tab, click Install, select Protocol, and then click Add.
In the Select Network Protocols window, click Have Disk.
In the Copy manufacturer's files from text box, type C:\WINDOWS\inf, and then click OK.
Select Internet Protocol (TCP/IP), and then click OK. It will report as unsigned, this is the one we want! Do not choose Microsoft TCP/IP v6!

Note This step returns you to the Local Area Connection Properties screen. However, the Uninstall button is now available.
Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.
You will be asked to reboot your PC for the changes to take affect, go ahead and do this now.

Once you have rebooted...
In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
On the General tab, click Install, select Protocol, and then click Add.
In the Select Network Protocols window, click Have Disk.
In the Copy Manufacturer's files from text box, type C:\WINDOWS\inf, and then click OK.
Select Internet Protocol (TCP/IP), and then click OK.
Restart your computer.
Test your Internet connectivity.

____


Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

Let me know how the system is running after you have completed these steps.
__________________
Facebook . Twitter . Blog . VirusTotal
The Following User Says Thank You to thisisu For This Useful Post:
callisti (03-07-12)
Sponsored links
  #6  
Old 03-07-12, 20:14
callisti's Avatar
callisti callisti is offline
Private E-2
 
Join Date: Mar 2012
Location: Scotland
Posts: 8
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

Hello thisisu, and thank you for your instruction.

I pasted the text you supplied into OTL and ran the fix.

On restart the PS/2 keyboard is working again, thank you.

The log file is attached.

- - - - -

I was able to follow your guidance for re-establishing internet connection and it seems to work.

I feel a bit cautious as there is still no active antivirus or realtime anti-malware running at this time, and didn't want to use any browsers unless instructed, so instead checked for latest spywareblaster updates and noticed windows update notification for updates being downloaded, before disconnecting from internet.

- - - - -

I ran the update to MGtools and refreshed log file zip is attached also.

The system appears ok. I'd unplugged a usb backup drive since this infection came to light - I don't know whether or not it's safe plug it in in case it undoes any progress with removing the infection on PC's c drive, as I don't understand the nature of the infection.
Attached Files
File Type: zip MGlogs.zip (214.7 KB, 1 views)
File Type: log 03072012_235811.log (21.6 KB, 2 views)
  #7  
Old 03-07-12, 20:46
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

Quote:
Originally Posted by callisti View Post
On restart the PS/2 keyboard is working again, thank you.

I was able to follow your guidance for re-establishing internet connection and it seems to work.


Quote:
Originally Posted by callisti View Post
The system appears ok. I'd unplugged a usb backup drive since this infection came to light - I don't know whether or not it's safe plug it in in case it undoes any progress with removing the infection on PC's c drive, as I don't understand the nature of the infection.
This type of infection does not target flash drives. Unless you have a completely different infection on the flash drive as opposed to what was on your PC, I think it is safe to plug the device in again.

___

Please download Disable/Remove Windows Messenger to your desktop.
  • Double-click MessengerDisable.exe to run it.
  • Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
  • Click Apply
  • Click Exit

Your latest logs are clean

__

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis if it present
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  10. After doing the above, you should work through the below link:
Be safe
__________________
Facebook . Twitter . Blog . VirusTotal
The Following User Says Thank You to thisisu For This Useful Post:
callisti (03-08-12)
  #8  
Old 03-08-12, 08:19
callisti's Avatar
callisti callisti is offline
Private E-2
 
Join Date: Mar 2012
Location: Scotland
Posts: 8
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

Hello thisisu, thanks for confirming my logs are clean. I've uninstalled windows messenger using the download link you provided and I've gone through the recommended cleanup process as best I can. I have also installed a new copy of AVG Free from a standalone installer so that there is some realtime antivirus protection.

I will also acquire realtime protection using either MBAM or SAS - not sure which yet, although will keep both available for retrospective scanning.

Browsers all seem to be behaving and internet connection is fine just now. I'll leave it for a few days of normal usage to see if anything crops up before toggling the system restore, as advised on MajorGeeks cleaning procedure thread, just in case.

Thank you for your reassurance regarding flash drives.

If all goes well I will post again in a few days to confirm that the system is still clean and that I've toggled system restore.
  #9  
Old 03-08-12, 12:19
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

Quote:
Originally Posted by callisti View Post
I'll leave it for a few days of normal usage to see if anything crops up before toggling the system restore, as advised on MajorGeeks cleaning procedure thread, just in case.

Thank you for your reassurance regarding flash drives.

If all goes well I will post again in a few days to confirm that the system is still clean and that I've toggled system restore.
No problem. We'll be here
__________________
Facebook . Twitter . Blog . VirusTotal
  #10  
Old 03-12-12, 06:13
callisti's Avatar
callisti callisti is offline
Private E-2
 
Join Date: Mar 2012
Location: Scotland
Posts: 8
Thanks: 3
Thanked 0 Times in 0 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

Thisisu, everything has been behaving for a few days so have toggled and re-enabled system restore. Thanks again for your methodical approach.

Is there a way I can help support majorgeeks beyond like-ing on facebook and clicking on ads? like donating credit for coffee somehow?
Sponsored links
  #11  
Old 03-12-12, 17:55
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,179
Thanks: 270
Thanked 1,437 Times in 1,356 Posts
Default Re: Removal of Malware - Trojan Crypt.AQLW?

Quote:
Originally Posted by callisti View Post
Thisisu, everything has been behaving for a few days so have toggled and re-enabled system restore. Thanks again for your methodical approach.

Is there a way I can help support majorgeeks beyond like-ing on facebook and clicking on ads? like donating credit for coffee somehow?
Hello callisti,

You're welcome.

We do not accept donations but would appreciate if you would tell others about MajorGeeks.

Surf safely!
__________________
Facebook . Twitter . Blog . VirusTotal
Closed Thread

Tags
trojan horse crypt.aqlw, windows xp sp3

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojan Horse Crypt.ANVH and other possible malware skagator Malware Removal 1 01-18-12 15:33
Help! Trojan removal (malware) eZAK Malware Removal 18 01-07-12 19:01
Help with Trojan Removal (Crypt XPACK) jorianon Malware Removal 4 12-22-08 23:23
Limited or No Connectivity after Trojan Malware Removal lysistrata7 Hardware 8 12-03-08 22:49
Backdoor.tipserv!inf malware / trojan removal chrys Malware Removal 5 11-26-08 20:48


All times are GMT -5. The time now is 10:35.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger