icp*.tmp Virus

Discussion in 'Malware Help (A Specialist Will Reply)' started by W4nteD, Jan 5, 2010.

  1. W4nteD

    W4nteD Private E-2

    Hello!
    I've had this virus for a while now and it really annoys me.
    I got it two weeks ago or so and I have no idea how it got inside my computer.
    I left my PC open during the night then when I woke up in the morning, I noticed some weird things that still occur.

    1) Both Task Manager and Registry Editor are "disabled by the administrator"; typical sign of a virus.
    2) When I found out about the virus, I had a quick look at my Temp folder and saw that numerous icp?.tmp files kept comming out of nowhere.
    3) When I go at the "Processes" tab at the Task Manager (I found a way to open it temporarily), I see a lot of applications that shouldn't be open. When it had about three or four applications running, there are now something like twenty with weird names of something like wfakwtpcy.exe etc.

    The problems that this virus creates is that it f*s up my video ram, causing video games to crash.
    Additionally, it infects .exe files and prevents them from opening. Needless to say that it makes my computer reaaally slow.....

    Anyway, I followed the guide found here and I got all the logs but the ComboFix's. It was stuck at the "making the log file or whatever" process.
    Also, the RRlog file was bigger than the maximum allowed, therefore, I decided to upload it at a third-party server
    Code:
    http://www.sendspace.com/file/xj88y6
    Thanks for your help in advance and a happy new year!
     

    Attached Files:

    W4nteD, Jan 5, 2010
    #1
  2. W4nteD

    W4nteD Private E-2

    A little update:

    When I restarted my computer after having done all the steps described in your guide, my PC's performance was improved.
    Both Task Manager and Registry Editor were bugged but when I used the fixes I have, they both kept on working. Additionally, all the .exes that seemed infected because of the virus were somehow working.
    Although, after a second restart that I did just now, everything seems to be infected again, Task Manager doesn't work and my PC is slow again meaning that the virus found a way in my computer again.
    I'm clueless of what is going on, really..

    Thanks again..

    (By the way, don't think I'm bumping the topic to force a reply.. I just thought I should mention all of the above events that took place.)
     
    W4nteD, Jan 6, 2010
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    1. Before we continue, if you haven't done so already please now use MSConfig to put this machine back into normal start-up mode.

    2. Please also ensure that you do indeed have combofix directly on your desktop and not in the below location, perhaps this is why you had difficulty running it:

    Also ensure before moving on that you have MGTools directly on your C Drive and not in the below location:

    3. Did you knowingly install this?

    • WinPcap 4.1 beta5

    If you didn't please use add/remove programs to uninstall it.

    4. tell me what the below are:
    5. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.

    6. Use Windows Explorer to find and delete the below bold file if it shows:

    Use Windows Explorer to find and delete the below bold folder:
    7. Now try and run combofix and attach the log it creates now that we have it in it's correct location of the desktop.

    8. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this. Attach the ComboFix log if you were successful.

    9. Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
    Kestrel13!, Jan 9, 2010
    #3
  4. W4nteD

    W4nteD Private E-2

    I apologize for the late reply but the virus f*ed up my PC totally.
    It started messing with the BOOT causing my computer to not even start giving me the blue screen.
    Therefore, I had to give it away to have it fixed. At least it's fine now..

    Also, I found out it was a Win.32 Sality virus.

    Anyway, thanks a lot for the help and I am sorry again for giving out such a late reply but I had no access to a computer until yesterday.

    I will always have Major Geeks' in mind in the future for any problems I come up against. ;)
     
    W4nteD, Jan 17, 2010
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Glad to hear all is well again. :) safe surfing
     
    Kestrel13!, Jan 17, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds