TR/Crypt.XPACK.Gen removal help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Fallsmom4, Feb 7, 2009.

  1. Fallsmom4

    Fallsmom4 Private E-2

    Hello. This is my first time posting for help, so I hope I did this right. I had several problems while going through the malware removal process steps (updates stopped processes from working - had to manually download updates; HiJack This would not load as well.)

    I have completed all the steps to the best of my abilities and am now posting my logs to make sure all malware/infections have been removed. Thank you very much for the help. I will also post the fourth log in next posting, assuming I can manage to do this. :)

    I should note I had started noticing problems about four days ago - and I believe this may have started when I "upgraded" my Adaware program to the "Limited Edition" copy from CNET site, but cannot be certain. PC was DRAGGING and then started to go into standby mode by itself. I run an HP Pavilion dv5000. Also note - I removed Adaware from PC prior to steps for malware removal. I also have Norton Antivirus and Internet Security, along with GoBack.

    I also noted in list of items to be removed it showed "Weather Services." I have tried to remove this, but it will not remove.

    If you need further information or if I'm forgetting something, please just let me know. I will attempt to attach logs at this point.

    Thanks again.
     

    Attached Files:

    Fallsmom4, Feb 7, 2009
    #1
  2. Fallsmom4

    Fallsmom4 Private E-2

    Attaching 4th and final log file to go with previous post. Thank you.

    Dawn
     

    Attached Files:

    Fallsmom4, Feb 7, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Other than what has already been removed, I'm not seeing any malware issues in your logs. I do however have some instructions that you need to follow.

    First a couple of questions.

    Are the below two items are things you recognize and configured. If you do not recognize them then add them to the fix further down with HijackThis.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/?charityid=42068
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe


    Did you really want the below to always load at startup? If not, also fix it with HijackThis.
    O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall all of the below old versions Sun Java versions as requested in step 1 of the READ & RUN ME:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - (no file)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    After clicking Fix, exit HJT.

    Now delete the below file:
    C:\WINDOWS\Tasks\Ad-Aware Update (Daily).job

    Now reboot your PC and after reboot,install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner!

    Now goto this link Using MGtools and download the new version of MGtools.exe from the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe then attach the new C:\MGlogs.zip file
    Make sure you tell me how things are working now!
     
    chaslang, Feb 9, 2009
    #3
  4. Fallsmom4

    Fallsmom4 Private E-2

    Thank you for your help. I really appreciate it. And, I apologize for missing the deletion of the Java files - I don't know how I missed that. Sorry.

    I believe I've done all the steps and will attach the updated mglogs.zip file for your review.

    I have noticed my PC is running much faster, and - as strange as this sounds - my mouse is whizzing through things and I have to readjust to this new high-speed movement. That's a good thing!

    Also - will there be any other steps that I need to "undo" at all? I notice a window now pops up every time I restart with the Norton folders listed, which I would like to stop have opening up on startup. I'm sure this was something that was necessary in the cleanup, but I can't recall where it would've been "turned on."

    Attaching mglogs.zip.

    Thank you again, SO much!!!

    Dawn
     

    Attached Files:

    Fallsmom4, Feb 10, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Can you please be more specific on exactly what you are seeing? What folder? What is the title of the Window? This is probably just something that Norton is running at startup is my best guess. All of the below lis run by Norton at startup



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. Go to add/remove programs and uninstall HijackThis.
    5. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    6. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    7. After doing the above, you should work thru the below link:
     
    chaslang, Feb 12, 2009
    #5
  6. Fallsmom4

    Fallsmom4 Private E-2

    The window I was referring to is a typical folder window that opens after login/reboot. It is the Norton Systemworks folder opening up (upper left corner reads Norton Systemworks,) which contains two folders, Norton Antivirus and Norton GoBack. It's not doing anything - just opening. All I do is click to close and I'm on my way. It's really just a nuisance more than anything. I seem to recall having this folder continually opening at one other time, long ago, but cannot recall how I managed to get it to stop opening every time I rebooted. Just annoying is all.

    I'm going to go ahead and finish up the other items you have mentioned as well. If I have any further problems, I'll be sure to check back here. With so many other stressors going on at home (sick kids, autistic son, etc., your help has been appreciated more than words can say...) I'm definitely going to send anyone that needs help your way. Your instructions are so simple and easy to follow (when I myself didn't miss one - ha!)

    Thank you so much.

    Dawn
     
    Fallsmom4, Feb 16, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Try the below to see if it fixes it.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Then reboot and see if the Window still opens up.
     
    chaslang, Feb 19, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds