Tr/Crypt.XPack removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by formatc, Mar 9, 2011.

  1. formatc

    formatc Private E-2

    Have a friends computer to fix which has the Tr/Crypt.Xpack we removed the hard drive and put into dock and scanned with AVG free 11 and it came up and found three related files which it the removed. However, system is running very slow and will not go to internet at all. Some odd looking references to files, including one called internet security essentials. Have downloaded tools you suggested and saved logs, but have not run Combofix yet. Could you please advise of the next steps. Thanks
     
    formatc, Mar 9, 2011
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    If you have fully followed our procedures then you should have logs from the below:

    • SUPERantispyware
    • Malware Bytes
    • Combofix
    • MGTools

    Please ensure that they have all been run, or tried to be run and then attach what logs you do have. :)
     
    Kestrel13!, Mar 9, 2011
    #2
  3. formatc

    formatc Private E-2

    please see attached logs. thanks for your help in advance.
     

    Attached Files:

    formatc, Mar 9, 2011
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It looks like the scans took care of the malware. Let's just do this:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Then use windows explorer to find and delete:
    C:\Documents and Settings\All Users\Application Data\ISQGBIVFE

    You should at the least double the amount of RAM you have installed.

    Rename jjjjh.exe back to Combofix.exe.

    Tell us what malware issues you are still having, if any.
     
    Last edited by a moderator: Mar 10, 2011
    TimW, Mar 10, 2011
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds