TR/Crypt.ZPACK.Gen Trojan

Discussion in 'Malware Help (A Specialist Will Reply)' started by Nezarus, Jul 12, 2009.

  1. Nezarus

    Nezarus Private E-2

    Hello Major Geeks,

    For the past few days I've had the TR/Crypt.ZPACK.Gen Trojan pop up periodically.

    I've run several programs to try kill it, but it regenerates everytime.
    Programs I've run include: Autoruns, Avira, Spybot, Malwarebytes, Hijack This, DrWeb CureIt, Smitfraud, Spywareblaster, MGTools.

    I run a 64 bit Vista O/S, Asus Striker Extreme, Intel Core DUO @ 3000Mhz, 8gb DDR2, dual Geforce 260GTX.

    The file that avira picks up is C:\Windows\System32\pufwexuq.fa
    in autoruns I discovered there was lines in the task scheduler with this file but at the end of the file description at the bottom of the page it reads: "rundll32" pufwexuq.fa,tmimjjlq
    and that string of letters at the end of that description changes for every line of task scheduler I find.

    I've tried everything I can think of as well as consulting 2 very good friends that are Networking IT/Tech Support professionals.

    On a side note I first got this Trojan whilst visiting Meebo.com for the first time. Don't think that info is necessary though.

    Sorry for the long winded explanation but experience has taught me in these matters to be through.

    Please help this trojan is kicking my buttocks.

    P.S I can't get combofix to work on my O/S
     

    Attached Files:

    Nezarus, Jul 12, 2009
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi and welcome! :)

    I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

    Kestrel13!
     
    Kestrel13!, Jul 15, 2009
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there

    1. Before we continue I would like for you to use MSconfig to put the PC into normal startup mode as requested in step 1 of the READ & RUN ME and to remain in this mode.

    2. Spybot Search and Destroy's Teatimer function is running. This could interfere with our fix, so to disable it please refer to the below:

    How to disable Spybot's TeaTimer

    3. Empty your recycle bin.

    4. Now we need to use ComboFix to remove a bunch of malware files.

    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it
    (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    
KILLALL::

File::
C:\Windows\tasks\At2.job

Folder::
C:\ProgramData\avg8
C:\Program Files (x86)\AVG
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    5. Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    6. Now I would like for you to reboot into safe mode and run a full scan with Avira and then reboot into normal mode again.

    7. Now go to this link Using MGTools and download the new version of MGtools.exe using the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

    8. Run the new MGTools.exe and attach the mglogs.zip that it generates.

    9. Also attach logs from Avira and ComboFix.

    10. Let me know how things are running!

    Thanks
    Kes
     
    Kestrel13!, Jul 18, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds