TR/cypt.xpac.gen!

Discussion in 'Malware Help (A Specialist Will Reply)' started by meloney, May 20, 2008.

  1. meloney

    meloney Private E-2

    Hi Iv managed to get a TR/cypt.xpack.gen... What ever that is, Trogen.. and a Vondamonde that are both drvng me nuts!

    I have tried Antivir - ad-aware -avast but to no avail...

    What is best for removing the little pests!?

    Look forward to hearing from you, if i havent thrown the pc out the window before then! lol

    :cloud9Meloney
     
    meloney, May 20, 2008
    #1
  2. meloney

    meloney Private E-2

    Re: TR/cypt.xpac.gen and hgGxYoIa.dll

    TR/cypt.xpac.gen
    and hgGxYoIa.dll that wont vault wont go away and its popping up all the time its in system 32! What can i do?

    Mellie Moo
     
    meloney, May 20, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, May 20, 2008
    #3
  4. meloney

    meloney Private E-2

    3 attachements

    Hi There.. I ran all the scans and stuff.. super anti virus was ok but the rest were not really.. Anyway iv added the attachements here for you and will wait for the next thing to do..

    Thank you

    Meloney
     

    Attached Files:

    meloney, May 20, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I also need the C:\MGLogs.zip ...please attach that also. :)
     
    TimW, May 20, 2008
    #5
  6. meloney

    meloney Private E-2

    ok. here it is.. thank you!
     

    Attached Files:

    meloney, May 20, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Aside from the fact that I don't see any anti-virus software on your system ( a good reason for the infections):

    Tell me what this is:
    C:\m

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now use windows explorer to find and delete:
    C:\WINDOWS\system32\uxt6.tmp

    Tell me how things are running.
     
    TimW, May 20, 2008
    #7
  8. meloney

    meloney Private E-2

    I did have anti virus on there just took it off to do this.. I had avast and a couple of others..
     
    meloney, May 20, 2008
    #8
  9. meloney

    meloney Private E-2

    Oh you have lost me there, the black box comes up and then what do i do.. it just runs itself i dont see what you have written above in the box?
     
    meloney, May 20, 2008
    #9
  10. meloney

    meloney Private E-2

    C:/m

    Was me about to make a folder up and forgot about it.. I dont normally do that as a rule but i remember it now.. An didnt really take much notice of it at the time.. its gone now..
     
    meloney, May 20, 2008
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not sure to what you are referring ....the registry fix?
     
    TimW, May 20, 2008
    #11
  12. meloney

    meloney Private E-2

    This bit has lost me..

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    Quote:
    O2 - BHO: (no name) - {3CC0D533-006F-4CCD-BA1C-7A3C6F07CC07} - (no file)
    O2 - BHO: (no name) - {87DD9783-A833-4265-BC1E-6C42DF7A1441} - (no file)
    O2 - BHO: (no name) - {A349D1C4-1070-4AE8-886E-9F5EFCF5CF2F} - (no file)
    O2 - BHO: (no name) - {B33F8F4E-EB41-42AB-963A-F1ADC162FA76} - C:\WINDOWS\system32\cbXQiJyW.dll (file missing)


    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Quote:
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CC0D533-006F-4CCD-BA1C-7A3C6F07CC07}]

    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87DD9783-A833-4265-BC1E-6C42DF7A1441}]

    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A349D1C4-1070-4AE8-886E-9F5EFCF5CF2F}]

    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B33F8F4E-EB41-42AB-963A-F1ADC162FA76}]


    Now use windows explorer to find and delete:
    C:\WINDOWS\system32\uxt6.tmp
     
    meloney, May 20, 2008
    #12
  13. meloney

    meloney Private E-2

    You write below but what do i scan with.. Malware bites?? cos im doing one of them now..?


    (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    Quote:
    O2 - BHO: (no name) - {3CC0D533-006F-4CCD-BA1C-7A3C6F07CC07} - (no file)
    O2 - BHO: (no name) - {87DD9783-A833-4265-BC1E-6C42DF7A1441} - (no file)
    O2 - BHO: (no name) - {A349D1C4-1070-4AE8-886E-9F5EFCF5CF2F} - (no file)
    O2 - BHO: (no name) - {B33F8F4E-EB41-42AB-963A-F1ADC162FA76} - C:\WINDOWS\system32\cbXQiJyW.dll (file missing)
     
    meloney, May 20, 2008
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Run C:\MGtools\analyse.exe by double clicking on it ....then choose in HiJackThis to do a system scan only ...then check each item that I gave you to check.

    after doing that, and clicking fix, just exit the program.

    Now open notepad and copy and paste the quote box beginning with REGEDIT4 ..and all of the text in that box...paste it into notepad.
    Click file / save as / ...choose to save it to the desktop and then file name to FixMe.reg..and under file type..."all files"...it will appear on your desktop....double click it.

    You should also not run multiple anti-virus programs...chose one and stick with it.

    Now tell me how the above went.
     
    TimW, May 20, 2008
    #14
  15. meloney

    meloney Private E-2

    Ok what is hyjack this?
     
    meloney, May 20, 2008
    #15
  16. meloney

    meloney Private E-2

    Ok Downloading Hijack This And Doing A System Scan.. Ok Sorry Thats What Was Missing, I Didnt Have It On Here.
     
    meloney, May 20, 2008
    #16
  17. meloney

    meloney Private E-2

    hijack this report
     

    Attached Files:

    meloney, May 20, 2008
    #17
  18. meloney

    meloney Private E-2

    Sorry, where do i get this info from, a tad blond.. not very cleaver!

    Now open notepad and copy and paste the quote box beginning with REGEDIT4 ..and all of the text in that box...paste it into notepad.
    Click file / save as / ...choose to save it to the desktop and then file name to FixMe.reg..and under file type..."all files"...it will appear on your desktop....double click it.
     
    meloney, May 20, 2008
    #18
  19. meloney

    meloney Private E-2

    Im not getting the last bit.. where you say now copy and paste the quote beginning with regedit4 where is it to do that?
     
    meloney, May 20, 2008
    #19
  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are not doing what is written....there was no need to download hiJackThis...it is Anaylse.exe!!
    Now read this very closely and do it exactly as written:


    The text to copy and paste into notepad was given on post #7

    I will repeat it again....copy and paste to notepad this:
    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
     
    TimW, May 20, 2008
    #20
  21. meloney

    meloney Private E-2

    Hi Ok, iv done all that.. bit so far... thank you..:cloud9
     
    meloney, May 21, 2008
    #21
  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file so I can check that you are clean and give you the final instructions. :)
     
    TimW, May 21, 2008
    #22
  23. meloney

    meloney Private E-2

    Here you go!

    Can you also tell me what anti virus is the best one to use, is it best to only use one full stop or, as i find there are different viruses and so sometimes I use three, not at the same time though!.. AVAST - AD-AWARE AND SPYBOT..

    Id prefer using just one, and a good fire wall? I get sick of constantly cleaning the pc.!
     

    Attached Files:

    meloney, May 21, 2008
    #23
  24. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sweet...Your logs look clean.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2.
    * Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!

    Only one real-time anti-virus program (Spybot and Ad-aware are not anti-virus -. anti-spyware ) Avast is very good ....and for a firewall..PCTools works well and is on the Top Freeware Programs list which is HERE.
     
    TimW, May 21, 2008
    #24
  25. meloney

    meloney Private E-2

    Tim.. Thank you very much, for helping me.. Your very kind.. Thank you!!!:cloud9
     
    meloney, May 21, 2008
    #25
  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are quite welcome.....safe surfing. :)
     
    TimW, May 21, 2008
    #26

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds