Trojan and infected files

Discussion in 'Malware Help (A Specialist Will Reply)' started by QBert13, Nov 6, 2009.

  1. QBert13

    QBert13 Private E-2

    Ok...all this is new to me. I have a Vaio laptop. I've been running Spybot, AntiVir, Ad-Aware, Zone Alarm, and occasionally I use CCleaner. I haven't ever had any problems until now.

    Just a note: It came pre-loaded with software including AOL (which I will never use). AOL never showed up in the Add/Remove Programs, so I didn't know how to get rid of it. :(

    Maybe 9 mos. to a year ago I had problems with IE7 (no surprise), so I switched to Firefox. The last few months it's been freezing up so I'd close the browser and try to reopen it. Nothing would happen, but when I looked under processes, there would be several firefox.exe processes running (one for everytime I tried to open it). I had to reboot to fix it. Went back to IE7 without any problems.

    Recently I did a Google search and when I clicked on one of the search results, it took me to the page, but AntiVir came up and said it found a virus. I chose to delete that file and got off that website. Didn't notice anything major until a week and a half or so ago. Everytime I would boot up AntiVir came up and said it detected a trojan (tr/crypt.xpack.gen). I always chose to delete. Computer would seem fine until I rebooted again. I tried changing the antivirus to Avast. It did not detect anything on start up, but when I switched back to AntiVir it showed up again. False positive? Annoying!

    I ran an Antivir scan and all clear. Spybot clear. Ad-Aware would find spyware and clear it, but the problem was still there. I went and did the free Windows Live OneCare scan and it came out clean (minus some registry issues that it "fixed"). I used the online Symantec scan and it found 4 files infected with a trojan horse:
    C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acslang.exe
    C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acscore.exe
    C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acslang.exe
    C:\Program Files\Common Files\AOL\ACS\uninst.exe

    I wasn't sure if I could just delete them or if I needed to do something else to clean them. I went through many other scans and came to this website and went through the malware removal procedure. I could not run the RootRepeal. It hung up (and had errors) at C:\Windows\winsxs\manifests.

    Antivir still detects the Crypt trojan upon startup. I'm afraid to backup any files for fear I'll transfer the virus to the external hard drives. Logs are attached. Please help! I want my computer back!
     

    Attached Files:

    QBert13, Nov 6, 2009
    #1
  2. QBert13

    QBert13 Private E-2

    Oh...before I started this malware removal process, I also ran HiJack This. Log attached. I also attached the "results" from the RootRepeal in case it's helpful.
     

    Attached Files:

    QBert13, Nov 6, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am pretty sure that those are false positive. You could always allow them to be removed and see if it totally messes up AOL (or just put an extension on each to rename them to .old and see if you have issues, and if so, remove the .old).

    However, should know that you must have only one AV program installed. You must uninstall all but one!

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Nov 9, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds