8-Step Help needed/ TR/Crypt.FKM.Gen

By stupidvirusgotm
Dec 1, 2008
  1. I began following the 8-steps and became stuck when trying to install mbam. I also could not install superantispyware. When I try to visit website for these services I am also either redirected to an ad website or Mozilla reports a failed connection. Avira found TR/Crypt.FKM.Gen and that file is now in quarantine. I could download HJT and I am attaching the log. Any help would be appreciated.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. stupidvirusgotm

    stupidvirusgotm TS Rookie Topic Starter


    What you told me worked and I was able to complete the 8-steps. The scans took a rather long time and turned up a good amount. I am attaching the 3 logs. What is my next step?

    (I am going to bed now, so I won't be on for another 6 hours)

    Thank you for all of your help.

    Attached Files:

  4. rf6647

    rf6647 TS Maniac Posts: 829

    Good news that you were able to make progress. Your description is helpful. Your logs show found and removed items. For your case, we will supplement our guide with a special scan / tool.

    Overview -
    • ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
    • Uninstall old copy of ComboFix
    Supplement to guide. Successive scans used to uncover additional infections.
    • Update both MBAM & SAS. Rerun them both.

    • This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
      • Typically extra repeat scans are not needed
    • Follow ComboFix instructions referenced below.

    • Scan with HJT. (part of instructions for ComboFix)

    • Posts logs. Report progress & what changes are observed. Include logs that found infections.

  5. stupidvirusgotm

    stupidvirusgotm TS Rookie Topic Starter

    When I Get Home

    Thanks for the information I will try that when I get home tonight
  6. stupidvirusgotm

    stupidvirusgotm TS Rookie Topic Starter

    Ok I completed the ComboFix and looks like it removed 2 files. I am attaching a new HJT log and the combofix log. I am going to run Superantispyware again to see if the 5 files that could not be removed are now gone. I will post that log later.

    Attached Files:

  7. rf6647

    rf6647 TS Maniac Posts: 829

    A fresh ComboFix log along with the HJT log should conclude things. Perhaps by now you recognize the method being used for this type of infestation.

    Successive scans are used to uncover additional infections, since masking is common with many infestations. When a tool reports something it can not clean, that's when the strategy calls for a stronger scanner. The sequence for applying the scanners begins with the standard scanners (fully updated) and ends with the stronnger cleaner, with a side benifit that it adds information about the comparative effectiveness among the tools.

    The TDSS exploit (among other non-plug and play driver exploits) is quite the rage. The temptation is to package a method for this. However, the result would be quite lengthy and possibly confusing, since it is not possible to anticipate contributing factors.
  8. stupidvirusgotm

    stupidvirusgotm TS Rookie Topic Starter

    Thank You

    I just wanted to say thank you for all of your help. Your services are amazing. All of my scans came up clean. I am attaching the newest combofix and HJT logs but I think I am clean. Thanks again!
  9. rf6647

    rf6647 TS Maniac Posts: 829

    Thanks for establishing the symptoms are gone & the logs are clean. The ComboFix log is also clear.

    Some cleanup items: uninstall ComboFix & establish a clean restore point.

    Cleanout Old System Restore Points

    Disk Cleanup From the Taskbar
    • Start > Programs > Accessories > System Tools > Disk Cleanup
    • Click OK to accept C:
    • Tick all Boxes
    • Click More Options
    • Click System Restore and OK to "Are you sure" and the OK to Run.
    • Results -
      • Only the most recent Restore Point remains
      • Clears 'Shadow Copies' [ Volume Shadow Copy running is the default ]
        • used by specialized back up programs.
        • reclaims a huge amount of disk space.
        • removes infected files
    Establish a clean System Restore point
    • Start > Programs > System Tools > System Restore
    • Left Pane > System Restore Settings
    • Tick 'Turn off system restore on all drives', Click 'Apply'
    • Wait for completion
    • Untick ' 'Turn off system restore on all drives', Click 'Apply'
    • Wait for completion. OK to end menu. Exit
  10. stupidvirusgotm

    stupidvirusgotm TS Rookie Topic Starter

    System Restore

    I have deleted all of my old system restore points and have created a new point. I think my next step would to be to uninstall combofix and HJT correct?

    As an update. I followed the instructions from the link above and uninstalled ComboFix
  11. rf6647

    rf6647 TS Maniac Posts: 829

    No logs are needed at this point. The cleanup signals the infections were removed. Enjoy your computing.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...