AVG anti-virus is endlessly battling "Trojan Horse Crypt.AQLW"

By Transend
Feb 25, 2012
  1. Hello,

    I think I saw another thread in this forum detailing a similar problem, but since I don't seem to have posting rights there I decided to create a thread of my own. Logs from two programs were asked for in that thread, so I've attempted to have them available before posting. The "awsMBR" log file is provided below, abut sadly I wasn't able to get "BTKR_RunBox" to run. After it downloads the files it needs I am prompted to press any key, and when I do so it downloads again and prompts me to press any key, this continues endlessly.

    The symptoms of my problem: AVG Free anti-virus continues to identify and remove files which are classified as "Trojan Horse Crypt.AQLW" from time to time. The names of the files vary, but most are detected in the "Windows\system32\" directory. Other than that my system is currently operational, albeit occasionally appears to be slowed down. I'd appreciate help with the issue before it gets any worse.

    The "awsMBR" log:

    aswMBR version Copyright(c) 2011 AVAST Software
    Run date: 2012-02-25 23:10:34
    23:10:34.937 OS Version: Windows 5.1.2600 Service Pack 3
    23:10:34.937 Number of processors: 2 586 0x207
    23:10:34.937 ComputerName: MAX UserName: Ma
    23:10:36.515 Initialize success
    23:13:10.015 AVAST engine defs: 12022502
    23:13:19.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    23:13:19.984 Disk 0 Vendor: ST3120022A 3.06 Size: 114473MB BusType: 3
    23:13:20.015 Disk 0 MBR read successfully
    23:13:20.015 Disk 0 MBR scan
    23:13:20.062 Disk 0 Windows XP default MBR code
    23:13:20.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 94460 MB offset 63
    23:13:20.078 Disk 0 Partition - 00 0F Extended LBA 20010 MB offset 193454730
    23:13:20.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20010 MB offset 193454793
    23:13:20.093 Disk 0 scanning sectors +234436545
    23:13:20.156 Disk 0 scanning D:\WINDOWS\system32\drivers
    23:13:33.656 Service scanning
    23:13:49.046 Service sptd D:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    23:13:53.640 Modules scanning
    23:13:59.734 Module: D:\WINDOWS\system32\DRIVERS\avgtdix.sys **SUSPICIOUS**
    23:14:03.937 Disk 0 trace - called modules:
    23:14:03.984 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88fcbfd0]<<
    23:14:03.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8987dab8]
    23:14:03.984 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x896f2030]
    23:14:04.000 \Driver\00001709[0x89673d78] -> IRP_MJ_CREATE -> 0x88fcbfd0
    23:14:04.765 AVAST engine scan D:\WINDOWS
    23:14:15.281 AVAST engine scan D:\WINDOWS\system32
    23:18:23.578 AVAST engine scan D:\WINDOWS\system32\drivers
    23:18:40.640 AVAST engine scan D:\Documents and Settings\Ma
    23:20:05.750 File: D:\Documents and Settings\Ma\Application Data\Sun\Java\Deployment\cache\6.0\2\445a18c2-73985bae **INFECTED** Win32:Small-HTWP [Trj]
    23:20:07.046 File: D:\Documents and Settings\Ma\Application Data\Sun\Java\Deployment\cache\6.0\56\25654438-5fc9088b **INFECTED** Win32:Downloader-MRZ [Trj]
    23:25:00.062 AVAST engine scan D:\Documents and Settings\All Users
    23:27:17.531 Scan finished successfully
    23:28:14.734 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\Ma\Desktop\MBR.dat"
    23:28:14.734 The log file has been saved successfully to "D:\Documents and Settings\Ma\Desktop\aswMBR.txt"
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You may start your own thread. But you cannot help others. And you should also not follow directions given to others.

    If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...