TechSpot

Computer crashes + Reappearing Virus

By Dariela
Oct 14, 2006
  1. I was wondering if anyone would be able to help me, I'm having problem with my computer randomly restarting. I haven't recently installed anything and whenever I open up task manager theres a process called ~WCTRUP.exe which I've never noticed before. I've looked it up using google and such and it says something about being apart of the windows updating system, however I've been updating my windows xp for the past 2 years and this process only appeared in the past couple of months. I've done numerous virus/trojan/ad scans and during the AVG scans I do, I keep recieving the same virus called Trojan horse Downloader.Generic2.MUZ, i've tried healing it, deleting the file it's apart of but nothing seems to be helping.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Let`s see if we can get rid of any nasties you may have lurking on your system.

    I have moved your thread to our security and the web forum.

    Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of Dariela only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Dariela

    Dariela TS Rookie Topic Starter Posts: 23

    HJT and AVG

    Ok, i've done everything that was asked and here are the 2 reports you requested. During the AVG anti-spyware test there were 3 infections that were Quarantined, I had to do a second scan because I misunderstood the way to quarantine all the files at once.. I'm not sure if the report from the second scan will show those previously quarantined so I thought i'd list the first lot of infections below..

    Location: HKLM\SOFTWARE\Classes\WUSN.1
    Infected with: Adware.Savenow
    Risk: Medium

    Location: C:\WINDOWS\System32\egaccess4_1062.dll
    Infected with: Dialer.EgroupDial.w
    Risk: High

    Location: C:\WINDOWS\Iaccess32.exe
    Infected with: Dialer.EgroupDial.w
    Risk: High

    Also, I've noticed that the ~WCTRUP.exe process in task manager was gone after I used the Ccleaner.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It appears you`re not running any firewall software. You should consider getting some, unless you have a hardware firewall. Google the free Zonealarm of Kerio firewall programmes.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    WCRTUP~1.EXE

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    R3 - URLSearchHook: (no name) - {E80A98F4-5C3A-5B90-4494-50C0AB5352E4} - C:\WINDOWS\system32\icfz.dll (file missing)

    O2 - BHO: (no name) - {E80A98F4-5C3A-5B90-4494-50C0AB5352E4} - C:\WINDOWS\system32\icfz.dll (file missing)

    O4 - HKCU\..\Run: [Dbctpcne] C:\DOCUME~1\Mum\APPLIC~1\MANTEC~1\WCRTUP~1.EXE

    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

    O18 - Filter: text/html - (no CLSID) - (no file)

    O20 - AppInit_DLLs:

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\Mum\APPLIC~1\MANTEC~1\WCRTUP~1.EXE

    Delete all files in AVG Antispyware qurantine.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Dariela only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Dariela

    Dariela TS Rookie Topic Starter Posts: 23

    Attached the HJT log after following your instructions.. also regarding the firewall and whatnot, I've got a windows firewall, which as far as I can see is active, not to mention the AVG protection shield. I'm not sure what else I need.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The Windows firewall is complete rubbish and can be disabled by some malware. I strongly advise you to get a third party firewall as I suggested earlier.

    Your HJT log is now clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Dariela only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Dariela

    Dariela TS Rookie Topic Starter Posts: 23

    I will take your advice about getting another firewall, I was not aware of how vulnerable the Windows Firewall was.

    Thank you for your assistance.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...