TechSpot

Hacktool.Crack Found by AVG After memory write errors

By echu1989
Oct 5, 2007
  1. Hi all:

    SYMPTOMS
    - I have Symantec Antivirus installed and I am not sure if this is related but 2 days ago Symantec started acting odd. If I tried to right click a file or folder it would try to install something for Symantec.

    I uninstalled Symantec and turned on my Zonealarm Antivirus and made sure my virus defs were up to date. I did a scan and it did not find anything.

    Things seemed OK

    - I then downloaded a keygenerator that apparently had the hacktool.crack virus. I now know how stupid this was :(

    - The following day after that download about 2PM, my laptop went nuts. I got repeated "Windows could not write" type errors for everything that would try to run in my system tray.

    WHAT DID I DO ONCE MY PC WENT NUTS?

    - I read that AVG was a great tool so I downloaded the Anti-malware and virus trial tool, installed it and ran it. It found HAcktool.crack.

    - I went to another PC and found this wonderful forum and another thread on HAcktool.crack. That led me to the detailed malware removal thread.

    I followed those instructions with one exception. I noticed that when I went to install the AVG Anti-spyware it was from last year, so I assumed that a scan from the latest AVG Anti Virus/Malware would be sufficient. If not please let me know and I will install and run the suggested too.

    - AVG Found 10 infections on my last scan while in safe mode. I also made sure there were no hidden files as instructed before running that scan.

    - I then ran Hijack This and ComboFix.

    I have attached my logs.

    Am I clean and is there anything else I should do?

    Thank you for help!!
     
  2. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Posts: 2,026

    Hi
    both these logs look OK to me - one reference to
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file
    should be removed if not known to you.
    say no more about keygen sites - what is interesting is that NAV failed to deal with it.....
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Have HJT fix the following entries, if you don`t know what they are.

    O1 - Hosts: 158.187.0.173 atmsr37

    O16 - DPF: {3591A50E-18FD-42BC-8D10-6C93BDAF2DA0} (Data Dynamics #Grid 2.0 (OLEDB)) - https://control.itsupport247.net/components/SG20o.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{636F7B10-5037-4588-B78C-5B5DE67D5DCB}: Domain = rck.atm.lmco.com

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rck.atm.lmco.com,global.lmco.com,ems.lmco.com,vf.lmco.com,orl.lmco.com,den.lmco.com

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rck.atm.lmco.com,global.lmco.com,ems.lmco.com,vf.lmco.com,orl.lmco.com,den.lmco.com

    Go HERE and follow the instructions for AVG Antispyware and Panda Antirootkit.

    Post an AVG Antispyware log and let me know the results of the Panda Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. echu1989

    echu1989 TS Rookie Topic Starter Posts: 18

    Thank You.

    I downloaded and am running AVG Antispyware as I type this.

    Last night I downloaded AVG Antirootkit Free and ran a full scan. It did not find anything.

    Would you still like me to run a Panda AntiRootkit too after the AntiSpyware completes?

    Thanks...
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, please run Panda Antirootkit and let me know the results.

    Regards Howard :)

    This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Posts: 2,026

    Thanks for your input Howard - interested to know what you used to find those items as risky: the german diagnostics tool I ran said they were OK.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I didn`t say they were risky, only that they should be fixed if it wasn`t known what they were. ;)

    Regards Howard :)

    This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. echu1989

    echu1989 TS Rookie Topic Starter Posts: 18

    AVG AntiSpyware Log

    Here is my AVG AntiSpyware Log. After saving the log and bringing it over here I realized I saved my log before taking actions.

    All detections were deleted accept for the Trojan.phprun (this was quarantined).

    Sorry for not following the instructions exactly. If I need to run this again, just let me know.

    *Update*

    The Panda Rootkit scanner found no rootkits.

    I hope this means I should have a clean laptop again ??

    Thank you!
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, delete the file in AVG Antispyware quarantine. Other than that, the log file is clean.

    I await the results of the Panda Antirootkit scan. Just be sure not to fix any Unknown rootkits(if found) at this stage. Known rootkits can of course be fixed, if any are detected. In panda Antirootkit, known rootkits will already be ticked for removal.

    Regards Howard :)

    This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. echu1989

    echu1989 TS Rookie Topic Starter Posts: 18

    No rootkits were found by Panda.

    Thank you sooo much for your help!
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In that case, it looks like you`re good to go.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of echu1989 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...