Inactive Help! Tracking System Cashtitan?

Status
Not open for further replies.

thesurvivor190

Posts: 67   +0
Help! i think i have a virus. Today, i just got Utorrent because i wanted to download fraps free. My friend gave me a link and he said it works. After i downloaded it, i think i got a virus, because there is a new entry in add or remove programs: Tracking system cashtitan. When i click remove, It says: Are you sure that you would like to uninstall the Tagging System Cashtitan (please note that your computer may not run exactly the same as before)? with a yes and no button. if i click yes, then another window pops up called uninstall validation. It tells me to put in a confirmation code to validate unistall. and there is some text with random numbers and letters. I unistalled utorrent and the fraps program, and did a scan with malwarebytes and avg free 9.0. Avg didn't detect something, but malware bytes did. I removed the malware, but it is still there. I am sure that i got this from the fraps download because it was installed today.
This is the link where i downloaded fraps: [LINK REMOVED]

I am using Windows 7 64 bit ultimate edition.

Edit: Removing possible malware link. Please do not leave a hyperlink for a questionable site.
 
f you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Here are the logs you told me to give you.

Also, sorry I have used ccleaner's registry cleaner already. Should I unistall ccleaner?
 

Attachments

  • mbam-log-2010-09-20 (22-30-16).txt
    1.5 KB · Views: 4
  • Attach.txt
    24.2 KB · Views: 5
  • DDS.txt
    21.1 KB · Views: 3
I noticed that you had a big problem with the Services- terminating, then trying to restart, some timing out. This was on 9/14, 9/18, 9/20 and 9/21/2010. Also, some of the drivers aren't working due to incompatibility.
Mbam was run on the 20th, but you were already showing problems before that.

There are no Restore Points> why?
Are you overclocking?
Are you having any noticible connection problems?

As far as I can tell, the last word in this Tagging System Cashtitan is really "Cash Titan" for a free poker site, filled with ads- at least. There is also a Trojan associated with it. Please run the following:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=====================================
SASLogo48x48.gif

Please download SuperAntiSpyware and save to your desktop.
  • Double- click on the setup and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Attach the notepad file here on your reply
=====================================
We'll see what left that we have to work with.
 
The reason i don't have any system restore points is that they will often corrupt on my computer. The last time i did a system restore, i had to reformat. Also, my computer crashes a lot. Also, files on my computer will corrupt for no reason, and downloads bigger than 10 mb tend to be corrupted with a error message saying program.cab is corrupted. This is why i dont download new drivers. No i don't overclock and i dont have any connection issues.
 
I have the logs you wanted.
Sorry, but one of the logs has my name on a folder, so I had to delete my name
 

Attachments

  • Eset scan.txt
    411 bytes · Views: 3
  • SUPERAntiSpyware Scan Log - 09-22-2010 - 19-04-58.log
    1.9 KB · Views: 2
If you want me to remove that infected files, you will have to restore the files to it's original.
E:\ sorry my names here so ive deleted this folder's name\01834bc731fha2\Counter-Strike 1.6 V35\Counter-Strike.exe (probably a variant of Win32/Agent.JCAQECA trojan)
If you feel strongly enough about it, after you remove the file like you will do to the others below, I can then go in and edit your name out. But to read a file and remove it, it must be as found: Otherwise the infection remains on your system.


Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :Processes	
    :Services
    :Reg
    :Files  
    C:\Windows\System32\supjyphmctvcgk.exe	
    C:\Windows\SysWOW64\supjyphmctvcgk.exe	
    E:\\Counter-Strike 1.6 V35\Counter-Strike.exe	
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Addressing this issue:
The reason i don't have any system restore points is that they will often corrupt on my computer. The last time i did a system restore, i had to reformat.
When
I finish cleaning your system, I have you remove the old restore points ans set a new, clean one.
System Restore points themselves do no corrupt a system. It's possible that you have had infected restore points that weren't properly removed, so if you restores to one of those, it could reinfect the system.

As as for this:
Also, files on my computer will corrupt for no reason, and downloads bigger than 10 mb tend to be corrupted with a error message saying program.cab is corrupted.
1. Files corrupt for a reason- even if you don't know what it is.
2. Large files shouldn't corrupt a system unless the file you're downloading is damaged.
Please see: http://kb2.adobe.com/cps/323/323346.html[/n]

You have made assumptions based on faulty premises. You won't get or keep a system clean unless you understand what is happening and why. Unless you trust me enough to follow my directions and understand them, it doesn't make much sense to continue.

Please run the following program:

Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click [b/]Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the [/b]CKFiles.txt icon[/b] on your desktop and copy/paste the contents
    in your next reply.
 
Here are the otm logs. There are 2 of them because the first scan didn't have Counterstrike.exe's folder name, so I renamed the folder and did another scan.
 

Attachments

  • 09232010_195655.log
    3.2 KB · Views: 2
  • 09232010_200555.log
    3.2 KB · Views: 2
Nothing new here:
Eset scan:
C:\Windows\System32\supjyphmctvcgk.exe
C:\Windows\SysWOW64\supjyphmctvcgk.exe
E:\ sorry my names here so ive deleted this folder's name\01834bc731fha2\Counter-Strike 1.6 V35\Counter-Strike.exe
E:\\Counter-Strike 1.6 V35\Counter-Strike.exe

1. Date, Time missing:195655.log
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\System32\supjyphmctvcgk.exe moved successfully.
File/Folder C:\Windows\SysWOW64\supjyphmctvcgk.exe not found.
File/Folder E:\\Counter-Strike 1.6 V35\Counter-Strike.exe not found.

2. All processes killed: 09232010_200555.log
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\System32\supjyphmctvcgk.exe moved successfully.
File/Folder C:\Windows\SysWOW64\supjyphmctvcgk.exe not found.
File/Folder E:\\Counter-Strike 1.6 V35\Counter-Strike.exe not found.
 
Status
Not open for further replies.
Back