Trojan horse, Crypt.BNO

By DawnMc
Jan 12, 2009
  1. Trojan horse, Crypt.BNO (Logs are Up)

    Hi all,

    I'm brand new here, and am desperately seeking help.

    My computer had been running slow the past few days, and tonight after downloading an update to my Spybot Search and Destroy, my computer was "hooped" so to say after the reboot.

    All of my desktop icons were gone, as well as the toolbar on the bottom. All I could do was go through my task manager to open anything, and I went and did a system restore, and so far this has helped (I couldn't even access the internet through IE this way, it just wouldn't work)

    Now I keep getting a window popping up telling me I need to "click on this to install antivirus updates" (or something to that effect, now it just so happens the icon has now disappeared?) It was a red circle with an 'X' in the middle, if this helps. When I would click on it, another window would open (Resident shield) telling me a threat was detected, and it was called a Trojan Horse, Crypt.BNO

    I am also getting a "Warning" box popping up regularly that says:

    "Unwanted software (malware) or tracking cookies have been found during last scan.

    If not removed immediately, these infections may cause the following:

    *Lost Documents and Settings
    *Permanent Data Loss
    *System not starting up
    *System Slowdown and Crashes
    *Loss of Internet Connection
    *Infecting Computers on your network

    Remove all threats now?"

    Now this one, I have no idea if this is a legitimate window, because this is all the info it tells me. I don't know if it comes from AVG, Windows Defender or Spybot Search and Destroy.

    After doing some searching on the net for the Crypt Trojan I found sites advising to download "HijackThis" which I did and ran a scan, but I don't know what to do now...

    Can somebody please help me..? I do have the scan file logged if anyone would like to see it.

    Thank you so much if you can help me out here.

    I forgot to add this, as I'm sure this has something to do with whatever has infected my computer.. About every five minutes, IE opens a new window on me with a link that doesn't work..

  2. DawnMc

    DawnMc TS Rookie Topic Starter

    Ok.. I just read the "Is your computer infected?" thread and it looks like I have a lot more work to do than I initially thought.

    Will be back with results. :)
  3. DawnMc

    DawnMc TS Rookie Topic Starter

    Ok, I have finished the required eight steps.

    I'm sorry they are not in the proper order, but I was having a very hard time finding the Super Anti spyware and the Malware bytes Anti Malware logs.

    Is it safe to reboot my computer now as I wanted to get these logs posted before doing so..

    So far my computer seems to be running much more smoothly and the pop-ups seem to have stopped.

  4. DawnMc

    DawnMc TS Rookie Topic Starter

    So I rebooted my computer, and now it is running VERY slow on most of the webpages I am trying to view, this site included.

    I also lost my desktop, and had to go through my task manager to do a System Restore.

    I'm afraid to turn off my computer now for fear I'm going to lose everything..

    Can somebody please help me out here.. I'm so lost. :confused:
  5. rf6647

    rf6647 TS Maniac Posts: 829

    Yes – a computer restart was directed by MBAM
    C:\WINDOWS\ayeyuregadaga.dll (Trojan.Agent) -> Delete on reboot.

    HJT comfirms it was needed –
    O4 - HKLM\..\Run: [Sqoyufa] rundll32.exe "C:\WINDOWS\ayeyuregadaga.dll",e
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    MBAB did not handle all that it found until the computer restart.

    Rescan with MBAB followed by SAS. Repeat until clean or something that cannot be cleaned.

    HJT scan informs what has not been handled (computer restart before HJT scan)

    Caught by HJT.
    O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll (file missing)[LIST]
    [*]Confirm files appearing in code box have been deleted. 
    [*]HJT 'tick & fix' can be used to delete O20 references to files
    Post new logs and describe conditions.
  6. DawnMc

    DawnMc TS Rookie Topic Starter

    Thanks for offering me help.

    I did run the scans again, but my desktop was still unavailable. I also was not able to access the internet anymore either. My IE would load, but my internet connection would not.

    I have sent my computer in to a tech guy, so hopefully he can figure out what's ailing it.

    Thanks again for your help though. :)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...