8-Step Help needed/ TR/Crypt.FKM.Gen

[stupidvirusgotm]

I began following the 8-steps and became stuck when trying to install mbam. I also could not install superantispyware. When I try to visit website for these services I am also either redirected to an ad website or Mozilla reports a failed connection. Avira found TR/Crypt.FKM.Gen and that file is now in quarantine. I could download HJT and I am attaching the log. Any help would be appreciated.

 

[kimsland]

Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

 

[stupidvirusgotm]

Thanks

What you told me worked and I was able to complete the 8-steps. The scans took a rather long time and turned up a good amount. I am attaching the 3 logs. What is my next step?

(I am going to bed now, so I won't be on for another 6 hours)

Thank you for all of your help.

 

[rf6647]

Good news that you were able to make progress. Your description is helpful. Your logs show found and removed items. For your case, we will supplement our guide with a special scan / tool.

Overview -

• ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
• Uninstall old copy of ComboFix

Supplement to guide. Successive scans used to uncover additional infections.

• Update both MBAM & SAS. Rerun them both.
  
  
• This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
  • Typically extra repeat scans are not needed
  .
  
• Follow ComboFix instructions referenced below.
  
  
• Scan with HJT. (part of instructions for ComboFix)
  
  
• Posts logs. Report progress & what changes are observed. Include logs that found infections.

Uninstall Combofix

Simplified Instructions for ComboFix + link to download
How-to-use instructions - full version

Please see this for instructions:
Temporarily Disable Real Time Monitoring Programs:

• 1 Spybot S&D (Teatimer)
• 2 Ad-Aware Ad-Watch
• 3 Spywareguard
• 4 Windows Defender
• 5 TrojanHunter Guard
• 6 Disable SpySweeper
• 7 WinPatrol
• 8 CounterSpy
• 9 AVG Anti-Spyware (formerly ewido)
• 10 Spyware Doctor
• 11 Prevx
• 12 ProcessGuard
• 13 ZoneAlarm's OS Firewall
• 14 Ad-Aware 2007 Service

 

[stupidvirusgotm]

When I Get Home

Thanks for the information I will try that when I get home tonight

 

[stupidvirusgotm]

Ok I completed the ComboFix and looks like it removed 2 files. I am attaching a new HJT log and the combofix log. I am going to run Superantispyware again to see if the 5 files that could not be removed are now gone. I will post that log later.

 

[rf6647]

A fresh ComboFix log along with the HJT log should conclude things. Perhaps by now you recognize the method being used for this type of infestation.

Successive scans are used to uncover additional infections, since masking is common with many infestations. When a tool reports something it can not clean, that's when the strategy calls for a stronger scanner. The sequence for applying the scanners begins with the standard scanners (fully updated) and ends with the stronnger cleaner, with a side benifit that it adds information about the comparative effectiveness among the tools.

The TDSS exploit (among other non-plug and play driver exploits) is quite the rage. The temptation is to package a method for this. However, the result would be quite lengthy and possibly confusing, since it is not possible to anticipate contributing factors.

 

[stupidvirusgotm]

Thank You

I just wanted to say thank you for all of your help. Your services are amazing. All of my scans came up clean. I am attaching the newest combofix and HJT logs but I think I am clean. Thanks again!

 

[rf6647]

Thanks for establishing the symptoms are gone & the logs are clean. The ComboFix log is also clear.

Some cleanup items: uninstall ComboFix & establish a clean restore point.

Cleanout Old System Restore Points

Disk Cleanup From the Taskbar

• Start > Programs > Accessories > System Tools > Disk Cleanup
• Click OK to accept C:
• Tick all Boxes
• Click More Options
• Click System Restore and OK to "Are you sure" and the OK to Run.
• Results -
  
  • Only the most recent Restore Point remains
  • Clears 'Shadow Copies' [ Volume Shadow Copy running is the default ]
    • used by specialized back up programs.
    • reclaims a huge amount of disk space.
    • removes infected files

Establish a clean System Restore point

• Start > Programs > System Tools > System Restore
• Left Pane > System Restore Settings
• Tick 'Turn off system restore on all drives', Click 'Apply'
• Wait for completion
• Untick ' 'Turn off system restore on all drives', Click 'Apply'
• Wait for completion. OK to end menu. Exit

 

[stupidvirusgotm]

System Restore

I have deleted all of my old system restore points and have created a new point. I think my next step would to be to uninstall combofix and HJT correct?

As an update. I followed the instructions from the link above and uninstalled ComboFix

 

[rf6647]

No logs are needed at this point. The cleanup signals the infections were removed. Enjoy your computing.