Computer crashes + Reappearing Virus

Status
Not open for further replies.

Dariela

Posts: 23   +0
I was wondering if anyone would be able to help me, I'm having problem with my computer randomly restarting. I haven't recently installed anything and whenever I open up task manager theres a process called ~WCTRUP.exe which I've never noticed before. I've looked it up using google and such and it says something about being apart of the windows updating system, however I've been updating my windows xp for the past 2 years and this process only appeared in the past couple of months. I've done numerous virus/trojan/ad scans and during the AVG scans I do, I keep recieving the same virus called Trojan horse Downloader.Generic2.MUZ, i've tried healing it, deleting the file it's apart of but nothing seems to be helping.
 
Hello and welcome to Techspot.

Let`s see if we can get rid of any nasties you may have lurking on your system.

I have moved your thread to our security and the web forum.

Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of Dariela only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
HJT and AVG

Ok, i've done everything that was asked and here are the 2 reports you requested. During the AVG anti-spyware test there were 3 infections that were Quarantined, I had to do a second scan because I misunderstood the way to quarantine all the files at once.. I'm not sure if the report from the second scan will show those previously quarantined so I thought i'd list the first lot of infections below..

Location: HKLM\SOFTWARE\Classes\WUSN.1
Infected with: Adware.Savenow
Risk: Medium

Location: C:\WINDOWS\System32\egaccess4_1062.dll
Infected with: Dialer.EgroupDial.w
Risk: High

Location: C:\WINDOWS\Iaccess32.exe
Infected with: Dialer.EgroupDial.w
Risk: High

Also, I've noticed that the ~WCTRUP.exe process in task manager was gone after I used the Ccleaner.
 
It appears you`re not running any firewall software. You should consider getting some, unless you have a hardware firewall. Google the free Zonealarm of Kerio firewall programmes.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

WCRTUP~1.EXE

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R3 - URLSearchHook: (no name) - {E80A98F4-5C3A-5B90-4494-50C0AB5352E4} - C:\WINDOWS\system32\icfz.dll (file missing)

O2 - BHO: (no name) - {E80A98F4-5C3A-5B90-4494-50C0AB5352E4} - C:\WINDOWS\system32\icfz.dll (file missing)

O4 - HKCU\..\Run: [Dbctpcne] C:\DOCUME~1\Mum\APPLIC~1\MANTEC~1\WCRTUP~1.EXE

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs:

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\Mum\APPLIC~1\MANTEC~1\WCRTUP~1.EXE

Delete all files in AVG Antispyware qurantine.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of Dariela only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Attached the HJT log after following your instructions.. also regarding the firewall and whatnot, I've got a windows firewall, which as far as I can see is active, not to mention the AVG protection shield. I'm not sure what else I need.
 
The Windows firewall is complete rubbish and can be disabled by some malware. I strongly advise you to get a third party firewall as I suggested earlier.

Your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Dariela only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I will take your advice about getting another firewall, I was not aware of how vulnerable the Windows Firewall was.

Thank you for your assistance.
 
Status
Not open for further replies.
Back