Need Help With Trojan.crypt.e
- Thread starter Jazzy
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
You are Hijacked with the newnet infection. Do the following.
Click Start/Control Panel/Add/Remove Programs and uninstall: New.net Application or New.net Domains
If neither is listed, download and run this: www.new.net/support/uninstall6_38.exe
Please post a fresh HJT log.
Regards Howard :wave: :wave:
You are Hijacked with the newnet infection. Do the following.
Click Start/Control Panel/Add/Remove Programs and uninstall: New.net Application or New.net Domains
If neither is listed, download and run this: www.new.net/support/uninstall6_38.exe
Please post a fresh HJT log.
Regards Howard :wave: :wave:
howard_hopkinso
Posts: 21,238 +17
tomrca said:
You`re quite right mate.
Once Jazzy`s system is clean I was going to suggest he get some antivirus/firewall protection lol.
Regards Howard
Tedster
Posts: 5,746 +14
trojan.crypt.e AKA Downloader-EA (McAfee), W32.Spybot.Worm (Symantec), Win32.HLLW.MyBot (Doctor Web), Troj/Pyfls-A (Sophos), TROJ_DLOADER.JB (Trend Micro), TR/Crypt.E (H+BEDV), Trojan.Crypt.E (SOFTWIN), Trj/Downloader.CZU (Panda), Win32/Crypt.E (Eset)
removal:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html
Also stop using Peer to peer software like kazaa. This is an open invitation to garbage like this.
removal:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html
Also stop using Peer to peer software like kazaa. This is an open invitation to garbage like this.
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
outlook
Warez P2P Client
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
outlook.exe
?srss.exe
NDNUNI~2.EXE
warez.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - _{32EA1CE4-8083-48AA-BD8F-2DC97A1CDB7E} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Ejue] C:\WINDOWS\a?sembly\?srss.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1444/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE651D6B-8D6A-474E-BB24-2E4EA9B17FC7}: NameServer = 209.244.0.3 209.244.0.4<Only fix this, if it doesn`t belong to your ISP.
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\MAW3PRT.DLL (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\a?sembly\?srss.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\NDNUNI~2.EXE
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
outlook
Warez P2P Client
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
outlook.exe
?srss.exe
NDNUNI~2.EXE
warez.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - _{32EA1CE4-8083-48AA-BD8F-2DC97A1CDB7E} - (no file)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Ejue] C:\WINDOWS\a?sembly\?srss.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1444/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE651D6B-8D6A-474E-BB24-2E4EA9B17FC7}: NameServer = 209.244.0.3 209.244.0.4<Only fix this, if it doesn`t belong to your ISP.
O20 - Winlogon Notify: awvtt - C:\WINDOWS\system32\awvtt.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\MAW3PRT.DLL (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\a?sembly\?srss.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\NDNUNI~2.EXE
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
tomrca
Posts: 924 +3
hi jazzy i cant see any antivirus programme. there many free antivirus prog such as AVG, www.grisoft.com . do you know how to activate your windows firewall ? if you dont have a firewall you can get a free one too from zonealarm, www.zonealarm.com
There is an application in my windows file that says dfndr and I cannot delete it unless I am in safe mode. I have deleted this thing before but apparently it's back. Also some of the things that you told me to check in HJT won't show up in Safe Mode, such as the
04-HKCU\..Run:[warez] "C:rogram Files\Warez P2P Client\warez.exe"-h
04-HKCU\:Run:[Ejue] C:\Windows\a?sembly\?srss.exe
015-Trusted Zone:*.musicmatch.com
Also I think this has something to do with the dfndr thing.
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\Run: [defender] C:\\dfndr.exe
04-HKCU\..Run:[warez] "C:
rogram Files\Warez P2P Client\warez.exe"-h 04-HKCU\:Run:[Ejue] C:\Windows\a?sembly\?srss.exe
015-Trusted Zone:*.musicmatch.com
Also I think this has something to do with the dfndr thing.
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\Run: [defender] C:\\dfndr.exe
tomrca
Posts: 924 +3
jazzy. it seems that you do not have any antirus programme on you pc. visit grisoft, they have an anti-virus free for home us called AVG. www.grisoft.com/doc/1
howard_hopkinso
Posts: 21,238 +17
Download and install the following two programmes.
AVG free and Zonalarm free from HERE and HERE.
Install Zonealarm, followed by AVG. Reboot your computer and run the AVG updates.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run a full system scan with AVG and delete whatever it finds.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
dfndr.exe
?srss.exe
nwnm.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R3 - URLSearchHook: (no name) - _{32EA1CE4-8083-48AA-BD8F-2DC97A1CDB7E} - (no file)
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\Run: [defender] C:\\dfndr.exe
O4 - HKCU\..\Run: [Ejue] C:\WINDOWS\a?sembly\?srss.exe
O15 - Trusted Zone: *.musicmatch.com
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\a?sembly\?srss.exe
C:\\dfndr.exe
C:\\nwnm.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
AVG free and Zonalarm free from HERE and HERE.
Install Zonealarm, followed by AVG. Reboot your computer and run the AVG updates.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run a full system scan with AVG and delete whatever it finds.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
dfndr.exe
?srss.exe
nwnm.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R3 - URLSearchHook: (no name) - _{32EA1CE4-8083-48AA-BD8F-2DC97A1CDB7E} - (no file)
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\Run: [defender] C:\\dfndr.exe
O4 - HKCU\..\Run: [Ejue] C:\WINDOWS\a?sembly\?srss.exe
O15 - Trusted Zone: *.musicmatch.com
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\a?sembly\?srss.exe
C:\\dfndr.exe
C:\\nwnm.exe
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
I`m pleased to say, your HJT log is clean.
Regards Howard
Regards Howard
- Status
