win32:junkpoly-b[cryp]

[ruinofthedeadfluffy97]

Hi.

I just found this virus on my computer, and I read up about it and some forums said that it spreads and spreads until you need to kill your computer!

Can I do anything? Is it being in the vault the best thing?
I'm new to this virus stuff, so please try to simplify it for me. Thanks.

I'm very scared, as I have no money for a new computer, and I need this one...

[Asyn]

Which scans did you already run..??
Any logs to post..?
asyn

[SafeSurf]

Hello ruinofthedead,

Yes, being in the "vault" or as we say the Avast Virus Chest (VC) is the safest place to be.  

1. Can you tell me what your OS is and if you have a 32 or 64-bit machine?
2. What version of Avast do you have?  5.0.677 is the latest version.
3. Have you run any scans yet?  If so, which ones and is anything in the VC?
4. Is your machine acting strange?  If yes, please describe.

[ruinofthedeadfluffy97]

Hello ruinofthedead,

Yes, being in the "vault" or as we say the Avast Virus Chest (VC) is the safest place to be.  

1. Can you tell me what your OS is and if you have a 32 or 64-bit machine?
2. What version of Avast do you have?  5.0.677 is the latest version.
3. Have you run any scans yet?  If so, which ones and is anything in the VC?
4. Is your machine acting strange?  If yes, please describe.

Hi SafeSurf.

I am running Windows XP.
I have 5.0.677
I am currently running a full scan.
My FireFox did crash a few times... not sure if that is related.

-Ruin

[SafeSurf]

1. If any infections (malware) comes up with your scan, make sure you put them in the Virus Chest (do NOT delete them).  Please post your report (if you are clean or if anything was found, post a screen shot or if unable type the exact words of the infection).

2. After doing the scan you are doing, check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·   Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner Settings:  Check all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire report in your next reply.

Let us know if you have any questions.  Thank you.

[ruinofthedeadfluffy97]

1. If any infections (malware) comes up with your scan, make sure you put them in the Virus Chest (do NOT delete them).  Please post your report (if you are clean or if anything was found, post a screen shot or if unable type the exact words of the infection).

2. After doing the scan you are doing, check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·   Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner Settings:  Check all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire report in your next reply.

Let us know if you have any questions.  Thank you.

Oh, good. I have MBAM. I have been doing what you just described for a while now.

Everything has been clean so far in the scan. Almost done.

But I saw another thread, http://forum.avast.com/index.php?topic=36236.15 to be sure, that said it kept coming back upon startup. Do you think the -b in my virus would make it different?

I dont restart my computer very often.


And one more thing, if my computer comes up clean in both scans, and I have the current virus in the chest, AND I can re-boot without it being detected again as said in the thread, am I clean? I have nothing to worry about?

[SafeSurf]

1. Can you tell me what your OS is and if you have a 32 or 64-bit machine?

The link you posted is 2 years old, and I would really need to see your MBAM log before I could answer your question.

You could run an Avast boot-time scan as long as you have a 32-bit machine.  Post your results.

Also, check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0. 

Follow the directions for obtaining the OTL logs (save them as ANSI and not Unicode).  Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).  Should you have real bad nasties and can't boot up after doing your other scans, I'll have information needed to refer you to our Certified Malware Expert.

Let me know if you have any questions.  I'll be signing off shortly, but will check in later.

[ruinofthedeadfluffy97]

1. Can you tell me what your OS is and if you have a 32 or 64-bit machine?

The link you posted is 2 years old, and I would really need to see your MBAM log before I could answer your question.

You could run an Avast boot-time scan as long as you have a 32-bit machine.  Post your results.

Also, check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0. 

Follow the directions for obtaining the OTL logs (save them as ANSI and not Unicode).  Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).  Should you have real bad nasties and can't boot up after doing your other scans, I'll have information needed to refer you to our Certified Malware Expert.

Let me know if you have any questions.  I'll be signing off shortly, but will check in later.

I have 32-bit. Thank you for your help.

I doubt I have a killer virus.

[SafeSurf]

I doubt I have a killer virus.

Let's hope not.  But just in case, we have some killer tools too.  
You can attach the MBAM and OTL logs if you like to save room and make it easier for you.  I'll review them later.

Just in case you do have malware:

- If you are on a home network, disconnect the affected machine from the network.  Do not share a USB/flash drive with this affected machine.  Use a different machine to check email, sync your phone, etc. if possible.

***Please do not make any further changes to your machine once you have provided the logs.***

Thank you.

[ruinofthedeadfluffy97]

I doubt I have a killer virus.

Let's hope not.  But just in case, we have some killer tools too.  
You can attach the MBAM and OTL logs if you like to save room and make it easier for you.  I'll review them later.

Just in case you do have malware:

- If you are on a home network, disconnect the affected machine from the network.  Do not share a USB/flash drive with this affected machine.  Use a different machine to check email, sync your phone, etc. if possible.

***Please do not make any further changes to your machine once you have provided the logs.***

Thank you.

Well, I did a boot-scan, and it found one infected file.

MBAM didn't get any Malware, and Avast full scan came up clean after the boot-scan.

Gonna get the MBAM and OTL logs in a few. I'm on my friends laptop.


Thank you so much for your help.

*Edit* How can I get the logs from Avast scans?

[DavidR]

Check this for the boot-time scan, C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt (winXP location). There will be other logs in there.

[ruinofthedeadfluffy97]

Avast Boot-time scan.

CmdLine - quick
aswBoot.exe /A:"C:" /A:"*" /A:"*" /L:"1033" /heur:80 /pup /archives /IA:0 /KBD:3 /dir:"C:\Program Files\Alwil Software\Avast5"
CmdLine end
SafeBoot: 0
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
dep_osBeginThread - KbThread
CreateKbThread end
NtInitializeRegistry
ReadRegistry
KbThread start
DATA=C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5
PROG=C:\Program Files\Alwil Software\Avast5
BUILD=677
Microsoft Windows XP Service Pack 3, v.3311
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
aswcmnbDllMain
cmnbInit
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:"C:" /A:"*" /A:"*" /L:"1033" /heur:80 /pup /archives /IA:0 /KBD:3 /dir:"C:\Program Files\Alwil Software\Avast5"
CmdLine end
Program folder: C:\Program Files\Alwil Software\Avast5
Engine folder: C:\Program Files\Alwil Software\Avast5\defs\10120500
TimeStamp: 4cf64fda
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,32,00,00,00,2C,00,00,00,
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,26,00,00,00,84,9A,19,00,
00,00,61,00,75,00,74,00,6F,00,63,00,68,00,65,00,
63,00,6B,00,20,00,73,00,6D,00,72,00,67,00,64,00,
66,00,20,00,43,00,3A,00,5C,00,44,00,6F,00,63,00,
75,00,6D,00,65,00,6E,00,74,00,73,00,20,00,61,00,
6E,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,
6E,00,67,00,73,00,5C,00,4E,00,65,00,72,00,67,00,
69,00,73,00,20,00,4D,00,61,00,6C,00,61,00,76,00,
65,00,5C,00,41,00,70,00,70,00,6C,00,69,00,63,00,
61,00,74,00,69,00,6F,00,6E,00,20,00,44,00,61,00,
74,00,61,00,5C,00,69,00,6F,00,6C,00,6F,00,5C,00,
00,00,61,00,73,00,77,00,42,00,6F,00,6F,00,74,00,
2E,00,65,00,78,00,65,00,20,00,2F,00,41,00,3A,00,
22,00,43,00,3A,00,22,00,20,00,2F,00,41,00,3A,00,
22,00,2A,00,22,00,20,00,2F,00,41,00,3A,00,22,00,
2A,00,22,00,20,00,2F,00,4C,00,3A,00,22,00,31,00,
30,00,33,00,33,00,22,00,20,00,2F,00,68,00,65,00,
75,00,72,00,3A,00,38,00,30,00,20,00,2F,00,70,00,
75,00,70,00,20,00,2F,00,61,00,72,00,63,00,68,00,
69,00,76,00,65,00,73,00,20,00,2F,00,49,00,41,00,
3A,00,30,00,20,00,2F,00,4B,00,42,00,44,00,3A,00,
33,00,20,00,2F,00,64,00,69,00,72,00,3A,00,22,00,
43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,
61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,
5C,00,41,00,6C,00,77,00,69,00,6C,00,20,00,53,00,
6F,00,66,00,74,00,77,00,61,00,72,00,65,00,5C,00,
41,00,76,00,61,00,73,00,74,00,35,00,22,00,00,00,
00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
Global exclusions:
NtSetEvent(g_hInitEvent) - 1
InitKeyboard
g_dwKbdNum: 3
\Device\KeyboardClass0 failed: 0xC0000034
CPU: Phys(2), Log(2), Aff(2), Feat(0000001f)
FreeMemory: 2838917120
avworkInitialize
FreeMemory: 2838028288
\Device\KeyboardClass0 failed: 0xC0000043
s_dwKbdClassCnt: 3
InitKeyboard end
NtSetEvent(g_hInitEvent) - 2
GetKey
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanAdd *MBR0
avfilesScanAdd *BOOTC:
Loading raw access support
avfilesScanAdd *RAW:C:\  [Fs: 000500ff, NTFS; Dev: 07, 00000020]
avfilesScanRealMulti begin
1, 5, 0, 0, 0
GetKey end (4/34)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
1, 5, 1, 0, 0
avfilesScanRealMulti finished
Runtime: 2841312ms
avworkClose
TerminateKbThread
GetKey end (?/00)
CloseKeyboard
CloseKeyboard end
KbThread stop
CKbBuffer::~CKbBuffer
CKbBuffer::~CKbBuffer end
aswEnginDllMain(DLL_PROCESS_DETACH)
cmnbFree
FreeResources
CloseReport
CloseLog

[SafeSurf]

How is your machine acting now? 

The infection you found after doing the boot scan you put into the Virus Chest?  If not, please tell me what you did with it.

If you could please provide the OTL logs (2) as an attachment, I'd appreciate it.  Thank you.

[ruinofthedeadfluffy97]

How is your machine acting now? 

The infection you found after doing the boot scan you put into the Virus Chest?  If not, please tell me what you did with it.

If you could please provide the OTL logs (2) as an attachment, I'd appreciate it.  Thank you.

It's acting fine, Though I did get some audio problems *Clicking from my speakers/headphones*

Yes, the virus was put in the Chest.

I'm running the OTL now, as I'm getting offline soon, and it said to run with no other programs.

[SafeSurf]

It's acting fine, Though I did get some audio problems *Clicking from my speakers/headphones*

Check to see if all your connections (wires) are secured. 

I'll await your OTL logs.  Thank you for the update.