« previous next »
Pages: [1]   Go Down

Author Topic: Help Requested for Win32:Crypt-HQJ Infection - Log Attached  (Read 19201 times)

0 Members and 1 Guest are viewing this topic.

odie82

  • Guest
Help Requested for Win32:Crypt-HQJ Infection - Log Attached
« on: December 07, 2010, 01:45:54 AM »
As per thread: http://forum.avast.com/index.php?topic=53253.0

Below is my OTL file is attached due to the character limitations of the forum.

Logged

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: Help Requested for Win32:Crypt-HQJ Infection - Log Attached
« Reply #1 on: December 07, 2010, 05:13:58 PM »
welcome to the forum.

lets hope someone else can check that log for you sense I'm not that good at them. but that win32 infection is that avast that's pop up and say you have on your computer or?

if so try a boot scan with avast and and let avast dell with the infection from there. recommends you send it to the chest where the infection does not do any harm to your computer.

if avast should be unlucky to remove the infection download malwarebytes antimalware.

install and scan with it remove what it finds and don't forget to update before scanning.

good luck

and a small tips until next time you need help, we would be happy if you could bring us a lite more information so we can give you better help.

like what's your os?

what file is avast detection as infected?

   
Logged
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
Re: Help Requested for Win32:Crypt-HQJ Infection - Log Attached
« Reply #2 on: December 07, 2010, 08:01:15 PM »
You have a very infected system from what i see in the OTL log,so please do the folloing steps first:
1.Scan with dr.web cure it!  from here
http://www.freedrweb.com/cureit/?lng=en
2.Scan you PC with MBAM
http://www.malwarebytes.org/mbam.php
3.After cleaning system with Dr.web and MBAM post a hijack hunter log"attach"
http://www.novirusthanks.org/products/hijack-hunter/
Logged
Dreams don't die, they just fall asleep.

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: Help Requested for Win32:Crypt-HQJ Infection - Log Attached
« Reply #3 on: December 07, 2010, 08:16:47 PM »
+1
Logged
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help Requested for Win32:Crypt-HQJ Infection - Log Attached
« Reply #4 on: December 07, 2010, 09:33:11 PM »
The joys of torrents

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKCU..\Run: [LvkSneiejl+1wMitchell\AppData\Local\Temp\2196556410.exe] C:\Users\Guy Mitchell\AppData\Local\Temp\2196556410.exe File not found
    O4 - HKCU..\Run: [LvkSneiejl+3xMitchell\AppData\Local\Temp\3839838034.exe] C:\Users\Guy Mitchell\AppData\Local\Temp\3839838034.exe File not found
    O4 - HKCU..\Run: [LvkSneiejl90xMitchell\AppData\Local\Temp\3262385521.exe] C:\Users\Guy Mitchell\AppData\Local\Temp\3262385521.exe File not found
    O4 - HKCU..\Run: [LvkSneiejlhb] C:\Users\Guy Mitchell\AppData\Local\Temp\debug.exe ()
    O4 - HKCU..\Run: [LvkSneiejlk+] C:\Users\Guy Mitchell\AppData\Local\Temp\gdi32.exe ()
    O4 - HKCU..\Run: [LvkSneiejlkc] C:\Users\Guy Mitchell\AppData\Local\Temp\cmd.exe ()
    O4 - HKCU..\Run: [LvkSneiejlmc] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe ()
    O4 - HKCU..\Run: [LvkSneiejlmc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe ()
    O4 - HKCU..\Run: [LvkSneiejlmc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe ()
    O4 - HKCU..\Run: [LvkSneiejlmc(Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe ()
    O4 - HKCU..\Run: [LvkSneiejlmc(Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe ()
    O4 - HKCU..\Run: [LvkSneiejlna] C:\Users\Guy Mitchell\AppData\Local\Temp\login.exe ()
    O4 - HKCU..\Run: [LvkSneiejlo+] C:\Users\Guy Mitchell\AppData\Local\Temp\avp32.exe ()
    O4 - HKCU..\Run: [LvkSneiejloc] C:\Users\Guy Mitchell\AppData\Local\Temp\jpkvh.exe ()
    O4 - HKCU..\Run: [LvkSneiejlotc] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe ()
    O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 5.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.401.1 Safari/533.9] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe ()
    O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe ()
    O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe ()
    O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe ()
    O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe ()
    O4 - HKCU..\Run: [LvkSneiejlotcWindows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe ()
    O4 - HKCU..\Run: [LvkSneiejlpc] C:\Users\Guy Mitchell\AppData\Local\Temp\ycoxf.exe ()
    O4 - HKCU..\Run: [LvkSneiejlqB] C:\Users\Guy Mitchell\AppData\Local\Temp\soj0s6.exe ()
    O4 - HKCU..\Run: [LvkSneiejlqf] C:\Users\Guy Mitchell\AppData\Local\Temp\user.exe ()
    O4 - HKCU..\Run: [LvkSneiejlqvc] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe ()
    O4 - HKCU..\Run: [LvkSneiejlqvcWindows; U; Windows NT 5.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.401.1 Safari/533.9] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe ()
    O4 - HKCU..\Run: [LvkSneiejlqvcWindows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe ()
    O4 - HKCU..\Run: [LvkSneiejlqvcWindows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe ()
    O4 - HKCU..\Run: [LvkSneiejlqW] C:\Users\Guy Mitchell\AppData\Local\Temp\drweb.exe ()
    O4 - HKCU..\Run: [LvkSneiejlsPc] C:\Users\Guy Mitchell\AppData\Local\Temp\nvsvc32.exe ()
    O4 - HKCU..\Run: [LvkSneiejlud] C:\Users\Guy Mitchell\AppData\Local\Temp\system.exe ()
    O4 - HKCU..\Run: [LvkSneiejlud(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Guy Mitchell\AppData\Local\Temp\system.exe ()
    O4 - HKCU..\Run: [LvkSneiejlupc] C:\Users\Guy Mitchell\AppData\Local\Temp\sysedit.exe ()
    O4 - HKCU..\Run: [LvUaPiejl/0yMIT~1\AppData\Local\Temp\2773904812.exe] C:\Users\GUYMIT~1\AppData\Local\Temp\2773904812.exe File not found
    O4 - HKCU..\Run: [LvUaPiejl+1wMIT~1\AppData\Local\Temp\2196556410.exe] C:\Users\GUYMIT~1\AppData\Local\Temp\2196556410.exe File not found
    O4 - HKCU..\Run: [LvUaPiejl+3xMIT~1\AppData\Local\Temp\3839838034.exe] C:\Users\GUYMIT~1\AppData\Local\Temp\3839838034.exe File not found
    O4 - HKCU..\Run: [LvUaPiejl90xMIT~1\AppData\Local\Temp\3262385521.exe] C:\Users\GUYMIT~1\AppData\Local\Temp\3262385521.exe File not found
    O4 - HKCU..\Run: [LvUaPiejl91xMIT~1\AppData\Local\Temp\1354918223.exe] C:\Users\Guy Mitchell\AppData\Local\Temp\1354918223.exe ()
    O4 - HKCU..\Run: [LvUaPiejlhb] C:\Users\Guy Mitchell\AppData\Local\Temp\debug.exe ()
    O4 - HKCU..\Run: [LvUaPiejlk+] C:\Users\Guy Mitchell\AppData\Local\Temp\gdi32.exe ()
    O4 - HKCU..\Run: [LvUaPiejlk+ (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Users\Guy Mitchell\AppData\Local\Temp\gdi32.exe ()
    O4 - HKCU..\Run: [LvUaPiejlk+ (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Guy Mitchell\AppData\Local\Temp\gdi32.exe ()
    O4 - HKCU..\Run: [LvUaPiejlkc] C:\Users\Guy Mitchell\AppData\Local\Temp\cmd.exe ()
    O4 - HKCU..\Run: [LvUaPiejlkc (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Guy Mitchell\AppData\Local\Temp\cmd.exe ()
    O4 - HKCU..\Run: [LvUaPiejlmc] C:\Users\Guy Mitchell\AppData\Local\Temp\mdm.exe ()
    O4 - HKCU..\Run: [LvUaPiejlna] C:\Users\Guy Mitchell\AppData\Local\Temp\login.exe ()
    O4 - HKCU..\Run: [LvUaPiejlo+] C:\Users\Guy Mitchell\AppData\Local\Temp\avp32.exe ()
    O4 - HKCU..\Run: [LvUaPiejlotc] C:\Users\Guy Mitchell\AppData\Local\Temp\hexdump.exe ()
    O4 - HKCU..\Run: [LvUaPiejlpc] C:\Users\Guy Mitchell\AppData\Local\Temp\ycoxf.exe ()
    O4 - HKCU..\Run: [LvUaPiejlq+] C:\Users\Guy Mitchell\AppData\Local\Temp\win32.exe ()
    O4 - HKCU..\Run: [LvUaPiejlqB] C:\Users\Guy Mitchell\AppData\Local\Temp\soj0s6.exe ()
    O4 - HKCU..\Run: [LvUaPiejlqc] C:\Users\Guy Mitchell\AppData\Local\Temp\win.exe ()
    O4 - HKCU..\Run: [LvUaPiejlqf] C:\Users\Guy Mitchell\AppData\Local\Temp\user.exe ()
    O4 - HKCU..\Run: [LvUaPiejlqvc] C:\Users\Guy Mitchell\AppData\Local\Temp\wininst.exe ()
    O4 - HKCU..\Run: [LvUaPiejlqW] C:\Users\Guy Mitchell\AppData\Local\Temp\drweb.exe ()
    O4 - HKCU..\Run: [LvUaPiejlsPc] C:\Users\Guy Mitchell\AppData\Local\Temp\nvsvc32.exe ()
    O4 - HKCU..\Run: [LvUaPiejlud] C:\Users\Guy Mitchell\AppData\Local\Temp\system.exe ()
    O4 - HKCU..\Run: [LvUaPiejlupc] C:\Users\Guy Mitchell\AppData\Local\Temp\sysedit.exe ()
    O4 - HKCU..\Run: [tcmsdctr] C:\Users\Guy Mitchell\AppData\Local\Temp\cleaperf.dll ()

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
.
THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Logged
Pages: [1]   Go Up
« previous next »