Results 1 to 12 of 12
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Midi Pyrenees, France
    Posts
    8
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Is this a virus?

    After an apparently genuine AV virus scan, which detected a trojan, the user clicked on "send to vault". Since then any attempt to open programs or run exe files results in a message box asking "which program do you want to use to open this?" but with no further actions available.
    Is it possible that the file(s) quarantined was not a trojan but a system file or is it more likely that clicking on the "send to vault" button instigated a viral dowload?

    Posting this on behalf of a friend whose xp Destop is crippled.

  2. #2
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 64 Times in 52 Posts
    Do you have the name of the quarantined file?
    Chuck

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Midi Pyrenees, France
    Posts
    8
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Sorry Chuck, can't really check tonight (it's 8:38 pm here now and my friend lives quite a few kilometres away up a mountain). I would need to look for myself but I don't hold out much hope of opening the log file.
    Will try tomorrow - thanks for your patience.

    Rog.

  4. #4
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    It's not uncommon to have problems after a malware, or other infectious issue AV/AM tool repair, necessitating an operating sytem repair to whatever os function may have been affected.

  5. The Following User Says Thank You to CLiNT For This Useful Post:

    oldodger (2011-04-30)

  6. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Midi Pyrenees, France
    Posts
    8
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Apart from tracking cookies the only files deleted by AV were Win32/Kryptik.MPX (Registry keys deleted 'hkey_users\.default\software\amservice' and 'hkey_localmachine\system\currentcontrolset\amserv ice') and UEM.EXE (No details)
    Applications errors log showed numerous errors for Crypt32 event 8 (Path 'C:\WINDOWS\TEMP\OXMK\SETUP.EXE)
    Still have the same problem (1st post) so can't run any exe files other than those listed in the 'Open with program?' msgbox. For example; clicking on the shortcut to WORD or 'Start Programs WORD' results in 'Access Denied'. Finding and clicking the word exe file opens the msgbox and selecting 'Open with Word' successfully opens Word.

    ???

  7. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Have you tried to boot in Safe Mode? What happens if you do?

  8. The Following User Says Thank You to ruirib For This Useful Post:

    oldodger (2011-04-30)

  9. #7
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    This reads like you need to download a version of rkill to kill the malware so you can try to find a real fix for it.

    Posting in a real anti malware forum like at Majorgeeks should enable you to get fixed up. Read and follow the guide here.

  10. The Following User Says Thank You to satrow For This Useful Post:

    oldodger (2011-04-30)

  11. #8
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts

    Lightbulb

    Hi "old" : "Kryptik.MPX" is a "description" used only by the Eset security company, most likely their NOD32 Antivirus prgm ; perhaps it would be best to start on their Support Forum @ www.wilderssecurity.com/forumdisplay?f=88 !? The rkill program is used mainly, IF not only, as part of the process with dealing with "Rogue" or "Fake" antivirus prgms, and there is no indication that your friend has been "infected" by such a program . The Advanced Malware Removal Forum I recommend is the One at GeeksToGo, specifically at www.geekstogo.com/forum/forums.html and start with their "Malware and Spyware Cleaning Guide" .
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  12. The Following User Says Thank You to SpiritWind For This Useful Post:

    oldodger (2011-04-30)

  13. #9
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,794
    Thanks
    117
    Thanked 799 Times in 720 Posts
    Try running SFC /scannow in an elevated command window to verify system file integrety. Also, try doing a system restore to a point prior to the error.

    Jerry
    Last edited by jwitalka; 2011-04-30 at 12:32.

  14. The Following User Says Thank You to jwitalka For This Useful Post:

    oldodger (2011-04-30)

  15. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Midi Pyrenees, France
    Posts
    8
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Hey Guys - What a great response - Thanks to all of you.
    I can't get access to the crippled PC until next Tuesday but you've given me plenty to look into and prepare.
    If you're not all too hacked off by then, I'll post again in a few days.

    oldodger.

  16. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    Midi Pyrenees, France
    Posts
    8
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Finally managed to run Malwarebytes in Safe Mode. Found and deleted 5 viruses which then enabled execution of AVG which found 3 more.
    As I explained, I'm trying to sort this remotely (that's by car not Internet), and as the guy's just had a bereavement it's all in limbo for now. However, last I checked, his PC was almost back to normal so as his problem now doesn't seem to be virus related I think it's best to consider this Solved.
    I will probably need advice on an 'Automatic Updates setting' that he says he can't change but will post a new thread as and when I have more details.

    Many Thanks

  17. #12
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    U.K.
    Posts
    113
    Thanks
    0
    Thanked 19 Times in 14 Posts
    Quote Originally Posted by oldodger View Post
    After an apparently genuine AV virus scan, which detected a trojan, the user clicked on "send to vault". Since then any attempt to open programs or run exe files results in a message box asking "which program do you want to use to open this?" but with no further actions available.
    Is it possible that the file(s) quarantined was not a trojan but a system file or is it more likely that clicking on the "send to vault" button instigated a viral dowload?

    Posting this on behalf of a friend whose xp Destop is crippled.
    This sounds like a pop-up that occurred whilst browsing and appeared to detect malware,
    and they do the dirty to people who believe they are seeing a scan in progress.
    Such things as XP Antivirus
    http://www.2-spyware.com/remove-xp-anti-virus-2011.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •