Jump to content

Change Mode

Infected Trojan, DLL Files?


Recommended Posts

Hello..

 

I had a problem with a virus that was slowing my computer down extremely! I ran Combo Fix and it seemed to get rid of most of the problem, as my computer sped up and was near back to normal. However, my Trend Micro PC-cillin is still alerting me that the following is an infected file, with virus name crck_keygen.fq.

 

Infected File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP551\A0051677.EXE

 

Additionally, after running a scan with Trend, I see I have 11 threats for the CRYP_TAP-2 virus. The are all dll.vir files located under C:\QooBox\Quarantine\C\WINDOWS\system32.

 

Any help would be appreciated. I won't run any logs until instructed to do so. Thanks! :clap:

Link to post
Share on other sites

Hello..

 

I had a problem with a virus that was slowing my computer down extremely! I ran Combo Fix and it seemed to get rid of most of the problem, as my computer sped up and was near back to normal. However, my Trend Micro PC-cillin is still alerting me that the following is an infected file, with virus name crck_keygen.fq.

 

Infected File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP551\A0051677.EXE

 

Additionally, after running a scan with Trend, I see I have 11 threats for the CRYP_TAP-2 virus. The are all dll.vir files located under C:\QooBox\Quarantine\C\WINDOWS\system32.

 

Any help would be appreciated. I won't run any logs until instructed to do so. Thanks! :clap:

 

Did you know it can be quite dangerous to run/use a tool like ComboFix without supervision?

Did you save any logs from running the tool?

crck_keygen.fq is usually from downloading cracks/keygens from the net that come bundled with malware.

Chances are there is still residual malware files still on the machine.

 

Myself I think it best to run a HJT log and post in the HJT forum to check for left overs.

 

 

 

Download Trend Micro Hijack This™ and save to desktop.

It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.

Doubleclick the HJTInstall.exe to start it.

By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.

 

Accept the license agreement by clicking the "I Accept" button.

Click on the "Do a system scan and save a log file button. It will scan and then ask you to save the log.

Click "Save log" to save the log file and then the log will open in Notepad.

Click on Edit-> Select All then click on "Edit -> Copy" to copy the entire contents of the log.

 

Next please go to the HJT forum Here

Start a new thread, then paste the contents of your HJT log there. asking for help and be descriptive as possible about your problem. A Trusted Advisor will assist you.

 

Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Link to post
Share on other sites

Infected File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP551\A0051677.EXE

 

Additionally, after running a scan with Trend, I see I have 11 threats for the CRYP_TAP-2 virus. The are all dll.vir files located under C:\QooBox\Quarantine\C\WINDOWS\system32.

 

Any help would be appreciated. I won't run any logs until instructed to do so. Thanks! :clap:

 

 

Looks to me like there is an infected file in the system restore region.

 

Right Click My Computer the select System Restore tab. Then check Turn off System Restore. Click Apply. Wait for it to finish. Then uncheck Turn off System Restore and hit apply again.

 

This will purge your system restore cache and elimite any viruses still existing in your system restore.

 

Regarding the QooBox folder. Do not worry about that folder. That is the folder created by combofix. its safe to just delete QooBox and anything in it after running combofix.

 

Judging by your comments, it would appear that combofix fixed most, if not all of your problems. You should be good 2 go.

 

Hope you found this post helpful.

-Brandon

Edited by brank20
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...