Win32:Atraps-PF[tjr] need help Essex

system · July 9, 2012, 5:55pm

I am having problems with this virus and i made this account cause i need help. I saw some other topics like this one but Essexboy said that is relevant only for that system, so i decided to create this topic for help my system.

I have used many times the MalwareBytes but that trojan keep backing in my system, and avast always pop up the virus messenge

here is the Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Versão da Base de Dados: v2012.07.09.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Usuario :: USUARIO-PC [administrador]

Proteção: Permitir

09/07/2012 14:51:14
mbam-log-2012-07-09 (14-51-14).txt

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1
C:\Windows\Installer{118813ea-aaba-5bc0-ef5c-b6a25a21ef88}\U\00000008.@ (Trojan.Dropper.BCMiner) → Enviado para a Quarentena e deletado com sucesso.

(fim)

Sorry for my poor english and for my log in portuguese

magna86 · July 9, 2012, 6:03pm

I will help you with a malwareremoval. MBAM have detected trases of ZeroAccess rootkit.

Please do this:

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

* When done, DDS will open two (2) logs:
     1. DDS.txt
     2. Attach.txt

Save both reports to your desktop. Attach DDS.txt back to topic.

system · July 9, 2012, 6:12pm

Here is the reports requested.

magna86 · July 9, 2012, 6:22pm

Did you run OTL?

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Post log reports ( ComboFix.txt) back to topic.

system · July 9, 2012, 7:00pm

When i tried run the combofix, after the program finished, someting strange happened and my entire system crashed, i had to restore it

system · July 9, 2012, 7:02pm

But, here is the combofix report

magna86 · July 9, 2012, 7:33pm

Do you know you have installed SpyKeyLogger keylogger?

system · July 9, 2012, 7:44pm

yes, my sister installed this program

magna86 · July 9, 2012, 7:47pm

Ok, then re-run malwarebytes and attach here fresh mbam log.

system · July 9, 2012, 7:50pm

here:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Versão da Base de Dados: v2012.07.09.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Usuario :: USUARIO-PC [administrador]

Proteção: Permitir

09/07/2012 16:49:27
mbam-log-2012-07-09 (16-49-27).txt

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

magna86 · July 9, 2012, 7:56pm

It is necessary to uninstall Combofix

Start >> Run

Combofix /Uninstall

Enter

system · July 9, 2012, 8:03pm

Already did this, ty helped me a lot. but i think that the virus damaged some of my folders, i can’t access some folders, they are blocked, and others are “invisible”, what should i do?

magna86 · July 9, 2012, 8:27pm

Should not the malware responsible for it. Which Folders you can not access? Have you rebooted your computer after uninstalling Combofix??

system · July 9, 2012, 11:01pm

Archives and programs, documents and settings. yes, i rebooted my computer after combofix unistall

magna86 · July 10, 2012, 10:13am

Dont know what could be a problem, but removal tool or removed malware should not be responsible for this problem.

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
http://majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)

Create a System Restore in Step4 tab and again if prompted.
Now select the Start Repairs tab.
The click the Start button.
On the next screen, click the Unselect All button to first deselect all repairs.
Now select the following repair options:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Remove Policies Set By Infections
Repair Icon
Repair Winsock & DNS Cache
Repair Proxy Settings
Repair Windows Updates
Repair CD/DVD Missing /Not working
Set Windows Services To Default Startup

Now on the lower right side check the box to Restart/Shutdown System When Finished
Then make sure the Restart System radio button is enabled.
Shutdown any other programs that you are running now before continuing.
Now click the Start button.

Be patient while the tool repairs the selected items.

[*]It should reboot automatically when finished.

Re-run Windows Repair and follow instructions in Step2 then in Step3 to check disk and check system file and .

system · July 10, 2012, 2:21pm

Still having the same problem…
And i checked today that my task mananger isn’t working, works only in safe mode…

i will attach some logs of importance

system · July 10, 2012, 2:40pm

Here is attached a printscreen of my problem:

magna86 · July 10, 2012, 11:11pm

Do the following, we go the extra check.

DDS
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

* When done, DDS will open two (2) logs:
     1. DDS.txt
     2. Attach.txt

Save both reports to your desktop. Attach DDS.txt and Attach.txt back to topic.

…

GMER
Download the program from the link below GMER to the Desktop:
GMER download:
www2.gmer.net/download.php

note: File is random named

Double click to run GMER.

Wait until the initial scan is complete. It will be over soon.

if you have any inquiry appears, click No;
Then click Scan and wait until the scan is complete;
Click Save …
Save the report to your Desktop (called Gmer1);

Right-click on the Gmer window and select Options> Only non MS files - click Scan;
after a short scan, click Save …
Save the report to your Desktop (called Gmer2);

Click the button >>> and select Auto-start card;
after a wery short scan, click Copy;
Open Notepad and place a copied text ( paste option ) - save the report to the Desktop (named Gmer3);

…

Attach here DDS.txt , Attach.txt and Gmer1/2/3 .txt

system · July 11, 2012, 1:06am

Did all the steps but when i click in the auto-scan card the Gmer don’t make any scans so, is missing the Gmer 3 report…

But here is the others

magna86 · July 11, 2012, 11:54am

You lost admin privileges, but the computer is clean. :-
Abaut the GMER, it does not work on x64bit system. ;D I was in a hurry when I wrote it…

Run this program may solve the problem:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Win32:Atraps-PF[tjr] need help Essex

Announcements