Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan.CryptRedol.Gen.2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan.CryptRedol.Gen.2

Unread postby Kronix420 » July 27th, 2009, 10:43 pm

I've been fighting this infection for several days now to no avail.. The infection doesn't seem to affect my system all that much other than random lag spikes, and redirecting me when I click links on google... But it is very annoying and I hate being infected. I've tried scanning in safe mode, running a deep scan, and following some instructions you guys have given to others, but nothing works..

The infection is called "Trojan.CryptRedol.Gen.2" & "Trojan.CryptRedol.Gen.3"

---

Here's my latest Log File:

BitDefender Log File

Product : BitDefender Internet Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 7/27/2009 10:29:00 PM
Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1248748140_3_02.xml

Scan Paths:Path 0000: C:\

Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes

Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :

Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : Log as not scanned

Scan engines summaryNumber of virus signatures : 3850203
Archive plugins : 44
Email plugins : 6
Scan plugins : 13
System plugins : 5
Unpack plugins : 7

Overall scan summaryScanned items : 34173
Infected items : 29
Suspicious items : 0
Resolved items : 0
Unresolved items : 29
Password-protected items : 0
Overcompressed items : 0
Individual viruses found : 29
Scanned directories : 470
Scanned boot sectors : 0
Scanned archives : 400
Input-output errors : 3
Scan time : 00:07:59
Files per second : 69

Scanned processes summaryScanned : 31
Infected : 0

Scanned registry keys summaryScanned : 833
Infected : 0

Scanned cookies summaryScanned : 11
Infected : 0

Remaining issues:Object Name Threat Name Final Status
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed


and here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:01 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6467546140
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Box_NTR v2.6A (.bntr) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\bntr.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 6097 bytes



Thanks in advance for any help you guys can provide.
Kronix420
Active Member
 
Posts: 1
Joined: July 27th, 2009, 10:36 pm
Advertisement
Register to Remove

Re: Trojan.CryptRedol.Gen.2

Unread postby hottroc » July 30th, 2009, 5:22 pm

-----------------------------------------------------------
Malware Removal forum

Hi, Thank you for posting your HijackThis log and welcome to the forum. My name is hottroc and I am going to be helping you to remove any malicious infections from your system.

I shall examine your log and get back to you as soon as possible with further instructions.

I am currently still in training here so all my instructions to you will be double-checked by an expert before posting. This means there will be a small extra delay which I apologise for but please bear with us.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Trojan.CryptRedol.Gen.2

Unread postby hottroc » July 31st, 2009, 5:02 pm

Hi, I need to get a second opinion about that infection that BitDefender found. Please follow these instructions and avoid rebooting your machine if possible until I get back to you....

-----------------------------------------------------------
Online Virus Scan


Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. You will be prompted to install an application from Kaspersky. Click Run.
  3. It will start downloading and installing the scanner and virus definitions.
  4. When the downloads have finished, click on Settings.
  5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives and Mail bases

  6. Click on My Computer under Scan.
  7. Go and make a cup of tea, it could be some time
  8. Once the scan is complete, it will display the results. Click on View Scan Report.
  9. You will see a list of infected items there. Click on Save Report As....
  10. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  11. Please post this log in your next reply.
  12. Please do not reboot or close the machine until I see the results.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Trojan.CryptRedol.Gen.2

Unread postby hottroc » August 4th, 2009, 11:41 am

Hi, I haven't heard from you for a few days, are you still having problems?
Please respond within 48 hours or this topic will be closed.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Trojan.CryptRedol.Gen.2

Unread postby askey127 » August 7th, 2009, 3:53 pm

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware