Help With Trojan.crptredol.gen.2 Trojan.crptredol.gen.3

lax2ams

Help i cant remove this virus with Bitdefender in regular or safe mode any help would be apreciated

Bitdefender Report (rootkit scan)

http://www.sendspace.com/file/lvqnu5

GMER Report

http://www.sendspace.com/file/6py420

Thanks

Alex Stanciu

Hello lax2ams ,

In order to remove the infected objects from your computer you need to perform the following steps:

1. Disable the BitDefender real-time protection and/or any other active security solution(s) that you are using;

2. Save and extract the AVIS tool to a location of your choice:

RECOMMENDED: http://www.bitdefender.com/files/KnowledgeBase/file/AVIS.zip

or use the version attached to this email: AVIS.zip (not available for all email providers)

3. Make sure you close all active applications and run "AVIS.exe";

4. Select the "Update" module from the left; Click on the "Update now" button and allow the process a few moments to download and apply the changes; The tool might reload;

5. Select the "Clean" module from the left; Check that the "Choose action to take" is set to "Force file delete (requires restart)";

6. Use the "Add file" button to add the following files to the files to delete list:

C:\WINDOWS\system32\ and select the file called geyekrsoefdtyv.dll

7. Check that all items mentioned above are added to the list and then click the "Start clean" button and confirm the restart.

In order to check whether the virus removal procedure has succeeded, we recommend another complete scan of your computer with BitDefender.

~

[how to DISABLE THE REAL-TIME PROTECTION on BitDefender 2009]

In order to disable the real-time protection please open BitDefender, "switch to Advanced View", go to "Antivirus" > "Shield" and click on "Real-time protection is enabled", select the time interval that suites your troubleshooting needs and click "OK" (the message will change to "Real-time protection is disabled"). The real-time protection should be enabled after performing the troubleshooting procedure.

If the situation persists or you require further assistance please do not hesitate to contact us.

Thank you .

lax2ams

http://www.sendspace.com/file/vn4y5r

still showing up but i cant find that dll i deleted in the system file so i guess that part worked

Any more info? Thanks

Alex Stanciu

Hello lax2ams ,

We have analyzed the scan report and it seems that you still have the infection . In order to be able to further help you , please run Avis following the steps bellow :

1. Run Avis , select the "Update" module from the left , click on the "Update now" button and allow the process a few moments to download and apply the changes; The tool might reload;

2. Select the "System Info" module from the left and check that the "System log type" is set to "Complete (Recommended)";

3. Click the "Create log" button to start generating the log; A small window will appear displaying a progress bar indicating that the tool is creating the report;

4. When the small window disappears then the report is complete and a new file named "bd_sys_log.zip" has appeared on your Desktop;

5. Upload the "bd_sys_log.zip" file on : http://www.sendspace.com/ and post here the download link .

Thank you .

lax2ams

I have found a anti-root detection and removal program that has removed my problem.

Thanks

Viscon

I have found a anti-root detection and removal program that has removed my problem.

what is that anti-root proggy that halped, if i may ask...

Unknown

what is that anti-root proggy that halped, if i may ask...

I'm having a similar problem but I can't find the Dll file you mentioned. I ran the AVIS software but I had a problem updating the definitions. Maybe thats why I couldn't find the file in system/32.

Can you please help - the live check reveals 26 of the trojan nasties in the system/32 folder!

Thanks in advance.

lax2ams

I'm not sure if links to other sites are ok , but I found and tried a program that worked.

Its the only one that worked out of 5 different programs ive tried

ive scanned my system 3 times since the removal and i have nothing anymore~!

Hope this helps

Alex Stanciu

Hello MrFisty ,

You do not need to update Avis , simply perform the steps that will help you obtain the bd_sys_log.zip report . You can find all the instructions on how to obtain this file following the instructions from the next BitDefender article :http://kb.bitdefender.com/KB490 .Also , it will also help us if you can generate a report with Gmer . Upload the results here : http://www.sendspace.com/ and post the download links after that .

Thank you .

lax2ams

If avis doesnt work like on my sysem then send me a message if you want to know the program that was able to clean these fiels. I cannot post the link in this forum due to forum ruels.

Thanks