Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

TR/Drop.Agent.qna.2 & TR/Crypt.ZPack.Gen Trojan

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
My virus scan showed the following viruses: TR/Drop.Agent.qna.2 & TR/Crypt.ZPack.Gen Trojan among others. The others, I'm not so sure are viruses but I have them in quarantine anyways (Avira). So I ran the steps from G2g, and still having major issues with my computer. For example, I tried to get on G2g chat, it took about an hour for the box to load. Maybe a problem with my java? I have no clue. The biggest issue I am having, is I CAN'T FIND MY F DRIVE! HOLY crap, right :) !?! My F drive is a 500gb harddrive that I store everything on, and my computer can't find it. PLEASE HELP ME!!!!

Thanks in advance,

ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2009/07/19 11:41
Program Version: Version
Windows Version: Windows XP SP3

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB87FD000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79BB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB6C24000 Size: 49152 File Visible: No Signed: -
Status: -

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7a9d236

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7a9d22c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7a9d23b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7a9d245

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7a9d24a

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7a9d218

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7a9d21d

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7a9d254

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7a9d24f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7a9d240

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7a9d227


Edited by TwinDiddy, 19 July 2009 - 11:01 AM.

  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP