Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CryptXPACK.Gen.Trojan


  • Please log in to reply

#1
grandpa

grandpa

    Member

  • Member
  • PipPipPip
  • 265 posts
Hi

I have just recently installed Turbocash4 and scanned it using; Avira, A squared, Avast, Malwarbytes, AVG Superantispyware, and Spybot.The first 2 found the Trojan Crypt XPACK Gen.Trojan in Turbocash 4.I am wondering if this could be a false positve, or are there other tests I should do. I have allowed Avira to move the files to quarantine, this doesn't seem to have effectd TurboCash so far.
Im not sure if Ive done the RootRepeal correctly.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/23 07:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_IdeChnDr.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_IdeChnDr.sys
Address: 0xB2CFD000 Size: 98304 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1F92000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d1d6b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "TfSysMon.sys" at address 0xf858ba1c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "TfSysMon.sys" at address 0xf858bc10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf858bcb6

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d1d14c

#: 119 Function Name: NtOpenKey
Status: Hooked by "TfSysMon.sys" at address 0xf858b90c

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d1d08c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d1d0f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d1d76e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb2d1d72e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf858be52

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "TfSysMon.sys" at address 0xf858db30

==EOF==

Can anyone please advise what the best thing to do is.

Many thanks

Grandpa

Edited by grandpa, 22 November 2009 - 12:26 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP