 |  |  |  |  |  |  |  |
Please help. HTML:Script.inf and WinRPoly[Cryp] found
 |
I ran Avast! Home Edition after updating to the newest version yesterday and it found something called HTML
cript.inf and WinRPoly [Cryp]. After some internet research, I found several posts on Ubuntu/Linux forums of the HTMLcript.inf being found by AVG Free Home Edition only for the poster or respondents to determine that this is a false positive by AVG. Unfortunately, these posts were for Ubuntu/Linux systems. My systems is a Windows XP SP1 system. Turning to Daniweb, I searched for the HTMLcript.inf in the forum threads. I found indications to download and run Malwarebytes. I did so and following is the log. I did not have it remove any infections yet because I do not know if it will make a backup in case I need to restore any file. Help on the Malwarebytes log and what to do with the HTMLcript.inf and WinRPoly [Cryp] infections is greatly appreciated:
Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 1
4/3/2009 8:05:22 AM
mbam-log-2009-04-03 (08-05-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 290707
Time elapsed: 4 hour(s), 34 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\m.exe (Trojan.Agent) -> No action taken.
C:\p.exe (Trojan.Agent) -> No action taken.
C:\q.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> No action taken.
cript.inf and WinRPoly [Cryp]. After some internet research, I found several posts on Ubuntu/Linux forums of the HTMLcript.inf being found by AVG Free Home Edition only for the poster or respondents to determine that this is a false positive by AVG. Unfortunately, these posts were for Ubuntu/Linux systems. My systems is a Windows XP SP1 system. Turning to Daniweb, I searched for the HTMLcript.inf in the forum threads. I found indications to download and run Malwarebytes. I did so and following is the log. I did not have it remove any infections yet because I do not know if it will make a backup in case I need to restore any file. Help on the Malwarebytes log and what to do with the HTMLcript.inf and WinRPoly [Cryp] infections is greatly appreciated:Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 1
4/3/2009 8:05:22 AM
mbam-log-2009-04-03 (08-05-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 290707
Time elapsed: 4 hour(s), 34 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\m.exe (Trojan.Agent) -> No action taken.
C:\p.exe (Trojan.Agent) -> No action taken.
C:\q.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> No action taken.
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: HELP! yevilido.dll, nizefipu.dll, mubajovi.dll
- Next Thread: Symantic Email Virus Help me PLEASE!!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday
