 |  |  |  |  |  |  |  |
Please help. HTML:Script.inf and WinRPoly[Cryp] found
 |
I ran Avast! Home Edition after updating to the newest version yesterday and it found something called HTML
cript.inf and WinRPoly [Cryp]. After some internet research, I found several posts on Ubuntu/Linux forums of the HTMLcript.inf being found by AVG Free Home Edition only for the poster or respondents to determine that this is a false positive by AVG. Unfortunately, these posts were for Ubuntu/Linux systems. My systems is a Windows XP SP1 system. Turning to Daniweb, I searched for the HTMLcript.inf in the forum threads. I found indications to download and run Malwarebytes. I did so and following is the log. I did not have it remove any infections yet because I do not know if it will make a backup in case I need to restore any file. Help on the Malwarebytes log and what to do with the HTMLcript.inf and WinRPoly [Cryp] infections is greatly appreciated:
Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 1
4/3/2009 8:05:22 AM
mbam-log-2009-04-03 (08-05-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 290707
Time elapsed: 4 hour(s), 34 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\m.exe (Trojan.Agent) -> No action taken.
C:\p.exe (Trojan.Agent) -> No action taken.
C:\q.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> No action taken.
cript.inf and WinRPoly [Cryp]. After some internet research, I found several posts on Ubuntu/Linux forums of the HTMLcript.inf being found by AVG Free Home Edition only for the poster or respondents to determine that this is a false positive by AVG. Unfortunately, these posts were for Ubuntu/Linux systems. My systems is a Windows XP SP1 system. Turning to Daniweb, I searched for the HTMLcript.inf in the forum threads. I found indications to download and run Malwarebytes. I did so and following is the log. I did not have it remove any infections yet because I do not know if it will make a backup in case I need to restore any file. Help on the Malwarebytes log and what to do with the HTMLcript.inf and WinRPoly [Cryp] infections is greatly appreciated:Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 1
4/3/2009 8:05:22 AM
mbam-log-2009-04-03 (08-05-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 290707
Time elapsed: 4 hour(s), 34 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\m.exe (Trojan.Agent) -> No action taken.
C:\p.exe (Trojan.Agent) -> No action taken.
C:\q.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> No action taken.
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: HELP! yevilido.dll, nizefipu.dll, mubajovi.dll
- Next Thread: Symantic Email Virus Help me PLEASE!!
Views: 963 | Replies: 0
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware alert antivirus apple audio avg bar bing botnet breach china code combofix commercials conficker control crosssitescripting crypto cyber cyberwarfare ddos domains e-mafia email explorer facebook firefox gaming google gtaiv gumblar hacking halloween hjt hosts internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news norton obama onlinethreats paedophile panel password pdf phishing police porn privacy pro problem redirect redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted virus viruses vista volume vulnerability war warning web windows winfh.dll worm zeroday
