 |  |  |  |  |  |  |  |
Please help. HTML:Script.inf and WinRPoly[Cryp] found
 |
I ran Avast! Home Edition after updating to the newest version yesterday and it found something called HTML
cript.inf and WinRPoly [Cryp]. After some internet research, I found several posts on Ubuntu/Linux forums of the HTMLcript.inf being found by AVG Free Home Edition only for the poster or respondents to determine that this is a false positive by AVG. Unfortunately, these posts were for Ubuntu/Linux systems. My systems is a Windows XP SP1 system. Turning to Daniweb, I searched for the HTMLcript.inf in the forum threads. I found indications to download and run Malwarebytes. I did so and following is the log. I did not have it remove any infections yet because I do not know if it will make a backup in case I need to restore any file. Help on the Malwarebytes log and what to do with the HTMLcript.inf and WinRPoly [Cryp] infections is greatly appreciated:
Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 1
4/3/2009 8:05:22 AM
mbam-log-2009-04-03 (08-05-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 290707
Time elapsed: 4 hour(s), 34 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\m.exe (Trojan.Agent) -> No action taken.
C:\p.exe (Trojan.Agent) -> No action taken.
C:\q.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> No action taken.
cript.inf and WinRPoly [Cryp]. After some internet research, I found several posts on Ubuntu/Linux forums of the HTMLcript.inf being found by AVG Free Home Edition only for the poster or respondents to determine that this is a false positive by AVG. Unfortunately, these posts were for Ubuntu/Linux systems. My systems is a Windows XP SP1 system. Turning to Daniweb, I searched for the HTMLcript.inf in the forum threads. I found indications to download and run Malwarebytes. I did so and following is the log. I did not have it remove any infections yet because I do not know if it will make a backup in case I need to restore any file. Help on the Malwarebytes log and what to do with the HTMLcript.inf and WinRPoly [Cryp] infections is greatly appreciated:Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 1
4/3/2009 8:05:22 AM
mbam-log-2009-04-03 (08-05-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 290707
Time elapsed: 4 hour(s), 34 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\m.exe (Trojan.Agent) -> No action taken.
C:\p.exe (Trojan.Agent) -> No action taken.
C:\q.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> No action taken.
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: HELP! yevilido.dll, nizefipu.dll, mubajovi.dll
- Next Thread: Symantic Email Virus Help me PLEASE!!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday