Please help. HTML:Script.inf and WinRPoly[Cryp] found

Expand Post »

I ran Avast! Home Edition after updating to the newest version yesterday and it found something called HTML

cript.inf and WinRPoly [Cryp]. After some internet research, I found several posts on Ubuntu/Linux forums of the HTML

cript.inf being found by AVG Free Home Edition only for the poster or respondents to determine that this is a false positive by AVG. Unfortunately, these posts were for Ubuntu/Linux systems. My systems is a Windows XP SP1 system. Turning to Daniweb, I searched for the HTML

cript.inf in the forum threads. I found indications to download and run Malwarebytes. I did so and following is the log. I did not have it remove any infections yet because I do not know if it will make a backup in case I need to restore any file. Help on the Malwarebytes log and what to do with the HTML

cript.inf and WinRPoly [Cryp] infections is greatly appreciated:

Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 1

4/3/2009 8:05:22 AM
mbam-log-2009-04-03 (08-05-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 290707
Time elapsed: 4 hour(s), 34 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\m.exe (Trojan.Agent) -> No action taken.
C:\p.exe (Trojan.Agent) -> No action taken.
C:\q.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> No action taken.

steed61

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

4 posts
since Nov 2006

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: HELP! yevilido.dll, nizefipu.dll, mubajovi.dll

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Symantic Email Virus Help me PLEASE!!

DaniWeb Message

Cancel Changes

User Name
Password