Virus detected

I have seen this virus called Cryp_FakeAV coming up in Trend Micro on many machines. What is it really?How do you prevent it? How do you remove it? Performing a full system scan is worthless.
tdbrowningAsked:
Who is Participating?
 
tdbrowningConnect With a Mentor Author Commented:
It really is strange but now my virus software does not show the file exists on any of the machines that claimed in the past that it did exist. I am going give it up for now but still award the points because I feel you gave me very valuable tools that I can use for future issues. Thank You.
0
 
rpggamergirlCommented:
Download Malwarebytes' Anti-Malware to your desktop(from either locations below). check for Updates before scanning if possible. Show us the logfile.

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://projects.securitywonks.net/projects/details.php?file=158

 
According to precisesecurity threat center, CRYP_FAKEAV-2 is a worm that spreads on computers by mass-mailing an email with attached video file, which will prompt users to download and install a fake video codec to be able to view the video.  
Sounds very much like the family of Zlob smitfraud family of infections.
0
 
tdbrowningAuthor Commented:
Log file below after running the Malwarebytes software.

Malwarebytes' Anti-Malware 1.30
Database version: 1412
Windows 5.1.2600 Service Pack 2

11/19/2008 11:34:17 AM
mbam-log-2008-11-19 (11-34-12).txt

Scan type: Quick Scan
Objects scanned: 95347
Time elapsed: 17 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
rpggamergirlCommented:
Well.... MalwareBytes didn't find any...let's look at a Hijackthis log and see if it shows up there. We can run also run Combofix afterwards we'll see.
The 2 registry entries that MBAM found infected you can also let it remove.


Download Hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.
0
 
tdbrowningAuthor Commented:
I will try the Hijackthis app this afternoon and send the results.
0
 
tdbrowningAuthor Commented:
THe highjackthis did not find anything. I also performed a search on the hard drive and I cannot find the file. I am not sure what is going on. One day the machine shows it has a virus and the next day it shows it is gone.
0
 
rpggamergirlConnect With a Mentor Commented:
Did TrendMicro give you the name and location of the file?
It could also be false positive, try and run another scanner (like an online Kaspersky scan) and see if it finds anything.
0
 
rpggamergirlCommented:
Thanks for the points and the grade, :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.