Need help: Win32/Kryptik.COPC troyan

[sanjoa]

Hi, guys! How are ya? I'm having an issue with a troyan, Win32/Kryptik.COPC. I can't delete it, I have ESET Endpoint Antivirus 5.0.2229.1 installed and it detects and delete it over and over again. How can I delete permanently from my system? Thanks in advance.

[gipsy]

!hola compadre!

read,download,delete & be happy.

http://www.freedrweb.com/cureit/?lng=es

[Udo Kuoio]

Hi, guys! How are ya? I'm having an issue with a troyan, Win32/Kryptik.COPC. I can't delete it, I have ESET Endpoint Antivirus 5.0.2229.1 installed and it detects and delete it over and over again. How can I delete permanently from my system? Thanks in advance.

Try with ComboFix. Better if in Safe Mode.

[A.lemane]

Download Stinger (Includes Raptor BETA)

Builds below are for ePO administrators and 64bit systems

Download Stinger-ePO for 32bit systems
Download Stinger-ePO for 64bit systems
Download Stinger for x64 systems (Includes Raptor BETA)

[SnakeMasteR]

TDSSKiller, AdwCleaner, MBAM, UnHackMe. And of course, HitmanPro.

[psyko666]

HitmanPro is the solution...

Download here

[lurch234]

First and foremost is to disable Windows system restore and delete all restore points as well.

MBAM and HitmanPro are good so try them.

[Karamjit]

if the above tools suggested by nsaners fail then use this ultimate one and it won't disappoint you:

http://support.kaspersky.com/viruses/rescuedisk#downloads

[rudrax]

[Kalju]

First you should think where and how you have got this gift and eliminate the source.

Then see what are recommended to do.

http://www.malwareremovalguides.info/win32kryptik-removal-instructions/

And if you really get rid of it, then you're luck-fungus.

[unknownasphyxiated]

better if you show us the logs or you can do it yourself

view the log..check where the infection source

if the infection is in system restore, you can follow @lurch234 instruction

[dcs18]

Just perform a restore and regain your lost sleep. ;)

[sanjoa]

:chair: :chair: :chair: :rant: :rant: :mad2: :mad2:

It seems I have deleted it using MBAM + EEA, but MBAM is blocking those IPs (I don't recognize none of them). Most are located in Europe.

Detection, 29/10/2014 06:48:28, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 95.79.91.129, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 06:48:28, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 95.79.91.129, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 06:54:25, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 178.152.14.215, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 06:54:25, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 178.152.14.215, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 07:26:55, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 79.135.131.84, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 07:26:55, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 79.135.131.84, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 07:41:31, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.7.123.209, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 07:41:32, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.7.123.209, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 07:42:37, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 188.65.50.61, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 07:42:37, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 188.65.50.61, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 08:33:33, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 219.153.99.107, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 08:33:34, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 219.153.99.107, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 08:35:52, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 185.21.216.133, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 08:35:52, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 185.21.216.133, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 08:54:22, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 176.120.38.238, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 08:54:22, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 176.120.38.238, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 09:22:46, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.120.58, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 09:22:47, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.120.58, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 10:07:58, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 93.103.86.42, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 10:07:59, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 93.103.86.42, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 10:44:33, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.120.58, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 10:44:33, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.120.58, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:00:04, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 217.23.187.27, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:00:04, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 217.23.187.27, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:02:25, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 217.23.187.9, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:02:25, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 217.23.187.9, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:20:11, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.39.234, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:20:11, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.39.234, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:20:21, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.39.234, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:20:40, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.39.234, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:20:41, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.39.234, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:28:34, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 121.10.80.229, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:28:34, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 121.10.80.229, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:39:36, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.39.157, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:39:36, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.39.157, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:39:37, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.39.157, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:45:36, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.106.90, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:45:36, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.106.90, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:48:56, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 217.23.187.214, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:48:56, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 217.23.187.214, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:49:02, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.145.150, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:49:03, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.9.145.150, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:54:53, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.8.24.73, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:54:53, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 218.8.24.73, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:54:57, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 93.170.50.236, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 11:54:57, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 93.170.50.236, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 12:07:59, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 217.23.187.79, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 12:07:59, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 217.23.187.79, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 12:13:58, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 194.165.0.4, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 12:13:58, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 194.165.0.4, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 12:21:32, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.120.58, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 12:21:32, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.120.58, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 12:48:24, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 93.170.50.175, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 12:48:24, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 93.170.50.175, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 15:09:38, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 37.221.169.131, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 15:09:39, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 37.221.169.131, 6881, Inbound, C:\Windows\explorer.exe, Detection, 29/10/2014 15:13:44, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.82.188, 6881, Outbound, C:\Windows\explorer.exe, Detection, 29/10/2014 15:13:45, SYSTEM, PONDEROSA, Protection, Malicious Website Protection, IP, 41.35.82.188, 6881, Outbound, C:\Windows\explorer.exe, 

[212eta]

AdwCleaner and HitmanPro.

MBAM, too.

[rudrax]

@sanjoa, after a binary infection, you can never keep your mind peace. After the virus removal, if something behaves in the way it should not, you will begin to think that it's due the infection. You can try a system restore as suggested by dcs18 but don't know why, system behave quite odd sometimes and lakes responsiveness after that.

Delete all partition, wipe the HDD and instal a fresh copy. Do not forget to backup all the things that you need. Onwards, instal a good antivirus, a good firewall and use your common sense while dealing with files that doesn't belong from your system. Never compromise in security and keep your eyes and senses open while you are on the web and inserting removable media.

There is no need for your Explorer.exe to call those IPs. This is system file infection and you will be always at risk with these.

[sanjoa]

HitmanPro did found some kind of bitcoin miner installed on my system and malware on IE ( :wtf: I don't use IE anymore)

[Kalju]

HitmanPro did found some kind of bitcoin miner installed on my system and malware on IE ( :wtf: I don't use IE anymore)

1. It does not help;

2. It is not problem of IE;

[knowledge-Spammer]

try Windows8FirewallControlPlus- and see whats going on

[sanjoa]

UnhackMe found AFX Rootkit installed in my system.

[software182]

This is going crazy, re-installed your system :p or try KIS 2015 instead EES 5 :think:

[dcs18]

I don't know what is worse:--

having an infection

or

ending up with a unresponsive machine, bearing the brunt of all those security software installed

just to remove malware

which may / may not have been eradicated.

[rudrax]

UnhackMe found AFX Rootkit installed in my system.

Don't waste time to play with them allowing them to steal more data from you :angry: Just clean format your system and promise yourself that you will never compromise on security for a piece of cheese which you don't know if it's a mouse trap.

[sanjoa]

Finally, I managed to delete all malware installed in my system, and I don't how did I caught that. :S

[Kalju]

Finally, I managed to delete all malware installed in my system, and I don't how did I caught that. :s

Even the God won't able to do everything.... And you were able?

[sanjoa]

Finally, I managed to delete all malware installed in my system, and I don't how did I caught that. :s

Even the God won't able to do everything.... And you were able?

Yes, I did. Till now, nothing popped up in the logs. I've found the folder were it was, used Unlocker and bye-bye.