kryptic.CNE trojan

Discussion in 'ESET NOD32 Antivirus' started by kalu, Feb 16, 2010.

Thread Status:
Not open for further replies.
  1. kalu

    kalu Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    49
    Hello Friends
    My network is infected with what NOD says as kryptic trojan
    sometimes it says kryptic.cne some times kryptic.qe etc etc
    when i scan a pc it says number of inflitrations found not number of virus or trojan detected. when ping www.someip.com the command prompt automatically closes. So i'm confirmed that i'm infected is anyone out there who could help me fix this issue.
    i tried downloading a removal tool from this link
    http://www.securitystronghold.com/g...ates/download/Cryptic-Trojan-Removal-Tool.exe
    and NOD warned me as a virus so i didn't tried it

    i'm begging for your support
    thanks in advance
    kalu
     
  2. kalu

    kalu Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    49
    my virus signature are uptodate
    and i'm using eset nod32 antivirus v 4.xxxx. business edition
    thanks
     
  3. Roman Rashevskiy

    Roman Rashevskiy Former Poster

    Joined:
    Jan 17, 2010
    Posts:
    13
    Location:
    Russia
    Hello!

    How many computers in your network? Do you have server in your network?
    If you have home network you can turn off from network all your computers and cure all PCs one-by-one.

    --
    Best regards,
    Roman Rashevskiy.
     
  4. kalu

    kalu Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    49
    hi
    yes i do have windows 2003 server and around 15 clients.
    Is that the only last resort i have i.e. disconnect all clients from network and scan and cure all pc's one bye one?

    Thankyou
    kalu
     
  5. kalu

    kalu Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    49
    hi frens after doing a bit of analysis
    we found that there is file inside c:\windows\system32\wiacmfgr.exe which is the main culprit. It does not allow to open command prompt .. it is not seen in task manager and it opens port on windows firewall as DHCP ROUTER.
    is there any tools to remove this crap.
    thanks
    kalu
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Try renaming the file and restarting the computer. If it's not detected, submit it to ESET for analysis.
     
  7. Roman Rashevskiy

    Roman Rashevskiy Former Poster

    Joined:
    Jan 17, 2010
    Posts:
    13
    Location:
    Russia
    You can use Eset SysInspector to find and remove viruses from your computers. :)
     
  8. kalu

    kalu Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    49
    i can neither rename nor delete it. It is not even shown in task manager.
     
  9. kalu

    kalu Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    49
    i don't have access to that file how can i submit it for analysis? :~
     
  10. kalu

    kalu Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    49
  11. kalu

    kalu Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    49
  12. kalu

    kalu Registered Member

    Joined:
    Nov 3, 2009
    Posts:
    49
    Thanks hardworking guys at ESET.
    Finally it detects the virus as
    win32/AutoRun.IRCBot.DZ Worm
    my virus signature database is 4875
    Thankyou very much for your kind support
    kalu
     
Thread Status:
Not open for further replies.