Virus?

Casual

I just started getting this warning flashing up every ten seconds. Is it false positive or something more serious? I can't get the warnings to stop.

TychoCelchuuu

Did you download crypt_new_uk44.exe recently?

Casual

Uhhh, not to my knowledge but I was at a LAN last weekend and some stuff was shared.

TychoCelchuuu

So maybe it's a trojan. Delete it and Avast! will shut up. If you ran it, though, you might be infected, at which point it's 5+ virus scanners time or reformat time or something.

Casual

I've deleted it but Avast still flags it every ten seconds.

matt has a problem

In that case crypt_new_uk44.exe is being created by something that's hidden somewhere else on your computer, most likely another program dialing home to download it. Run a regular virus scan, run malwarebytes, see what happens.

TychoCelchuuu

It says it's a rootkit so it's quite possibly a rootkit. At this point I'd nuke from orbit. It's the only way to be sure.

Casual

I was hoping to avoid a format. Running malwarebytes now.

3drage

Once your system has been compromised no other method but a complete format is recommended.

Casual

3drage wrote: »

Once your system has been compromised no other method but a complete format is recommended.

You format every time you get a bit of malware? It's using a hammer to crack a nut.


I downloaded and used malwarebytes and it seems to have gotten rid of it. Avast! has stopped popping up every ten seconds anyway.

GrimReaper

Casual wrote: »

3drage wrote: »

Once your system has been compromised no other method but a complete format is recommended.

You format every time you get a bit of malware? It's using a hammer to crack a nut.


I downloaded and used malwarebytes and it seems to have gotten rid of it. Avast! has stopped popping up every ten seconds anyway.

If you're unfamiliar with using boot cd's like bartpe then yeah, nuking it from orbit is the best way to go.

If however you're pretty confident then you can create a bartpe boot cd and edit the registry, delete files etc. This all assumes you know what you are doing. I use a custom bartpe cd at work for when an outside contractor inevitably brings in a virus on a flash drive or on their laptop.

3drage

Casual wrote: »

3drage wrote: »

Once your system has been compromised no other method but a complete format is recommended.

You format every time you get a bit of malware? It's using a hammer to crack a nut.


I downloaded and used malwarebytes and it seems to have gotten rid of it. Avast! has stopped popping up every ten seconds anyway.

Have fun, hopefully you don't get your accounts hacked by a key logger running via a rootkit that software won't pick up. If your ID is stolen it's your nuts that will be cracked.

TychoCelchuuu

Casual wrote: »

3drage wrote: »

Once your system has been compromised no other method but a complete format is recommended.

You format every time you get a bit of malware? It's using a hammer to crack a nut.


I downloaded and used malwarebytes and it seems to have gotten rid of it. Avast! has stopped popping up every ten seconds anyway.

A rootkit is not "a bit of malware." It's basically the toughest thing to remove, and it's even harder to know that you've removed it vs. just killed it enough to keep from noticing that it's logging all of your keystrokes.

TelMarine

I agree with you Casual, you shouldn't have to reformat. Formatting everytime something like this happens is a waste of time imo and people here always say that is what you should do (which you shouldn't really). There was another thread with something similar and recommended using rkill and TDSSKiller (http://support.kaspersky.com/viruses/solutions?qid=208280684) which worked very well and could be useful to you.