1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

crypkey is it spyware?

Discussion in 'Windows XP' started by carol perez, Apr 17, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. carol perez

    carol perez Thread Starter

    Joined:
    Apr 17, 2004
    Messages:
    15
    I am running XP and recently I went to a site and got the peper trojan and a few other trojans which were detected in Kephyr.com. I removed them and then purchased Spyhunter and also run Adaware. So now I scan with Adaware, Norton, Spyhunter and Bazooka. Since the trojan my coimputer is running very slow. In Spyhunter I have deleted several files....but it keeps telling me I have the Crypkey crypserv.exe file and that it should be deleted. For some reason I am not sure if I should delete that file. Is it okay to delete it?? :confused:
     
  2. rude

    rude

    Joined:
    Mar 8, 2004
    Messages:
    2,326
    Do you use Crypkey software security?If not it should be safe to delete it but I would first check in add/remove and uninstall it there.

    Just a note,but before running ANY scan for virus,trojan,worm etc. you should ALWAYS turn off System Restore as copies of everything you are trying to get rid of are in System Restore just waiting for you to put them back where they came from in the first place.

    Another good thing to do before running the scans is to clear out your TIF and other temp files.
    In Internet Options, under the General tab click the Delete temporary internet files, choose to delete all Offline content.
    Also, go to Start - Search - Files or folders - in the named box, type: *.tmp and choose Edit - select all - File - delete.
    Empty the contents of the C:\Windows\temp folder and C:\temp folder, if you have one. Empty Recycle bin.

    Once you have cleaned your system and have it running the way it should,turn System Restore back on.
     
  3. carol perez

    carol perez Thread Starter

    Joined:
    Apr 17, 2004
    Messages:
    15
    Thank you...I have this little program called Winclean and used it to delete all the temporary files... .bak .old .tmp etc. Then I turned off the System Restore....Hmmm wonder if the trojans are lurking in there. Anyway I am about to delete the crypserv.exe file as soon as the scan turns it up again.
     
  4. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    First please get Spybot S&D to clear out most of the spyware.

    Short tutorial and download link here:
    http://tomcoyote.org/SPYBOT/

    Fix everything SpybotSD labels in red.

    Then after reboot:
    Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
    __________________
     
  5. carol perez

    carol perez Thread Starter

    Joined:
    Apr 17, 2004
    Messages:
    15
    ok here it is....

    Logfile of HijackThis v1.97.7
    Scan saved at 12:01:08 AM, on 4/18/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\eBayTBar.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
    C:\Program Files\Lily_Utils\WinClean\WinClean.EXE
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    F0 - system.ini: Shell=
    F2 - REG:system.ini: Shell=
    O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\eBayBand.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\eBayBand.dll
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: eBay Toolbar.LNK = ?
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O8 - Extra context menu item: Free Software - C:\Program Files\Cool Web Scrollbars\hh.html
    O9 - Extra button: MktBrowser (HKLM)
    O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
    O9 - Extra button: eBay Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: NeoTrace It! (HKCU)
    O9 - Extra button: WeatherBug (HKCU)
    O9 - Extra button: AddaButton (HKCU)
    O9 - Extra 'Tools' menuitem: AddaButton (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.2181018519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  6. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Download CWShredder:
    http://www.spywareinfo.com/~merijn/files/CWShredder.exe
    Run and hit the ->fix tab to fix all found problems

    CWS takes advantage of security holes in windows so you should install all critical as well as hotfixes available from windows update.

    Then Rescan and put a check next to each of these then close all browser windows and click "fix checked"

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

    F0 - system.ini: Shell=

    F2 - REG:system.ini: Shell=

    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    O8 - Extra context menu item: Free Software - C:\Program Files\Cool Web Scrollbars\hh.html
    O9 - Extra button: MktBrowser (HKLM)
    O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
     
  7. boyoh53

    boyoh53

    Joined:
    Nov 28, 2002
    Messages:
    2,985
    Hi, SpyHunter itself is of doubtful reputation. It has been suggested that it may even plant stuff on your computer then tell you you have to purchase it to clean their planted rubbish. See this;

    http://www.post-gazette.com/pg/03289/231446.stm
     
  8. boyoh53

    boyoh53

    Joined:
    Nov 28, 2002
    Messages:
    2,985
  9. carol perez

    carol perez Thread Starter

    Joined:
    Apr 17, 2004
    Messages:
    15
    Message well taken ....I uninstalled Spyhunter and will refuse to pay for it on my credit card. Thanks.
    -carol
     
  10. boyoh53

    boyoh53

    Joined:
    Nov 28, 2002
    Messages:
    2,985
    Hello carol, I had it myself over a year ago, but I wasn't tricked into it. Nor were there any strange files on my computer.
    I had my money refunded within 48 hours. As far as I can remember I dealt with the company that collects their money, they gave Spyhunter a couple of days to sort it out. I reported they were not answering my emails, next thing was an email telling of refund.
     
  11. carol perez

    carol perez Thread Starter

    Joined:
    Apr 17, 2004
    Messages:
    15
    Yup....I just sent and email to Enigma requesting a refund and I removed the program from my computer in the add/remove. Thanks for the info ...I don't need bad stuff screwing up my computer!
    Thanks
    carol
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221360

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice