Hello pplz, my friend just got infected with a virus called cryp_tap. It was detected with trend micro, and pops up in a dioulouge box every 1 second. he is running a microsoft xp OS and is unsure of his hardware SPECS. He said that whenever the box pops up it makes a clicking noise. He said it is very annoying and that he has alot of assignments to do and is worried about using the internet. Does anyone know it it will steal passwords, and does anyone know how to get rid of it?

thankyou Print these instructions out.

1. Run one of two free on-line scanners:
*** ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This scanner is for Internet Explorer only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete, make sure, that "Remove found threats", and "Scan unwanted applications" are checkmarked.
6. Click the "Scan" button
7. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

*** TrendMicro online scanner, HouseCall
Note: This scanner works with Firefox, and Internet Explorer

Click on
It'll ask you to download small housecall66.exe to your computer.
Double click on the above file to begin scanning process.

HouseCall pop-up window will open.
Accept the agreement.
In next window, select Complete Scan, and click on Start Scanning button.

Relax, it'll take a while...

Upon completion HouseCall will display results under Results tab.
Click Clean now button.
Close application.

Find TrendMicro log, housecall0.log. Its location:
Windows XP: C:\Documents and Settings\username\Application Data\HouseCall 6.6\log
Vista: C:\Users\username\AppData\Roaming\HouseCall 6.6\log


2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, MANUALLY download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it SCANS your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "QUARANTINE and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

4. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Quote from: nibblit on February 23, 2008, 07:03:08 PM

Does anyone know it it will steal passwords, and does anyone know how to get rid of it?

It's OK. It'd be much better, if your friend could post here by himself, so we have all info first hand.