crypt.xpack.gen - Log check request.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Jakkc, Apr 10, 2011.

  1. Jakkc

    Jakkc Private E-2

    Hello,

    Recently got this malware on my laptop, really unsure of when or where I got it sorry. It's not caused me any problems as such, however after reading various things about it and seeing talk of it being a nasty keylogger I've decided to take some action.

    I followed the guideline threads all the way and have attached the logs to this post - I think I might have missed a trick with Super Anti Spyware as I didn't get a log off that, if it is of major importance just let me know and I'll do another scan and upload its log. Also, I didn't use root removal as I am on 64 bit Windows 7.

    Also on a side note my volume control now comes up with "The Audio Service is not running" and this has only been since running all the programs. There is not problem with sound coming out of my computer but I thought this might be relevant!


    Cheers in advance.

    EDIT: Literally just as I posted this Avira has notified me that the malware is still there! And also during the process I blocked rundll32 from accessing the internet and I have just been notified by Windows that rundll32 is trying to connect to the internet.
     

    Attached Files:

    Jakkc, Apr 10, 2011
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your SAS log is here:
    Code:
    C:\Users\Jack\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 04-10-2011 - 15-46-00.log
    You are running two AV programs:
    Virgin Media Security Anti-Virus
    Avira

    Please attach the log from Avira or tell me exactly what it picked up.
     
    TimW, Apr 10, 2011
    #2
  3. Jakkc

    Jakkc Private E-2

    Here are the 2 logs.
     

    Attached Files:

    Jakkc, Apr 10, 2011
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Neither log showed any infections. What issues are you currently having?
     
    TimW, Apr 11, 2011
    #4
  5. Jakkc

    Jakkc Private E-2

    I'm not having any issues as such, it's just every time I switch my computer on Avira pops up notifying me that crypt.xpack.gen has been found in my temp folders. And if it does exist I'd really like to get rid of it as I have read it is a remote keylogger.

    After running all the suggested programs I have to say the frequency of detections is way down - It used to be about 10 in a row and now on my current session I have only been notified of it once. I have attached 2 print screens, one of Avira's detection notice - which may I add upon clicking 'Remove' or 'Details' prompts Avira to do absolutely nothing (which I think might be the malware preventing it from taking action?). And another of the temp folder that Avira picked up the malware. Do these help in any way?

    Also the file titled virus printscreen is something Avira picked up only on one occassion the other day.
     

    Attached Files:

    Jakkc, Apr 12, 2011
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It doesn't show up in your previous MGLogs.zip. Have you updated your virus definitions lately? You can use Avenger to try to remove it, but you will have to fill in the exact path to that file.

    Download The Avenger by Swandog469, and save it to your Desktop.

    * Extract+ avenger.exe from the Zip file and save it to your desktop

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run Ccleaner to clean out only temp files and nothing else!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

    Then attach the below logs:

    * C:\Avenger.txt
    * C:\MGlogs.zip
     
    TimW, Apr 12, 2011
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds