Crypt XPack.Gen removal help

arjmage · Aug 22, 2009

I've been using my WinXp SP2 machine for a while, mostly for browsing and some minor document editing. Recently it got infected with the Zpack/XPack trojan (detected by Avira), but was unable to remove it trivially.

I have two separate drives on my disk, one only with the windows & programs. So I reinstalled windows (formatted the original) in the hope that the trojan would be gone. That, surprisingly!, did not work and it's still here.

So here's my attempts to follow your prescription so far:

1. Ran SAS and performed complete system scan and removal of detected items. Log attached.

2. Ran MalwareBytes and performed quick scan. Removal of 1 detected item, and then reboot. Log attached.

After this, windows would start up but not explorer.exe. Attempts to start it from task manager gave a msg that you might not have the previliges required to access this. So continued further in Safe Mode.

3. In safe mode, I had to download and run combofix.exe. However, on running the file I got a message that it's not safe to continue when the combofix package has been compromised. "You may be infected with a file patching virus 'Virut' "

4. Had run MGtools earlier, and produced the zip file. So not running it again now.

Please do help -- how do I get rid of this annoying virus!

chaslang · Aug 25, 2009

Welcome to Major Geeks!

Sorry to give you the bad news but the message your received from Combofix is correct.

I can see the reason for your problems. Your logs show that your Windows Operating system files have become infected by a Virut infection and there is no known reliable fix for this. In addition there are many many other infected files. We could spend a lot of time trying to remove this infection, but odds are that it will not work because the nature of the infection has so many executable system files infected that as soon as we fix one file, other files that are infected will almost immediately or upon the next reboot, just reinfect the files. In addition, your PC would still basically be unreliable/untrustworthy even if we manage to fix the infected files that we can see since there could be many more that we are not seeing.

The safest thing for you to do is backup your personal data immediately since your PC could possibly become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected. Anything you may have already backed up that is an executable type file (things you downloaded to install programs....etc) are most likely infected and will cause you to be reinfected if you reuse these files.

Once you backup, you need to format partitions and reinstall Windows and all other software especially your protection software. Then install all updates for all software. DO NOT reinstall from any executable file backups you made while this PC was infected or you will just be reinstalling the infection.

arjmage · Aug 26, 2009

Thank you Chaslang for the grim prognosis. I had actually come to the same conclusion after some tinkering about, and saw how diabolical the virut virus is -- it starts to lash out only when you start to fight it. And lashes out good.

I did pretty much what you suggested, except I realized that this incident was what I had been waiting for.

Toughen up :major Pick up the shovel :major Dig a big moat & trench :major Install Ubuntu and leave windoze on the far, far side.

Thanks again, and btw -- this is my first time in a malware support site, and wow! you guys are doing a phenomenal job on a (very uphill?) battle! Good to see such sites and site admins.

chaslang · Aug 29, 2009

You're welcome. Surf safely.

Log in or Sign up

Crypt XPack.Gen removal help

arjmage Private E-2

Attached Files:

SASLog.txt

mbam-log-2009-08-23.txt

RRlog.txt

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

arjmage Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member