Removal of TR/Crypt.XPACK.GEN

Discussion in 'Malware Help (A Specialist Will Reply)' started by cayetto, May 24, 2008.

  1. cayetto

    cayetto Private E-2

    This was by far the worst attack I have ever received , and I was felt even worse for the way I received it (DAMN TORRENTS). Any way this is my relax time after spending hours working at removing it . I followed the READ AND RUN ME FIRST guide lines to the letter and I would really like to thank the moderator for posting this up .
    The symptoms I had was the explorer.exe program was initiating in and out and not allowing me access to anything on my system as it did so in 5 second intervals.After running TrendMicro's Housecall which did nothing but temporarily stop the cut out of the explorer program , I tried installing Avira. This helped me determine the source of the problem .After doing this I found this forum and acted immediately.What proved tedious was using the Task Manager to activate Internet browsers and other programs that were needed.The guidelines worked brilliantly and after using the recommended tools the system worked fine.There was one issue that I was confused about .The SAS program showed that there were low level spyware elements within its program when I conducted a scan with Spyware doctor .So I removed it totally following cleanup .All in all thanks again for the help .Also no result after running MBAM.
     

    Attached Files:

    cayetto, May 24, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    What does this mean? A log is automaticallly created and you just need to follow the instructions given in the READ ME to find it and attach it.
     
    chaslang, May 24, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why are you running this PC without any protection software installed????

    Uninstall this now Norton Security Scan! It is not an antivirus program. It is not going to help you and will just slow your PC down when the scan runs and you will be wondering why your PC is slow.

    Uninstall the below software:
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    After clicking Fix, exit HJT.


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, May 24, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds