Software Manager Popup updates available msg & Crypt.ZPACK.Gen2 [trojan]

Discussion in 'Malware Help (A Specialist Will Reply)' started by bugsy1275, Jul 26, 2012.

  1. bugsy1275

    bugsy1275 Private E-2

    I appear to have 2 issues. I do not know if they are related.
    No.1 From time to time I have a similar popup to the one in the picture on this thread -->
    http://forums.majorgeeks.com/showthread.php?p=1246771#post1246771
    In saying the popup is similar, I mean it looks the same, however the message differs. From memory it advises a software update is available and to click on it to update. I have never clicked on it.
    No.2 From time to time the antivirus I am using, Avira, detects and displays the following:
    Virus or unwanted program 'TR/Crypt.ZPACK.Gen2 [trojan]'
    detected in file 'C:\Program Files\Skype\Phone\Skype.exe.
    Action performed: Deny access

    I have followed the instructions in the thread as advised ie:
    http://forums.majorgeeks.com/showthread.php?t=35407

    I have not attempted any cleaning as advised in the instructions and attached the four logs.

    Your assistance and advice will be most appreciated. I will await your response and understand it can be 5-7 days before I may receive any assistance.

    Kindest regards

    Paul

    P.S. I was just about to send this message and the software message popped up. I have taken a copy and will post it as a follow up message as I am aware you can only attach 4 files to a message.
     

    Attached Files:

    bugsy1275, Jul 26, 2012
    #1
  2. bugsy1275

    bugsy1275 Private E-2

    Here is a capture of the popup message:

    Thanks

    Paul
     

    Attached Files:

    bugsy1275, Jul 26, 2012
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!
    Let's make sure that Skyp is not really infected and possibly the cause of your problems by uninstalling it. So uninstall anything related to Skype now ( like Skype Click to Call and SkypeT 5.10 ). Once we finish your cleanup, you can redownload ( from a know good download site like Major Geeks ) and then reinstall. You may be getting served ads due to running Skype and having it notice you have Scansoft PDF Professional installed. If the ads stop after uninstalling Skype and rebooting, please let me know.

    Also uinstall the below:
    Ask Toolbar
    J2SE Runtime Environment 5.0
    Java(TM) 6 Update 22

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    Delete the below file:
    C:\Documents and Settings\Administrator\Application Data\wruninstall.exe
     
    chaslang, Jul 29, 2012
    #3
  4. bugsy1275

    bugsy1275 Private E-2

    Thanks for your reply Chaslang.
    No.2
    As requested I have uninstalled:
    Skype
    Skype click to call
    Ask Toolbar
    J2SE Runtime Environment 5.0
    Java(TM) 6 Update 22

    As requested I have installed:
    Java using the link you provided.

    and I have deleted:
    C:\Documents and Settings\Administrator\Application Data\wruninstall.exe

    No.1
    After your comment in the email regarding "Scansoft PDF Professional" I have done a little more research because I didn't realise I had another PDF application loaded. I had thought I was receiving bogus messages from some little nasty that I had picked up. Scansoft PDF is installed with the suite of applications when installing the Brother printers we are using (Scansoft & Nuance and Paperport). However as I have not used the suite I did not realise the Software Manager and the popup message generated is actually legitimate.

    Thank you once again for your response and await your next reply regarding what I need to do next.

    Paul
     
    bugsy1275, Jul 30, 2012
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay so since you have found that this is not really a malware popup. You can reinstall Skype and run final steps below.



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Jul 31, 2012
    #5
  6. bugsy1275

    bugsy1275 Private E-2

    Thanks for your assistance Chaslang. I have read and followed through with the rest of the recommendations where able to.

    Paul
     
    bugsy1275, Aug 10, 2012
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Aug 11, 2012
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds