tr/crypt.zpack.gen

Discussion in 'Malware Help (A Specialist Will Reply)' started by zpack, Nov 7, 2010.

  1. zpack

    zpack Private E-2

    Hi,

    First of all, I apologize for my English. If something seems confuse, please let me know and i'll try to be clearer.

    I have a compaq Presario CQ40, with Windows 7 home premium 64 bits.
    Last weekend avira antivir (I don't remember the version) detected this TR/Crypt.ZPACK.gen and couldn't remove it. Several popups came awarning about this virus, but even when I set each popup to remove it, there was no success. I have also Comodo internet security premium (antivirus + firewall).

    So I googled it and found majorgeeks. I followed all the instructions from READ & RUN ME FIRST:
    - Uninstalled Avira and left only Comodo (as suggested to leave only one antivirus);
    - Didn't run Combofix and RootRepeal, because my system is 64 bits.
    - All the others steps were taken as suggested.
    I don't know if it's necessary to say, but when MGtools was running for the first time, I didn't realize. So I went to the folder and started it while the scanning was going on. Suddenly this second scan desapeared and only the first one went through until the end. It didn't seem to have generated a problem but I'm not sure.

    All the logs obtained are attached in this message.

    After all these steps, I've run a scan with comodo and the following malware was found:
    -7b42ecc6-74ee164a in the folder ...\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\

    The file was moved to quarantine.

    Note: I don't know if the logs were affected because of this last action.

    I don't know if the virus Crypt.ZPACK.gen was removed after all. How can I know that? Is there any risk of infecting other devices (pendrives, external HD, email)? Is there any other things I should do now?

    Thank you guys very, very much for any attention. This was the very best site of support I've found.
     

    Attached Files:

    zpack, Nov 7, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your logs. Please go to C:\MGTools\analyse.exe and double click it. Make the license agreement and when done, attach the resultant log. ( Choose do a system scan only. )
     
    TimW, Nov 7, 2010
    #2
  3. zpack

    zpack Private E-2

    TimW,

    Thank you for your attention. First time I did what you've said, there was four errors. The first one said it couldn't access a folder "Hosts" or something like that (I didn't think in copying the error at the time. I'm sorry). There were three others that just asked me to be reported. But the scan was concluded (hijackthis_1.log-attached).

    I thought that this could be due to the antivirus (Comodo Internet Security Premium), so I close it and tried the scan again. This one went through without any problems (hijackthis_2.log-also attached).

    Thank you very much.
     

    Attached Files:

    zpack, Nov 7, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The log is clean. Tell me what issues you are having, if any.
     
    TimW, Nov 7, 2010
    #4
  5. zpack

    zpack Private E-2

    I have any. I've just wanted to be sure that it was clean and I was afraid that I would need to format system, because I haven't created back ups and reboot disks. And there are so many works I couldn't loose on this computer from the college.

    That's the first thing I'm going to do, if the computer is clean.

    And are there other steps I should take?
     
    zpack, Nov 7, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Here are the final clean up steps, after which you should concentrate on creating backup disc's:

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:




    Support MajorGeeks with Geek Wear!
     
    TimW, Nov 7, 2010
    #6
  7. zpack

    zpack Private E-2

    Thanks man very much.
    You guys are awesome.
     
    zpack, Nov 7, 2010
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing!! :)
     
    TimW, Nov 7, 2010
    #8
  9. zpack

    zpack Private E-2

    TimW,

    I'm sorry for bothering you again, but I can't remove MGTools. When I doubleclick MGclean.bat, pops up a messagem saying that such file does not exit and then disappears without uninstalling.

    Is there any alternative way to uninstall, or an action to solve this?

    Thanks.
     
    zpack, Nov 7, 2010
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can manually delete these files / folders:
    C:\MGTools.exe
    C:\MGTools
    C:\MGLogs.zip.

    Then go to the control panel, click on folders and under the view tab, check the boxes to hide system files.
     
    TimW, Nov 8, 2010
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds