I have ran kaspersky lab a couple of times to find this virus but after the ran my computer was clean then after a while this crypt.xpack.gen3 popped up in nowhere, I tried to find its originial location unfortunately I couldn't find it.

Does anyone here could help me solve this stuff?

Hi and Welcome!! Robby :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

===================

Scan with OTL

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
DRIVES
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.



=============================== Next =======================================


Please download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan


Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


On your next reply please post :

OTL.txt
Extras.txt
aswMBR log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Hi, I surfed the Internet yesterday and did a couple of steps by entering safe mode and using malware bites. I'm not quite sure if it works though. I will hit you up if the virus pops up again.

I have a bigger problem though, a couple of months ago I got this virus, I was pretty sure I deleted it then my firewall started to go crazy and I couldn't open it, when I tried to turn it on it just says that due to an unidentified problem, Windows cannot display Windows Firewall settings. Do you know by any chance how to fix this?

Hi robbby :)



I have a bigger problem though, a couple of months ago I got this virus, I was pretty sure I deleted it then my firewall started to go crazy and I couldn't open it, when I tried to turn it on it just says that due to an unidentified problem, Windows cannot display Windows Firewall settings. Do you know by any chance how to fix this? To achieve this, I need to see how it performs on your PC, you can run my previous tool?

Question, everytime I tried to run the OTL it just gave me a message that OTL has stopped working. What should I do?

Hi robbby :)

Ok!!

Please let me know about your OS used on your infected machine

I am using Windows Vista.
Yeap, the virus popped out again.

Hi robbby

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


Download Combofix from any of the links below but rename it to Robybel.exe before saving it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save Robybel.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Still need help?

Due to inactivity this topic will be closed.
If you need help please start a new thread