Results 1 to 10 of 10

Thread: TR/Crypt.XPACK.Gen3

  1. #1
    Junior Member
    Join Date
    Sep 2013
    Posts
    8

    Default TR/Crypt.XPACK.Gen3

    I have ran kaspersky lab a couple of times to find this virus but after the ran my computer was clean then after a while this crypt.xpack.gen3 popped up in nowhere, I tried to find its originial location unfortunately I couldn't find it.

    Does anyone here could help me solve this stuff?

  2. #2
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi and Welcome!! Robby

    My name is Robybel.

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!!

    ===================

    Scan with OTL
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in


      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.


    =============================== Next =======================================


    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
    • Allow it to update where necessary
    • Click Scan

      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


    On your next reply please post :
    • OTL.txt
    • Extras.txt
    • aswMBR log

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  3. #3
    Junior Member
    Join Date
    Sep 2013
    Posts
    8

    Default

    Hi, I surfed the Internet yesterday and did a couple of steps by entering safe mode and using malware bites. I'm not quite sure if it works though. I will hit you up if the virus pops up again.

    I have a bigger problem though, a couple of months ago I got this virus, I was pretty sure I deleted it then my firewall started to go crazy and I couldn't open it, when I tried to turn it on it just says that due to an unidentified problem, Windows cannot display Windows Firewall settings. Do you know by any chance how to fix this?

  4. #4
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi robbby


    I have a bigger problem though, a couple of months ago I got this virus, I was pretty sure I deleted it then my firewall started to go crazy and I couldn't open it, when I tried to turn it on it just says that due to an unidentified problem, Windows cannot display Windows Firewall settings. Do you know by any chance how to fix this?
    To achieve this, I need to see how it performs on your PC, you can run my previous tool?
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  5. #5
    Junior Member
    Join Date
    Sep 2013
    Posts
    8

    Default

    Question, everytime I tried to run the OTL it just gave me a message that OTL has stopped working. What should I do?

  6. #6
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi robbby

    Ok!!

    Please let me know about your OS used on your infected machine
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  7. #7
    Junior Member
    Join Date
    Sep 2013
    Posts
    8

    Default

    I am using Windows Vista.
    Yeap, the virus popped out again.

  8. #8
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi robbby

    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide


    Download Combofix from any of the links below but rename it to Robybel.exe before saving it to your desktop.

    Link 1
    Link 2

    * IMPORTANT !!! Save Robybel.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


    ====================================================


    Double click on combofix.exe & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
    Last edited by Robybel; 2013-09-10 at 08:32.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  9. #9
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Still need help?
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  10. #10
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Due to inactivity this topic will be closed.
    If you need help please start a new thread
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •