Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/pacex.gen Virus !


  • Please log in to reply
16 replies to this topic

#1 VivekS

VivekS

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 05 May 2008 - 08:59 AM

hi guys...NOD32 often pops up an alert message saying that win32/Pacex.Gen virus was found on my comp and was quarentined...but this problem persists and virus is not removed at all...pls help me reagrding this problem!!

I have winXP on my comp and am using NOD32 antivirus and zonealarm firewall.!!

pls do help me.!! thank you !!

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:10 AM

Posted 05 May 2008 - 10:03 AM

that's a generic name for a family, there's a new variant spreading thru email, mass mailing?
Chewy

No. Try not. Do... or do not. There is no try.

#3 VivekS

VivekS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 06 May 2008 - 11:27 AM

dotn know how i got infected by the virus...!! pls help me to remove it !!

#4 VivekS

VivekS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 06 May 2008 - 11:28 AM

and i also suspect that my comp is infected with rootkits....pls help me regarding this too...!!

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:10 AM

Posted 06 May 2008 - 11:59 AM

http://www.bleepingcomputer.com/forums/ind...st&p=815007

would you try this and post the log?

just run Malwarebyte's for now

Edited by DaChew, 06 May 2008 - 12:01 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 VivekS

VivekS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 06 May 2008 - 03:35 PM

hi..i ran MalwareByte and here is the log !!!

Malwarebytes' Anti-Malware 1.12
Database version: 726

Scan type: Quick Scan
Objects scanned: 34068
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:10 AM

Posted 06 May 2008 - 04:08 PM

would you run this cleanup procedure from post 4

make sure you follow the directions exactly, we need to capture that log

http://www.bleepingcomputer.com/forums/ind...st&p=810060
Chewy

No. Try not. Do... or do not. There is no try.

#8 VivekS

VivekS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 07 May 2008 - 04:40 AM

heres the log of running superantispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/07/2008 at 03:06 PM

Application Version : 4.0.1154

Core Rules Database Version : 3454
Trace Rules Database Version: 1446

Scan type : Complete Scan
Total Scan Time : 00:46:14

Memory items scanned : 188
Memory threats detected : 0
Registry items scanned : 4124
Registry threats detected : 0
File items scanned : 90252
File threats detected : 0

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:10 AM

Posted 07 May 2008 - 05:30 AM

if you have a rootkit that's active, not in quaratine or restore, then malware symptoms will come back

when nod gives a warning it's very important to note the path or location of the infection

Edited by DaChew, 07 May 2008 - 05:30 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#10 VivekS

VivekS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 07 May 2008 - 06:57 AM

D:\DOCUME~1\ADMIN~1\LOCALS~1\Temp\r5stglwd.sys
D:\DOCUME~1\ADMIN~1\LOCALS~1\Temp\0i.sys

both locations contained Win32/Rootkit.Vanti.NBP trojan.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:10 AM

Posted 07 May 2008 - 07:29 AM

1. did someone set my documents to be on the D drive/partition ?

2. Open my computer, open the D drive and right click on Documents and Settings folder, scan with malwarebytes
Chewy

No. Try not. Do... or do not. There is no try.

#12 VivekS

VivekS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 07 May 2008 - 11:17 AM

yeah...i reinstalled my system...during that time windows got installed to D drive....
i scanned documents and settings folder with malwarebytes...no infections found..heres the log!!

Malwarebytes' Anti-Malware 1.12
Database version: 726

Scan type: Quick Scan
Objects scanned: 2844
Time elapsed: 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:10 AM

Posted 07 May 2008 - 12:08 PM

If you develope problems later from installing windows on the D drive please ask for help in the xp forum before reinstalling your OS

we had a similar thread in another forum and it was the general consensus that the only way to fix it, was to start over

I was the least knowledgeable person involved


don't shoot the messenger please

Edited by DaChew, 07 May 2008 - 12:08 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#14 VivekS

VivekS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 08 May 2008 - 02:33 AM

yeah ok...what abt the status of my computer..is it infected by rootkits and other malware??

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:10 AM

Posted 08 May 2008 - 02:38 AM

Have the warnings from nod stopped, how's it running?
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users