Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


how to remove TR/Crypt.2PACK.Gen

  • Please log in to reply
No replies to this topic

#1 JustinHoMi


  • Members
  • 15 posts
  • Local time:12:56 PM

Posted 30 April 2009 - 01:52 AM

Someone gave me a laptop to work on, running XP MCE SP3. The problem is that it randomly shuts down. So, I ran virus scans with AVG, NOD32, Kaspersky, Bitdefender, malwarebytes, superantispyware, and avira. Only MLB and Avira detected a problem: TR/Crypt.ZPACK.Gen (c:\windows\system32\w32etend.dll).

Unfortunately, the virus reappears every time I restart the PC.

Also, I've noticed a suspicious message in the Event Viewer. It seems to occur a few minutes before the computer has a random shutdown, and is generated by the BITS service:

The administrator NT AUTHORITY\SYSTEM canceled job "C:\WINDOWS\TEMP\GUR146.exe" on behalf of LAPTOP\John Doe. The job ID was {FFCF2557-C2F6-413D-A7DE-025E20DE9C31}

This log entry has appeared multiple times, but the filename changes each time. It's always named something that follows the pattern GURXXX.exe.

FYI, the computer was shutting itself down every time I ran Avira, unless in safe mode. It doesn't do that anymore, but when the computer starts up it detects (and possibly blocks) the virus.

Any thoughts on how to remove this pesky virus?


PS Here are my current notes and progress on removing this virus: http://justinmitchell.net/docs/doku.php?id...crypt_zpack_gen

Edited by JustinHoMi, 30 April 2009 - 04:09 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users