Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ARGH!!! HELP!!! Packed.Generic.200 + Win32/Cryptor virus/trojans on my Windows XP!


  • Please log in to reply
6 replies to this topic

#1 Hairdresser Smurf

Hairdresser Smurf

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia
  • Local time:11:09 AM

Posted 19 May 2009 - 10:57 PM

Hi guys - i'm new to posting but stumbled across great help from this forum in the past, but definately need to type my problems this time...

I'm on day 5 trying to get my computer to even open up IE so i can scan has been a pain in the backside, but we seem to be getting somewhere.
I have already turned off Sytem Restore

I have Nortons 2009 detecting Packed.Generic.200 over the past few days, which i get "Removed Failed" every couple of minutes, as it won't delete it.
I have AVG detecting Win32/Cryptor which has infected about 7 files so far, and after running a few scans so far hasn't alerted any new threats, and i have turned that off for the moment.
I've updated Malwarebytes (MBAM) and ran several scans which at the moment has removed everything and i have successfully rebooted.
I am in the process of downloading ParectoLogic Anti-Virus PLUS to give it a scan and see what it picks up.

Just wondering if anyone knows of these two bugs and if anyone is online to help me through the next steps?

Your help would be greatly appreciated, regards Donna (Sydney AUS)

BC AdBot (Login to Remove)

 


#2 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 20 May 2009 - 05:43 PM

welcom to this forum :thumbsup:

I think it might be helpful to know which is your Installed resident antivirus program?

May I suggest you actually turn System restore back on as that will give you A Restore point to turn back to if all goes pear-shaped;it is generally recommended to have an infected Restore point than none at all :flowers:

Could you please fully update the Malwarebytes program, reboot and run a quick scan and let us see the report from it?

#3 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 20 May 2009 - 06:35 PM

Also, I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Norton 2009.

#4 Hairdresser Smurf

Hairdresser Smurf
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia
  • Local time:11:09 AM

Posted 21 May 2009 - 07:13 AM

Hi guys... this is whats happened today...

I have deleted AVG and kept Norton (since i have oaid for the full year)
Everytime i turn my computer on i get a pop-up to "Set up Windows Internet Explorer 8" yet i have already done this twice over the past 2 weeks, so i leave it alone incase its a virus
I can't connect to the internet at all - hence i am on my other computer sitting next to the infected computer
In SAFE MODE I ran a MWAM scan, 3 to 5 mins in my infected computer turned itself off.
I restarted the computer in SAFE MODE and ran MBAM this time completed with nothing detected.
I ran Nortons full system scan with nothing detected.
I ran SUPERAntimalware in safe mode and detected nothing.
Left the computer alone and off for a few hours whilst at work.
Just came home to turn it on in normal mode, and nortons has detected "Packed.Generic.200 removed failed" again!
I can connect to the internet now. Should i try and download Smitfraudfix next?

Updated MWAM again just now, here is the log:

Malwarebytes' Anti-Malware 1.36
Database version: 2162
Windows 5.1.2600 Service Pack 3

21/05/2009 10:33:48 PM
mbam-log-2009-05-21 (22-33-48).txt

Scan type: Quick Scan
Objects scanned: 62489
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Hairdresser Smurf, 21 May 2009 - 07:35 AM.


#5 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 21 May 2009 - 02:47 PM

I wouldn't use smitfraudfix without guidance.

Let's see what we can do with basic tools.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to download the Full version Free Trial, just ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


#6 Hairdresser Smurf

Hairdresser Smurf
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia
  • Local time:11:09 AM

Posted 22 May 2009 - 05:38 PM

Ok xblindx, thanks for your help so far...
I've ran the DrWeb-CureIt as per your instructions, has to leave it to scan overnight as it took 4+hours!
Nothing showed up on the Express Scan, but had 5 items in the complete scan that was moved.
When i rebooted my computer just now, i am still getting the Nortons pop-up window saying Packed.Generic.200 remove failed.

Here is the DrWeb-CureIt Log:

Process.exe;C:\Documents and Settings\D Godbee\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\D Godbee\Desktop\SmitfraudFix;Tool.ShutDown.14;Incurable.Moved.;
FamilyFeudSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;Incurable.Moved.;
slghex.dll;C:\Program Files\Common Files\Sandlot Shared;Adware.SpywareStorm;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;

I await your reply :-) Regards, Donna

#7 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 22 May 2009 - 08:19 PM

What is the location of the file detected by Norton?

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users