Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


What could have infected me?

  • Please log in to reply
2 replies to this topic

#1 vindicate


  • Members
  • 2 posts
  • Local time:06:28 PM

Posted 08 March 2010 - 01:51 PM

I'm on a fresh install. No more than 2 weeks old. I did an Avira Full Scan today and got this: tr/crypt.xpack.gen in my driver.cab. I have no idea what would have infected me. This is what I have installed:

XP SP3 fully updated
Avira AntiVirus
Omega Radeon Drivers
CDex CD Ripper
Hoyle Card Games

Could any of those be the issue? Other than that I'm very confused.

BC AdBot (Login to Remove)


#2 Sashacat


  • Members
  • 372 posts
  • Local time:08:28 PM

Posted 08 March 2010 - 06:47 PM

Hello :thumbsup:

Outdated programs can let "bad things" into your computer.

Do you have the most recent version of Adobe Reader?
See article on the main page of this site:
Adobe issues updates to Reader and Acrobat to address critical vulnerabilities

Do you have the most current Java ?
Go to:
Click "Do I have Java" (under the big red button).
It will tell you if you have the most current Java.
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Are you using a firewall (Windows firewall, or a program that you installed) ?
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Please see post # 14 by quietman7 (Global Moderator) :
Tips to protect yourself against malware and reduce the potential for re-infection:
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Run ATF Cleaner:(temp file cleaner)
Instructions on web page.

Read this topic in its entirety:
(including the Troubleshoot section, proxy settings, and use of Rkill):
How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010


Run Rkill:
"Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP “Lawrence Abrams” and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.
The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem."

Your original post stated that you have Spybot.
I've seen posts on this site that recommend temporarily disabling Spybot's Teatimer before scanning with Malwarebytes'.

Immediately after running Rkill, scan with Malwarebytes'.

(Make sure you UPDATE Malwarebytes' before scanning.)

Reboot into normal mode (not safe mode) after scanning with Malwarebytes'.
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Please reply back with the Malwarebytes' scan results, for an official staff member to help you with.
Copy/paste the ENTIRE CONTENTS of the scan results log into your next reply.

Just to let you know, I am not authorized to help with logs.

"only trained members of the following groups: Malware Response Team, Malware Study Hall Senior, Moderators or Administrators are allowed to help people with logs. "
source: http://www.bleepingcomputer.com/forums/t/126946/a-reminder-to-our-members-regarding-malware-logs/

Also, please specify what, if any, symptoms you are still experiencing.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#3 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:10:28 AM

Posted 08 March 2010 - 06:54 PM

As this tr/crypt.xpack.gen is detected using a generic detection routine, there is a reasonable chance that it is a false positive.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users