Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XPACK gen 2


  • Please log in to reply
5 replies to this topic

#1 kore_132

kore_132

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 15 March 2011 - 09:37 AM

I'm using Vista And Have Avira And Malwarebyte.
My Avira's Quarantine shows about 15 files with TR/Crypt.Xpack.Gen 2 Trojan and 4 Files Of HTML script virus.
What Are they and how do i remove them. I'm A newbie and i need help fast.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:17 AM

Posted 15 March 2011 - 01:27 PM

Did Avira provide a specific file(s) name associated with the malware threat(s) detection and if so, where is it located (full file path) at on your system?

Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved. Names with Generic or Patched are a very broad category. See Understanding virus names.


When an anti-virus or security program quarantines a file and moves it into a virus vault (chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through proprietary security routines which may copy, rename, encrypt and password protect the file as part of the moving process. Quarantine is just an added safety measure which allows you to view and investigate the files while keeping them from harming your computer.

One reason for doing this is to prevent deletion of a legitimate file file that may have been flagged as a "false positive" especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. When the quarantined file is known to be malicious, you can delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kore_132

kore_132
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 17 March 2011 - 12:07 PM

1-They are located in Temp folder in Application Data.
Like you said I deleted the files and had started a system scan.
System Scan discovered a new virus file
C:\Users\access denied\AppData\Local\Temp\654.exe
Plus it showed some kind of error C:\Users\access denied\AppData\Local\Temp\HCBackup\hcpackage.exe.tmp
[WARNING] The file could not be read!
I also scanned yesterday but it came out clean

2-I also understand that Quarantine is supposed to prevent the "Virus" from replicating, but a few days back when i tranferred some of my files to my friend's computer (using a pen drive) those files came out to be infected. And when i scanned those files in my laptop they were clean. Plus My laptop hangs up and then shows an error SCW something. HELP!
And Thanks.

Edited by kore_132, 17 March 2011 - 12:42 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:17 AM

Posted 17 March 2011 - 01:49 PM

From what you describe, it is possible the detection(s) could be a false positive so you may want to get a second opinion. Go to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.

For submission directly to a specific anti-virus vendor, please see:
If the file(s) were quarantined, be aware that some anti-virus programs allow you to submit directly from the quarantine area while others may require you to restore them first. If you have to restore any files, add a .vir extension to the end of the file's name as a precaution.

Since you are using Avira, please refer to Suspicious Files and Miscellaneous Uploads: Submit a Sample.

I don't use Avira but from what I have read, quarantined files are normally stored in C:\Documents and Settings\All Users\Application data\Avira\AntiVir Desktop\INFECTED.

Note: It is not unusual for an anti-virus or anti-malware scanner to be suspicious of compressed, archived, .cab, .rar, .jar, .iso, and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files or just ignore (skip) them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 kore_132

kore_132
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 22 March 2011 - 10:26 AM

Well, as a temporary measure i have deleted the quarantined files. I will keep on doing regular scans. The scan I did after deleting didn't show any suspicious file(s). I also did a Panda Active Online Scan. It didn't show anything to be worried about.Thanks A Lot For Your Help. Really Appreciate It.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:17 AM

Posted 22 March 2011 - 10:28 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users