Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Crypt.XPACK.Gen2


  • Please log in to reply
7 replies to this topic

#1 lindaga35

lindaga35

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:42 AM

Posted 04 July 2011 - 09:11 AM

antvir found this and i dont know if im infected or not. i ran malware bytes and nothing was found! BUT, the pc is starting up slowly now.

toshiba satellite c655d amd e-240 processor 1.50 ghz 64-bit operating system



thanks!!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:42 AM

Posted 04 July 2011 - 01:22 PM

Can you provide "infected" file name and location?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:42 AM

Posted 04 July 2011 - 05:37 PM

Avira AntiVir Personal
Report file date: Tuesday, June 28, 2011 09:40

Scanning for 2839699 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Toshiba
Computer name : TOSHIBA-PC

Version information:
BUILD.DAT : 10.2.0.690 35934 Bytes 6/22/2011 18:07:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/28/2011 13:09:35
AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/28/2011 13:09:35
LUKE.DLL : 10.3.0.5 45416 Bytes 6/28/2011 13:09:36
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/28/2011 13:09:37
AVREG.DLL : 10.3.0.7 90472 Bytes 6/28/2011 13:09:37
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 00:55:40
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 00:55:45
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 00:55:45
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 00:55:45
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 00:55:45
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 00:55:45
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 00:55:45
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 00:55:46
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 00:55:46
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 00:55:46
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 00:55:46
VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 00:55:47
VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 00:55:48
VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 00:55:48
VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 00:55:49
VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 00:55:50
VBASE019.VDF : 7.11.9.172 141824 Bytes 6/14/2011 00:55:51
VBASE020.VDF : 7.11.9.214 144896 Bytes 6/15/2011 00:55:52
VBASE021.VDF : 7.11.9.244 196608 Bytes 6/16/2011 00:55:53
VBASE022.VDF : 7.11.10.28 152576 Bytes 6/20/2011 00:55:54
VBASE023.VDF : 7.11.10.53 210432 Bytes 6/21/2011 17:28:13
VBASE024.VDF : 7.11.10.88 132096 Bytes 6/24/2011 11:59:57
VBASE025.VDF : 7.11.10.112 138752 Bytes 6/27/2011 10:55:26
VBASE026.VDF : 7.11.10.113 2048 Bytes 6/27/2011 10:55:26
VBASE027.VDF : 7.11.10.114 2048 Bytes 6/27/2011 10:55:26
VBASE028.VDF : 7.11.10.115 2048 Bytes 6/27/2011 10:55:27
VBASE029.VDF : 7.11.10.116 2048 Bytes 6/27/2011 10:55:27
VBASE030.VDF : 7.11.10.117 2048 Bytes 6/27/2011 10:55:27
VBASE031.VDF : 7.11.10.137 101376 Bytes 6/28/2011 13:09:35
Engineversion : 8.2.5.24
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 20:15:27
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/21/2011 00:56:08
AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 20:15:27
AESBX.DLL : 8.2.1.34 323957 Bytes 6/21/2011 00:56:09
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 16:21:38
AEPACK.DLL : 8.2.6.9 557429 Bytes 6/21/2011 00:56:06
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/21/2011 00:56:05
AEHEUR.DLL : 8.1.2.132 3567992 Bytes 6/22/2011 17:28:36
AEHELP.DLL : 8.1.17.2 246135 Bytes 6/21/2011 00:56:00
AEGEN.DLL : 8.1.5.6 401780 Bytes 6/21/2011 00:55:59
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 20:15:19
AECORE.DLL : 8.1.21.1 196983 Bytes 6/21/2011 00:55:58
AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 20:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 20:15:31
AVPREF.DLL : 10.0.3.2 44904 Bytes 6/28/2011 13:09:35
AVREP.DLL : 10.0.0.10 174120 Bytes 6/21/2011 00:56:10
AVARKT.DLL : 10.0.26.1 255336 Bytes 6/28/2011 13:09:35
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/28/2011 13:09:35
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 20:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 20:15:39
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 6/28/2011 13:09:35
RCTEXT.DLL : 10.0.64.0 97640 Bytes 6/28/2011 13:09:35

Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Tuesday, June 28, 2011 09:40

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'chrome.exe' - '44' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'chrome.exe' - '70' Module(s) have been scanned
Scan process 'rundll32.exe' - '49' Module(s) have been scanned
Scan process 'chrome.exe' - '44' Module(s) have been scanned
Scan process 'chrome.exe' - '84' Module(s) have been scanned
Scan process 'avcenter.exe' - '114' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '68' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '72' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '52' Module(s) have been scanned
Scan process 'sftlist.exe' - '68' Module(s) have been scanned
Scan process 'sftvsa.exe' - '28' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '76' Module(s) have been scanned
Scan process 'SymcPCCULaunchSvc.exe' - '46' Module(s) have been scanned
Scan process 'armsvc.exe' - '25' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '154' files ).


Starting the file scan:

Begin scan in 'C:' <TI106046W0D>
C:\ProgramData\WildTangent\c669c9d8-45f7-4bbf-bbb8-dd45be2f87a2-extr.exe
[0] Archive type: NSIS
--> 1/GovernorofPoker2_PE_WildTangent_v1.5.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

Beginning disinfection:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
C:\ProgramData\WildTangent\c669c9d8-45f7-4bbf-bbb8-dd45be2f87a2-extr.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b3ba715.qua'.


End of the scan: Tuesday, June 28, 2011 12:46
Used time: 3:05:04 Hour(s)

The scan has been canceled!

10233 Scanned directories
314027 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
314026 Files not concerned
1807 Archives were scanned
0 Warnings
1 Notes
394410 Objects were scanned with rootkit scan
0 Hidden objects were found





I hope this is what you need, Thanks!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:42 AM

Posted 04 July 2011 - 05:42 PM

Some WildTangent games will trigger some AV programs.
File name looks suspicious, so it may be a real deal, but if MBAM comes up clean and you're not experiencing any other computer issues I wouldn't lose sleep over it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:42 AM

Posted 04 July 2011 - 07:06 PM

on start up its taking longer than normal. should i be worried? or am i being paranoid?

Thanks~

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:42 AM

Posted 04 July 2011 - 07:13 PM

It may be the latter....LOL
Run it for couple of days and see how it goes.
I'll be around :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:42 AM

Posted 05 July 2011 - 01:44 PM

LOL! thank you for all your help!

:clapping:

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:42 AM

Posted 05 July 2011 - 03:09 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users