Jump to content

Trojan.Malpack.Gen Virus


DDoomguy
 Share

Recommended Posts

Hello. I am DDoomguy. I am running Windows 7, and there is a "Trojan.Malpack.Gen" in my computer.

I did a full scan, and it shows 2 files, "d:/gcvwww", "f:/cxvqf".

Even when I click Remove Selected, they keep coming back.

I have tried ComboFix, I have attached the log file.

This virus appeared after I just got my new laptop. This virus infected my Fraps installation (f:/Fraps), and there is no way to retrieve it back.

 

ComboFix.txt

Link to post
Share on other sites

  • Root Admin

Hello @DDoomguy and :welcome:

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

 

Link to post
Share on other sites

  • Root Admin

That folder is from someone running Combofix and not knowing how to uninstall it properly.

Let me have you run the following please.

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

  • 3 weeks later...
On 24/11/2016 at 6:01 AM, AdvancedSetup said:

Above post

Alright, I ran 3 of the programs (JRT, AdwCleaner, Farbar Recovery Scan Tool)

I didn't get Sophos, mainly due to my internet being bad, so I hope you can understand. I'll download it later when I have time.

I have attached the 3 logs. (Including the Additions file)

There were 3 files in the AdwCleaner folder, I uploaded them all.

Also, can you delete my new thread? I didn't get a notification when you replied, and created it accidentally.

Addition.txt

FRST.txt

JRT.txt

AdwCleaner[C0].txt

AdwCleaner[C2].txt

AdwCleaner[S0].txt

Link to post
Share on other sites

  • Root Admin

Great, thanks.

You have a very old version of Java installed. Please uninstall all versions of Java. If possible try to use the computer without Java. If you really have to have it make sure it's the latest version at all times.

Please run the following fix.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

 

Link to post
Share on other sites

  • Root Admin

Yes, unless you know what that file is and know for sure it's safe, I would remove it. The reason it's flagged as suspicious is that no files should be in the root of parent folders like that.

Otherwise, how is the computer running now?

Any other signs of an infection?

 

 

Link to post
Share on other sites

7 hours ago, AdvancedSetup said:

Yes, unless you know what that file is and know for sure it's safe, I would remove it. The reason it's flagged as suspicious is that no files should be in the root of parent folders like that.

Otherwise, how is the computer running now?

Any other signs of an infection?

 

 

I installed the Sophos application, detected 6 threats, only removed 2 of them. It was identified as Sality. I spent hours searching for an solution, and I found AVG Sality remover.

It successfully deleted the 4 threats that were remaining, and it cleaned the infected files. Thank you so much for the help! Finally got rid of this stupid virus.

Link to post
Share on other sites

  • Root Admin

Good Lord. That is a file infector virus and I doubt that AVG seriously fully or properly removed it.

Please download and run the Sality Killer from Kaspersky and run it. In my own testing they were the only one that was able to properly remove it. That said, there are almost certainly many damaged files that cannot be repaired as Sality will have damaged them beyond repair. This tool will be able to fix some, but not all. If you have good solid backups of your data that were not connected while the computer was infected the best thing to do is FDISK, FORMAT, and reinstall Windows.

We rarely see file infector viruses anymore but below is the alert we would normally give. (not the message has not been updated for a long time)

 

One or more of the identified infections is related to a nasty
which is difficult to remove. Rootkits and
are
very dangerous
because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use
backdoor Trojans
and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned.
All passwords should be changed immediately
to include those used for banking, email, eBay, paypal and online forums from a
CLEAN COMPUTER
.  You should consider them to be compromised. You should change each password by using a
different computer
and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the
possible
security breach. Because your computer was compromised please read

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again.
It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure.
In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.


Message borrowed from quietman7 with minor wording and link changes

 

 

Link to post
Share on other sites

Alright, I downloaded the Kaspersky sality killer. I changed all passwords, but I have not written a password in any of my txt files. I am sure that I am safe, and I checked the localhosts/hosts file for unknown IPs. I am planning to reformat the laptop, since I want to make it 64-bit to be suitable for my gaming needs, thanks again though.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.