Trojan.malpack Please help very anxious

[concernedboi]

Hello, i am new to the forums so please bare with me. As said in the title and name i am very concerned and vert anxious when it comes to my online security do to the amount of online games i play and the money i invested into my fairly new gaming pc. I have never had malware/viruses on this computer until today which is why i am here for help and input. I ran a scan at roughly 5:30 PM and there were no threats to be found i scanned again at 8:00 PM exactly to find " Trojan.MalPack" in my file system i could not expand the location name so all i have is "C:\users\myname\appda..." . Now i quarinited the threat and deleted it off my computer and followed with an paranoid amount of scans ( about 5-7 ) and all of them came up as showing no threats. So my now that you know what has happend here is my main question. What exactly is this type of malware and should i remain worried because i do not know what this is or what it could have done. Thank you to those who have read this and i would very much appreciate your input and support.

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download Malwarebytes Support Tool
• Once the file is downloaded, open your Downloads folder/location of the downloaded file
• Double-click mb-support-X.X.X.XXXX.exe to run the program
  • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
• Place a checkmark next to Accept License Agreement and click Next
• You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
• Click the Advanced Options link
  
  
   
• Click the Gather Logs button
  
  
   
• A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
• Upon completion, click OK
• A file named mbst-grab-results.zip will be saved to your Desktop
• Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
  
     
  
  
  Click "Reveal Hidden Contents" below for details on how to attach a file:
   
  Spoiler

  To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

  
   

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

[exile360]

Greetings,

Trojan.Malpack is a generic/heuristic detection signature which targets files that are compressed (or "packed", hence the terminology) using a compression tool known to be used by the bad guys who make infections.  It doesn't necessarily mean that it actually was an infection though, as false positives with these types of signatures do happen from time to time since, on rare occasions, legitimate software makers will also use the same kind of compression software on their own creations.

Now, with that said, even if it was an actual infection, the chances are remote that it had the chance to install on the system if that was the only one detection you saw in your scan logs because an active/installed Trojan would be running in memory and would have created a loading point so that it could run when the system starts/boots, but if that were the case then there would have been at least 2 or more items detected in the scan.

If you are still concerned and wish to make absolutely certain that your system is not infected then you may read and follow the instructions found in this topic and then create a new thread including the requested logs and information in a new topic in the malware removal area by clicking here and one of our malware removal specialists will analyze your system and verify that no additional threats are present as soon as one becomes available.

If there is anything else we might assist you with please don't hesitate to ask.

Thanks

[concernedboi]

Thank you for the response it means a lot. Now i believe i know exactly were this came from because before i scanned i used only 3 websites since returning home from work. They were Twitch the streaming site, youtube, and a website i was not fully comfortable with hence why i scanned nearly less than a minute after closing the window because it was my first ever time using it the detection appeared. The site is called RealmPop it is a site used to graph and chart population statistics for servers ( realms ) for the game World of Warcraft, the site is not run by the game creators and is solely independent to my knowledge, do you think the detection could have possibly been their software trying to gather statistics to further there own site that it could have been malware which i know you said was already unlikely apologies.

[exile360]

I really don't know as I'm not familiar with it, but it is certainly possible.  The file was in your local AppData folder so that is a location where such a mechanism might be placed if they're trying to run something while avoiding UAC (User Account Control) since administrative privileges are not required to create files there.  If you still had a copy of the file you could also submit it to the Research team here for analysis and they could tell you with 100% certainty what the file was and whether it was a real infection or not, but without it we'd only be guessing because of the nature of the signature and detection.

[digmorcrusher]

I did a really quick check on that site , RealmPop and didn't find anything suspicious, however, by no means am i sayings its 100% secure.

[concernedboi]

I wouldnt imagine the site is but it is also widely used among players of the game so it must be trust worthy to an extent. Malwarebytes did not detect the threat until i scanned i presumed based off of their advertising that it would quarantine it before i even would have had to but again i am not too familiar with malicious software and the types it can come in. I quarantined the threat and deleted it from the computer and now scans show up as no threats detected. Is it possible i could still get in touch with one of the specialists too be absolutely sure that this was not an infection or now that the threat is deleted am i unable to pursue this option.

[digmorcrusher]

Yes, check with the experts, gaming sites are notorious for bad " intentions". The site may be clean but the players maybe not so much.

Edited September 11, 2018 by digmorcrusher

[thisisu]

There's a possibility that this was related to a Trojan.MalPack false positive we had today. Try updating your database and seeing if you still see that same detection as a rule was removed to resolve this.

 

[exile360]

The way that the real-time protection in Malwarebytes works for executable files is that it only detects them when they attempt to actually run in memory, not when they're saved to disk (this is to avoid conflicts with AV software which typically do scan items when they are written/saved to disk) so if the file had actually tried to run Malwarebytes would have flagged it and quarantined it on its own.  More info on the various layers of protection in Malwarebytes Premium may be found by reviewing the diagram found on  this page.

Also, I can confirm what digmocrusher says above, there are a LOT of threats that target gamers specifically, usually in an attempt to steal game account credentials (password stealing Trojans etc.).

[concernedboi]

I agree that there are a lot of fishy gamer targeted antics on the web but i have multiple layers of security on my account and the games developer is notorious for having very well made and maintained security, or at least i would imagine if your company had made and is valued at 60 billion dollars. but that's not to say it isn't impossible so i will follow up on this.

Thisisu what do you mean by updating my database? do you mean malwarebytes itself? and also i am unable to view the full name of the file location that the program detected the threat from. I did look at the post you linked i too own spotify but am unable to confirm if its from there due to what i mentioned in the last sentence.

[digmorcrusher]

Just curious, what are your multiple layers of security? Did any other of your layers detect this trojan? May be a moot point if this was a false positive.

Edited September 11, 2018 by digmorcrusher

[concernedboi]

The password being the most basic one then an authenticator through the developers mobile app which notify s me when someone is trying to log and from the type of device and general location, example: log in attempt from windows device, New York, New York, USA. and on top of those two i have an sms protector enabled that sends me a code via text message that i have to enter after the password which expires after several minutes of not being used.

[digmorcrusher]

Ok, this is basically password protection, what else do you use to protect your computer in general such as an anti-virus, anti-exploit etc? These are what would protect you from malware, trojans etc.

[concernedboi]

At the moment i only have malwarebytes premium and windows defender which comes with the OS. I try very hard to keep this pc clean and also avoid sites that i would know or assume would be associated with malware and or viruses.

[digmorcrusher]

Ok thanks, MB3 and WD is more than adequate protection, but, as you mentioned being aware of what you do on the web is a very important part of staying safe on the web as well. If you want to add another layer that is light weight, has little to no popups and provides a very effective layer of protection then I would recommend OSArmour its free and just sits there until it needs to react. I've used it for months and not a peep, so its just there if you need it. However, it would be nice if Exile360 or someone else for Malwarebytes could comment if OSArmour protects the same as MB3 and thus it is not needed to run both. I am thinking they don't actually do the same thing so running both would be ok. Personally I always choose to run 3 layers, each one doing a different job. Some will say thats too many, some say not enough, but whatever, my computer, my choice. Right now I am running Emsisoft , MB3 and VooDoo Shield which is overkill, trying to narrow down to 2 choices.

Edited September 11, 2018 by digmorcrusher

[concernedboi]

Thanks for the recommendation i will definitely check it out. And yea i am very careful what i do online especially on this computer because of the money i invested and i what i primarily use it for. But what i would like is to have a response from the staff member as to how i update my databases because i would love to know if this is a false positive because that would be a huge relief. Because i am so on edge from logging into my personal accounts at the moment because i have been so careful to avoid disgusting sites that i would normally think cause this sort of thing and its why im so blind sided from getting this threat detection from viewing sites i normally do and that i thought were safe.

[digmorcrusher]

just open up MB3, see System, Updates and click on current to update. Staff will comment if it was a false positive or not.

[concernedboi]

Ah i see, my updates have been current for a while now including now. So if they rolled out a hot fix for this then i am not getting it?. Also i selected the threat while it was in quarantine to delete it because it said it would permanently delete of my pc and when i now scan nothing comes up so im confused as to what i being asked to look for.

[AdvancedSetup]

Hello @concernedboi

Please open Malwarebytes. Then click on Settings -> Application -> then click on "Install Application Updates" then when that's done. Click on Dashboard. Then near the bottom will be a small blue link under Updates: Click that link too and see if it updates for you or not.

At the time or this post, here is the latest updated information.

Let me know if you're not getting that version, or newer.

Thanks

Ron

 

Edited September 11, 2018 by AdvancedSetup
Updated information

[concernedboi]

The only thing that is not the exact same as the picture you posted is the " Update package version " that is currently 1.0.6771 but the other two appear to be up to date.

[AdvancedSetup]

That's good.

If you're having any specific issues with the program please let us know. If you're having issues with malware or are concerned that you feel the computer is infected then you can create a new topic in the following forum and we can provide you with one-on-one support to scan, locate, and if found, remove any malware threats.

Windows Malware Removal Help & Support

Thank you again @concernedboi

Ron