Jump to content

Malware database or description ?


Recommended Posts

Hi All,

MBAM has found a malware "packer.gen" in one only file of an old PC that I didn't use since some months. Searching this expression in all forums gives me 5 pages in which I often see HJT logs and removal procedures but I noticed that this malware was frequently mentionned in subjects related to false positive.

As I used this PC for a long time, it would be usefull for me to know what does such a malware. So, I've been searching all forums for this malware description but I didn't find anything. Moreover, I didn't find any forum dedicated to malwares description : what they do, how they install themself, what are the risks, what can be found in the registry or in documents and settings to be sure that the malware is activ, and so on ... So I post in this general topic.

When I search the web, I find (for exemple in Symantec database) about 300 Packed.Gen trojan discribed but no "Malware.Packer.Gen" such as dsicovered by MBAM (dbghelp.dll => Malware.Packer.Gen). The description given by Symantec is all but clear :

Packed.Generic.xxx is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software

Yes !?! But how to be sure that it was effectively a malware and that it did its sad job ? Is MBAM Packer.Gen also an heuristic detection and how can it be evaluated ?

Thanks in advance for your replies.

Best regards

Pulsar33

Link to post
Share on other sites

Hi noknojon,

Sorry but I don't understand your (quick but short) answer. When I search "Malware.Packer.Gen" on Google, I get about 664.000 answers but it's a long and fastidious list of forum posts saying "Raaaaaa, I have this malware. What can I do to remove it ?". And somebody answers "Post your HJT log" or "Download this remover" and so on. This is not what I'm looking for.

What I want to know is :

1

Link to post
Share on other sites

Pulsar33: Please follow this link I'm infected - What do I do now?, Please follow these instructions to clean your system an Expert will help you

From what I know:

  1. Malware does a variety of destructive functions that may even render your system completely useless
  2. For this go through the link

Any other question(s) please post back and someone will assist you

Link to post
Share on other sites

Sorry I was a bit "quick" earlier -

I only researched the "Packer.Gen" as you encased it in marks - There was a mis understanding with that item -

The item you posted is not 'Deadly' but should be checked by our experts as requested above by Haider

I hope it is solved very quickly -

Thank You -

Link to post
Share on other sites

Hi All,

Haider :

Sorry for the delay. It took me some time to make backups and other stuff. The job is done. I'm going to post the results.

kpqumbo : I had uploaded the file to virus total before posting here and the result is 0/40 ...

This is why my first post in this topic asked for informations about the threat, not for a removal procedure.

MD5: 4e6cfe4bba9635edfb08af6ba90cf1a0

First received: 2009.12.02 04:50:56 UTC

Date 2009.12.02 04:50:56 UTC [>249D]

R

Link to post
Share on other sites

I see

Windows 5.1.2600 Service Pack 1

Internet Explorer 6.0.2800.1106

Windows SP2 has been available since 8/10/2004 and SP3 has been available for over 2 years and IE8 for over a year. :)

Link to post
Share on other sites

Hi,

As said above, this is an old laptop and unfortunately XP SP2 crashes on this hardware => Back to SP1

You are right for IE but since IE8 has been release, this PC was off (as said above too).

I'll install Firefox as soon as the problem is solved.

Regards

Pulsar33

Link to post
Share on other sites

As YoKenny1 said - Also if you can't support the latest I.E. then the latest Firefox that you download will only add to the Extra pressure -

I think that is the message YoKenny1 is trying to add to you - I.E. is still part of the operating system and you are adding to it -

That was why I went for ORCA - Same thing but I have not had updates since it was installed -

Also "Malware.Packer.Gen" can just be a Generic value unless it has the target like dbghelp.dll attached -

Re: your question , see post #5 - A minor infection that will bug you -

EDIT - YoKenny1 just has a "snappy" sense of reality at times and means well

Link to post
Share on other sites

Sorry YoKenny1,

I don't understand your answer. Joke ? Serious ?

No joke!

Very serious!

If you run insecure operating system then you are at risk!

post-100-1281307776_thumb.jpg

Link to post
Share on other sites

@Pulsar33,

XP SP1 has not had any updates to it since 2004.

XP SP2 has just ended its support life July 13th, 2010.

How old is the laptop??

I have an old XP Pro laptop that was made in 2001 that hasn't been online in about 4 years, it's on SP2 currently and I haven't tried to update it to SP3 yet as it came out a year or two after I stopped using the laptop... and it still has IE6 as well.. :) however it would be interesting to see if it would work. Mine only has 256 MB of RAM on it, and I've been meaning to completely reformat it and see if I can still use it. I haven't had the time yet though.

Link to post
Share on other sites

Mine only has 256 MB of RAM on it, and I've been meaning to completely reformat it and see if I can still use it. I haven't had the time yet though.

Having only 256MB RAM for XP I would stick to Win98SE or I would find a suitable recycle depot. :)

Link to post
Share on other sites

It was built during 2002 and has 512 Mb of ram. It is quite handy to do simple jobs and I hope to use it some years more :)

Anyway, back on topic as you say. At this time in this topic somebody tells me it could be a false postiv and it is not detected as infected in /developer mode.

On the other hand, nobody has told me if the other parts of the logs were absolutely clean or not. Something seems suspicious to me and at this time, I've got no answer about it.

I would appreciate to be sure

Thanks for your efforts

Pulsar33

Link to post
Share on other sites

Pulsar33: Some infection may remain dormant that are used to instigate later, in your case the suspect is .dll, if I were you, I would have definitely sought an expert's opinion which you can easily get here. You've a decent amount of RAM, to secure loopholes you should upgrade to SP3

Link to post
Share on other sites

-

Please continue your topic with EXPERT Maniac (Borislav) as long as he wishes to assist you -

It is not in all of our best interests to intervene while there is a HJT thread running on this topic -

Only once the thread in the other area has finished , please post back then -

Thank You -

Link to post
Share on other sites

  • 4 weeks later...

Hi All,

It seems that Maniac doesn't want to assist me anymore, surely because I stopped to follow him in order to think deeply about the situation and asked him to answer to some fundamental questions. If this is the reason, Maniac should tell me that he doesn't want to go on rather than say nothing ...

At this time, I've to restart from an old ghost image because the situation isn't under control and answers hasn't be given. You can find the status and questions here and we return to the first questions that was posted here :

- was there something malicious on my PC or not ?

- if yes, what did it do ? ( and not how can I remove it )

I'll be glad if somebody could answer.

Best regards

Pulsar33

Link to post
Share on other sites

Please note -

Maniac is not always available "on call" -

He assists people here when he has time to help you -

Note that You waited about 5 days until you responded to his recomendations so please give him a few days to get back to you , if he can -

These helpers are NOT employed by Malwarebytes - They are All volunteers that spend their spare time trying to help you -

Link to post
Share on other sites

Hi noknojon,

I know that indeed. I don't reproach him. It's only because he has answered to other topics and because I've made a "up" without success that I suppose that he wants to stop. It seems that Maniac is involved in the "how to remove" process and this is very usefull. But since the begining, I'm looking for a "what did it do" answer ... (sorry if my english is approximativ)

Regards

Pulsar33

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.