Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/Crypt.XPACK.Gen8 [Solved]


  • This topic is locked This topic is locked

#16
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

Advertisements


#17
madimar

madimar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hmm... it seems I'm clean:

Avira Antivir fullscan report:



Avira Free Antivirus
Report file date: domenica 10 febbraio 2013 17:38

Scanning for 4966813 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : massimo
Computer name : SAMSUNG

Version information:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11/10/2012 15:58:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 15/11/2012 08:18:18
AVSCAN.DLL : 12.3.0.15 54736 Bytes 08/05/2012 08:34:31
LUKE.DLL : 12.3.0.15 68304 Bytes 08/05/2012 08:34:32
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09/05/2012 08:37:13
AVREG.DLL : 12.3.0.17 232200 Bytes 11/05/2012 08:37:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:57:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 06:57:20
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 11:08:55
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 12:26:40
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 07:10:19
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 15:02:44
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 09:44:31
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07/02/2013 15:46:04
VBASE009.VDF : 7.11.60.11 2048 Bytes 07/02/2013 15:46:04
VBASE010.VDF : 7.11.60.12 2048 Bytes 07/02/2013 15:46:04
VBASE011.VDF : 7.11.60.13 2048 Bytes 07/02/2013 15:46:04
VBASE012.VDF : 7.11.60.14 2048 Bytes 07/02/2013 15:46:05
VBASE013.VDF : 7.11.60.62 351232 Bytes 08/02/2013 15:43:56
VBASE014.VDF : 7.11.60.115 190976 Bytes 09/02/2013 10:42:36
VBASE015.VDF : 7.11.60.116 2048 Bytes 09/02/2013 10:42:36
VBASE016.VDF : 7.11.60.117 2048 Bytes 09/02/2013 10:42:36
VBASE017.VDF : 7.11.60.118 2048 Bytes 09/02/2013 10:42:36
VBASE018.VDF : 7.11.60.119 2048 Bytes 09/02/2013 10:42:36
VBASE019.VDF : 7.11.60.120 2048 Bytes 09/02/2013 10:42:36
VBASE020.VDF : 7.11.60.121 2048 Bytes 09/02/2013 10:42:36
VBASE021.VDF : 7.11.60.122 2048 Bytes 09/02/2013 10:42:37
VBASE022.VDF : 7.11.60.123 2048 Bytes 09/02/2013 10:42:37
VBASE023.VDF : 7.11.60.124 2048 Bytes 09/02/2013 10:42:37
VBASE024.VDF : 7.11.60.125 2048 Bytes 09/02/2013 10:42:37
VBASE025.VDF : 7.11.60.126 2048 Bytes 09/02/2013 10:42:37
VBASE026.VDF : 7.11.60.127 2048 Bytes 09/02/2013 10:42:37
VBASE027.VDF : 7.11.60.128 2048 Bytes 09/02/2013 10:42:37
VBASE028.VDF : 7.11.60.129 2048 Bytes 09/02/2013 10:42:37
VBASE029.VDF : 7.11.60.130 2048 Bytes 09/02/2013 10:42:37
VBASE030.VDF : 7.11.60.131 2048 Bytes 09/02/2013 10:42:37
VBASE031.VDF : 7.11.60.138 6656 Bytes 10/02/2013 10:42:37
Engine version : 8.2.10.250
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 13:33:36
AESCRIPT.DLL : 8.1.4.88 471417 Bytes 07/02/2013 15:46:46
AESCN.DLL : 8.1.10.0 131445 Bytes 13/12/2012 14:21:58
AESBX.DLL : 8.2.5.12 606578 Bytes 15/06/2012 09:55:34
AERDL.DLL : 8.2.0.88 643444 Bytes 11/01/2013 09:16:20
AEPACK.DLL : 8.3.1.2 819574 Bytes 22/12/2012 11:23:37
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06/11/2012 08:18:43
AEHEUR.DLL : 8.1.4.198 5751159 Bytes 07/02/2013 15:46:43
AEHELP.DLL : 8.1.25.2 258423 Bytes 12/10/2012 07:38:07
AEGEN.DLL : 8.1.6.16 434549 Bytes 25/01/2013 09:47:04
AEEXP.DLL : 8.3.0.24 188787 Bytes 10/02/2013 10:42:38
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 13:33:35
AECORE.DLL : 8.1.30.0 201079 Bytes 13/12/2012 14:21:57
AEBB.DLL : 8.1.1.4 53619 Bytes 06/11/2012 08:18:39
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08/05/2012 08:34:30
AVPREF.DLL : 12.3.0.32 50720 Bytes 15/11/2012 08:18:18
AVREP.DLL : 12.3.0.15 179208 Bytes 09/05/2012 08:37:13
AVARKT.DLL : 12.3.0.33 209696 Bytes 15/11/2012 08:18:17
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08/05/2012 08:34:31
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08/05/2012 08:34:32
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08/08/2012 08:30:06
NETNT.DLL : 12.3.0.15 17104 Bytes 08/05/2012 08:34:32
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 08/08/2012 08:29:58
RCTEXT.DLL : 12.3.0.32 97056 Bytes 15/11/2012 08:18:10

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: domenica 10 febbraio 2013 17:38

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'avscan.exe' - '86' Module(s) have been scanned
Scan process 'avcenter.exe' - '119' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'UNS.exe' - '41' Module(s) have been scanned
Scan process 'LMS.exe' - '29' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'SugarSyncManager.exe' - '70' Module(s) have been scanned
Scan process 'RunDll32.exe' - '35' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '20' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'chrome.exe' - '67' Module(s) have been scanned
Scan process 'WCScheduler.exe' - '53' Module(s) have been scanned
Scan process 'chrome.exe' - '39' Module(s) have been scanned
Scan process 'HD-Agent.exe' - '91' Module(s) have been scanned
Scan process 'Dropbox.exe' - '78' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '73' Module(s) have been scanned
Scan process 'jusched.exe' - '29' Module(s) have been scanned
Scan process 'avgnt.exe' - '85' Module(s) have been scanned
Scan process 'googledrivesync.exe' - '122' Module(s) have been scanned
Scan process 'Skype.exe' - '126' Module(s) have been scanned
Scan process 'googledrivesync.exe' - '20' Module(s) have been scanned
Scan process 'chrome.exe' - '115' Module(s) have been scanned
Scan process 'RocketDock.exe' - '49' Module(s) have been scanned
Scan process 'EasySpeedUpManager.exe' - '37' Module(s) have been scanned
Scan process 'SmartSetting.exe' - '55' Module(s) have been scanned
Scan process 'dmhkcore.exe' - '56' Module(s) have been scanned
Scan process 'MovieColorEnhancer.exe' - '46' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '37' Module(s) have been scanned
Scan process 'mbamgui.exe' - '35' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '88' Module(s) have been scanned
Scan process 'SWMAgent.exe' - '88' Module(s) have been scanned
Scan process 'c2c_service.exe' - '35' Module(s) have been scanned
Scan process 'SamsungDeviceConfiguration.exe' - '24' Module(s) have been scanned
Scan process 'PassThruSvr.exe' - '19' Module(s) have been scanned
Scan process 'mbamservice.exe' - '42' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '33' Module(s) have been scanned
Scan process 'HD-LogRotatorService.exe' - '30' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '64' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'sched.exe' - '40' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '5666' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\'
D:\SCHTC\TitaniumBackup\com.android.mms-20120908-152112.tar.gz
[WARNING] Possible archive bomb: the maximum compression ratio has been exceeded.
D:\SCHTC\TitaniumBackup\com.android.mms-20120929-181704.tar.gz
[WARNING] Possible archive bomb: the maximum compression ratio has been exceeded.


End of the scan: luned́ 11 febbraio 2013 04:27
Used time: 10:48:49 Hour(s)

The scan has been done completely.

76876 Scanned directories
3469550 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
3469550 Files not concerned
90976 Archives were scanned
0 Warnings
0 Notes
954858 Objects were scanned with rootkit scan
0 Hidden objects were found


VRT report:

Autoscan: completed 50 minutes ago (events: 2, objects: 3698539, time: 11:39:01)
11/02/2013 00:37:50 Task started
11/02/2013 12:16:52 Task completed


I will monitor the system in these days to be sure I'm clean.

Regards,

M
  • 0

#18
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.

    Posted Image

  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

You can now reinstall Easy Software Manager and Kies if you wish.

There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#19
madimar

madimar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you really for your help and support. I just sent you a donation to thank you for your time. It is not a big amount of money but I hope it is ok for you.

Regards,

M
  • 0

#20
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Thank you for your donation! I really appreciate it.

If you wish any further assistance or advice do not hesitate to ask.




  • 0

#21
madimar

madimar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hallo Render,
unfortunately I'm here with a "new problem". It is really strange for me considering I'm quite careful avoiding infections and I've been living for years without any issue...
I don't know if they are false positives again but I just received some alerts by Malwarebyte:

2013/02/15 09:18:32 +0100 SAMSUNG (null) MESSAGE Starting protection
2013/02/15 09:18:34 +0100 SAMSUNG (null) MESSAGE Protection started successfully
2013/02/15 09:18:34 +0100 SAMSUNG (null) MESSAGE Starting IP protection
2013/02/15 09:18:40 +0100 SAMSUNG (null) MESSAGE IP Protection started successfully
2013/02/15 09:20:52 +0100 SAMSUNG massimo MESSAGE Executing scheduled update: Daily
2013/02/15 09:22:02 +0100 SAMSUNG massimo MESSAGE Scheduled update executed successfully: database updated from version v2013.02.13.04 to version v2013.02.15.04
2013/02/15 09:22:02 +0100 SAMSUNG massimo MESSAGE Starting database refresh
2013/02/15 09:22:02 +0100 SAMSUNG massimo MESSAGE Stopping IP protection
2013/02/15 09:22:02 +0100 SAMSUNG massimo MESSAGE IP Protection stopped successfully
2013/02/15 09:22:04 +0100 SAMSUNG massimo MESSAGE Database refreshed successfully
2013/02/15 09:22:04 +0100 SAMSUNG massimo MESSAGE Starting IP protection
2013/02/15 09:22:07 +0100 SAMSUNG massimo MESSAGE IP Protection started successfully
2013/02/15 12:22:24 +0100 SAMSUNG massimo DETECTION C:\Program Files (x86)\TP-LINK\TL-PA211 Powerline Utility\WinPcap_4_1_1.exe Trojan.Backdoor.MRX QUARANTINE
2013/02/15 12:25:23 +0100 SAMSUNG massimo DETECTION C:\Program Files\CCleaner\uninst.exe Trojan.Backdoor.MRX QUARANTINE
2013/02/15 12:25:25 +0100 SAMSUNG massimo DETECTION C:\Program Files\Defraggler\uninst.exe Trojan.Backdoor.MRX QUARANTINE
2013/02/15 12:25:38 +0100 SAMSUNG massimo DETECTION C:\Program Files\gs\gs9.05\uninstgs.exe Trojan.Backdoor.MRX QUARANTINE


Those SW are very common (ccleaner, defraggler), do you have any suggestion?

Thanks in advance,

regards,

M
  • 0

#22
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

It looks to be a fault in the database update of Malwarebytes Antimalware. But it should be fixed already. Please update your MBAM and make a quick scan again. Then report back with MBAM log.
  • 0

#23
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP