I'm in China, setting up my mom's infected laptop.
I used the recovery disk that came with the computer. fully wipe of hdd.
ASUS, windows XP pro (Chinese). it looks like official recovery disk, however a ASUS official recovery disk looks ghetto as hell, so it could be bootlegged just as easily, but it's the disk that came with the laptop years ago. Laptop bought in taiwan, not china.
So the computer is recovered and hdd wiped (should be)
* i installed about 10 trusted software (mozilla, skype...)
*I installed Avira and did a scan. nothing came up, but updating takes over an hour (i dont know why, but internet in china is weird)
*so i decided to try avast. i installed avast, it finished and asked if i wanted to do a bootscan. i clicked yes and the compu restarted and did a bootscan.
*after bootscan, which did not show anything, windows xp loaded, and i started to scan using avast.
*while avast is scanning, Avira guard pops up and says
TR/Crypt.XPACK.Gen
found in Temp\_avast4_\unp124008905.tmp
*avast did not detect anything during scan at the same time
*i moved file to quarantine, in avira
SO HERE's my QUESTIONS:
~ do I actually have a virus?
~ if yes, where did it come from? Avast (really???), the ghetto looking ASUS recovery disc, or something i installed
~ did avast discover it during bootscan and place it in its own temp file?
here's a full list of what i installed
four things i never used before:
hotspotshield
revo uninstaller
startup inspector - from windowsstartup.com
threatfire
and the usual....
adobe reader
avast
avira
chrome
firefox
gomplayer
picasa
skype
thunderfird
wmp11
please help, i've read someone else that someone with both installed had something like this happen, but no real answer was given. i am not planning to use both, just avast (since avira has problems updating in china).
-
-
its a trojan.
is it running in your task manager under processes? -
Why are you running Avast! and Avira at the same time? You should only run one of these... anti-virus programs generally don't play well with each other. Don't know if this is an actual virus problem or not. My recommendation would be to stop one of these A/V priducts (either Avast! or Avira) and scan with the other.
-
My Question is, WHERE ON EARTH did this Virus come from?
i just did a full wipe using a recovery disk only installed a handfull of programs
so its either from one of the programs or from the recovery disk itself
revo uninstaller - not from cnet, from http://www.revouninstaller.com/revo_uninstaller_free_download.html
startup inspector - from windowsstartup.com, http://www.windowsstartup.com/download.php
hotspot shield 1.22 - from cnet, http://download.cnet.com/hotspot-shield/
can somebody fully vouch for both of these? if so, i'm gonna have to guess the original recovery disk contained the trojan. thanks
avira was on the laptop.
avast was JUST installed minutes ago, when the issue came up. i was not running avira scan, avira guard actively detected it and popped up. -
did you buy the laptop from someone else? not a retailer? if so he/she could have made a bootlegged disc. the rest of the programs sound fine..that's why.
also uninstall one of your antivirus software.
its fine to sit in quarantine but it still might be running in your task manager..check it.
here's some info on it too
http://www.avira.com/en/threats/section/fulldetails/id_vir/4487/tr_crypt.zpack.gen.html
you could also try downloading malwarebytes antimalware. i know there's a few malware/spyware programs that should pick it up and remove it..that one should be one of em.
either that or try spywareterminator.
oh and pop that recovery disk back in your drive go to the folder and scan it with both avira and avast and see if it detects anything?
i dunno..just some ideas. hope it helps..if not well then i tried -
Not doing a scan doesn't mean the AV doesn't run, you write yourself Avira's 'Active Guard' is on while Avast is also installed.
Like this, whenever one AV 'catches' malware, the other one fails.
So uninstall one at least.
Also you can upload the file, caught by Avira, to Avira to have it checked for a false positive.
Cheers.
Crypt.XPACK.Gen - found by Avira in Avast, how did that happen?
Discussion in 'Security and Anti-Virus Software' started by stevenjchang, Aug 23, 2009.