Spyware, Viruses, & Security forum

General discussion

Packed.gen Need help.

by Ms Donna Cow / February 24, 2006 6:47 AM PST

Hi all. I have this on my computer. AVG cannot deal with it neither can Spybot. I looked on Symantec and not known there. McAfee have a download tool to get rid of it but I need to have their registered programme, which I do not have. They advise Packed.gen is a file deleater which slowly deleats windows files untill windows runs no more. I found it on this laptop after my PC lost enough files to cease operating the virus protection and would not allow any internet access anymore. Can anyone help me here?

Discussion is locked
You are posting a reply to: Packed.gen Need help.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Packed.gen Need help.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
More Info on it
by Ms Donna Cow / February 24, 2006 7:00 AM PST
In reply to: Packed.gen Need help.

Virus Characteristics

Del-468 Trojan is a file deleting trojan.
When executed, it copies itself into %Windir% folder as "Mstinlt.exe"

The Trojan creates the following registry run keys, to load itself at system startup :

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"Mstinlt.exe" = "%Path to file%"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
"Mstinlt.exe" = "%Path to file%"
The Trojan attempts to delete all files in the root of the "c:\ " drive.
It also deletes; from "C:\%Windir%" folder and "C:\%Windir%\System32"; files with the following extensions :

com
cpl
inf
nls
msc
hlp
and other random file extensions.

If the trojan succeeds, Windows will no longer function properly until the files deleted have been restored.




Indications of Infection

Missing system files in the folders listed above.
Inability to boot Microsoft Windows.



Method of Infection

Intentionally or accidentally running this program results in the deletion of critical system files.



Removal Instructions

A combination of the latest DATs and the Engine will be able to detect and remove this threat.

Overwritten/Deleted files must be restored from backup or reinstalled.

AVERT recommends to users that they not trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.



Aliases

Troj/DellAll-S - Sophos, Trojan.KillFiles - Doctor Web, Trojan.Win32.Agent.bj - Kaspersky, W32/MEWpacked.gen - Norman, W32/Tintle.A.worm - Panda

Collapse -
See if you can get ewido to install
by roddy32 / February 24, 2006 7:31 AM PST
In reply to: More Info on it

and scan for this. Please try this. You may not need the log but save it anyway.

Download link http://www.ewido.net/en/


* Install ewido anti-malware
* When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido, there should be an icon on your desktop double-click it.
* The program will now go to the main screen

You will need to update ewido to the latest definition files.

* On the left hand side of the main screen click Update
* Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/

Once the updates are installed do the following:
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* While the scan is in progress you will be prompted to clean files, click OK
* When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop.

Now close ewido anti-malware.

Collapse -
Thanks
by Ms Donna Cow / February 24, 2006 7:37 AM PST

I will give this a go right now

Collapse -
(NT) Hi Some of it is still there. Cannot be healed or moved
by Ms Donna Cow / February 24, 2006 9:37 AM PST

It is embedded in the files, Dam thing.

Collapse -
OK, All the research I have done on
by roddy32 / February 24, 2006 10:13 AM PST

this it looks like a HijckThis expert forum is next. We do NOT do those logs here but if you take your log to one of the places in this premade post, they should be able to help you. They will be able to SEE more or less what is going on. Just follow the directions on this premade post. SOME of the things you have already so you won't need to download them again and good luck. Please post back and let us know how you make out. HJT is a very powerful tool and only advanced users should use it.

Please post your HJT logs in one of the following HJT forums:

- http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
- http://forums.spywareinfo.com/index.php?showforum=18
- http://forums.subratam.org/index.php?showforum=7

Attention: You have to register to be able to post your HJT log !!


HijackThis download locations:
http://castlecops.com/zx/Merijn/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/HijackThis.exe
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://downloads.subratam.org/hijackthis.zip

It is important that you run HijackThis.exe in its own folder so the backup files that HijackThis creates will not be accidentally deleted.

Open 'My Computer', then double-click to open C:\ (or the drive letter that your Windows is installed on)
In the menu bar, click File-->New-->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ or C:\HijackThis\ folder. Put your HijackThis.exe there, and double click to run it.

Click 'Scan' button. Click 'Save log' button. Save the 'hijackthis.log' in your desktop. Copy and paste the content of 'hijackthis.log' and post the log file in any forums that offers HijackThis analysis.

Most of what it lists will be harmless, so do not fix anything yet.

BEFORE you post your HJT log - it would be appreciated if you would :

Download and install the following programs, If they're not on your computer, yet:
- AdAware SE : http://www.lavasoftusa.com/support/download/
- Spybot 1.4: http://www.safer-networking.org/en/mirrors/index.html
- CCleaner: http://www.ccleaner.com/ccdownload.php
Download CWShredder: http://www.intermute.com/products/cwshredder.html
and put it in it's own folder, f.e. 'C:\CWShredder' or C:\Program Files\CWShredder'
- Microsoft AntiSpyware Beta:
http://www.microsoft.com/athome/security/spyware/software/default.mspx


Please be PATIENT - For those of you looking for assistance with HJT logs, please be patient. The experts are really swamped with requests to have logs reviewed etc. If they do not get with you immediately it only means they are helping someone else. Remember they do this free of charge and in their spare time so please be

Collapse -
Problem Fixed
by Ms Donna Cow / February 25, 2006 3:39 AM PST

I downloaded HJT ran the scan and got rid of it after checking with local a tech to be sure it was ok. It does not show anymore. Thank you all so much for your help here.

Collapse -
(NT) (NT) That's great, You're welcome :)
by roddy32 / February 25, 2006 4:47 AM PST
In reply to: Problem Fixed
Collapse -
In addition to what Roddy said
by dawillie / February 24, 2006 9:41 AM PST
In reply to: More Info on it

please go to

http://www.moosoft.com

and d/l install update definitions and run 'The Cleaner'.

This is a 30 day [free] shareware Trojan cleaner.

Please post back with results.

david

Collapse -
Thank you dawillie
by Ms Donna Cow / February 24, 2006 11:15 AM PST

I have downloaded this and scanned. Nice easy tool to use. Those embedded things are there still but I will try what roddy suggested. Unfortunatly it is too late for my PC but I hope to save the laptpo from being fdisked. Cheers.

Collapse -
Chrizzy... An added note..
by Carol~ Forum moderator / February 24, 2006 1:12 PM PST
In reply to: Packed.gen Need help.

of encouragement. Roddy suggested you go to a site that analyzes HJT logs. I have read of a couple of people in your same situation, who have been helped by this. As an example, in the following link, user ''Snotz'' also had AVG detect ''Packed.gen''. If you take a look at their post on January 27th @ 6:56AM and follow it down, you'll see where the problem was eventually taken care of.

I am in no way saying this will be your experience. What I am saying is.. it can be done. And.. done so in a manner where you won't have to ''jump through too many hoops'' getting there.

http://forums.maddoktor2.com/index.php?showtopic=6639

I don't know what level you're at, but looking at these logs can be intimidating. The people at these forums, are extremely patient and knowledgeable. They will help you, no matter what level you're at. Please follow Roddy's suggestions. It will help!

Good luck..
Carol

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.