TR/CryptXPACK.Gen3

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Using Antivir which is updated run regularly.
Received this report advising the detection of this trogan and what
confuses me is the last line of the report and  "Alow access" in
particular !

Virus or unwanted program 'TR/Crypt.XPACK.Gen3 [trojan]'
detected in file 'C:\Documents and Settings\User\Local
Settings\Temp\VS6VODOV.0HT.
Action performed: Allow access

Re: TR/CryptXPACK.Gen3


Quoted text here. Click to load it

I can't answer why the log shows "Action performed: Allow access" but can you
please
upload a sample to;  http://www.uploadmalware.com /


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: TR/CryptXPACK.Gen3

Thank you Dave,But I have been unable to find  any trace of that TR and
have scanned the drive using your latest Trend .
I have been having huge BSOD problems with a normally very stable
Desktop,so not sure what is going on.I do suspect a failing HD which is
just about 5yrs old.
King regards and thanks agaiin for all your great service,Richard


On Mon, 11 Jul 2011 11:38:55 -0400, "David H. Lipman"

Quoted text here. Click to load it


Re: TR/CryptXPACK.Gen3

wrote:
=A0http://www.uploadmalware.com /
Quoted text here. Click to load it

Sorry to hijack this thread.

David, if you submit a file do you get feedback (assuming you leave an
e-mail address).

I submitted a file (sccmver.exe) yesterday that just AVG (using
virustotal) and malware bytes thought was malware.

Tried live chat during lunch but work may be blocking access
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Security Error!: [SecurityErrorEvent type=3D"securityError"
bubbles=3Dfalse cancelable=3Dfalse eventPhase=3D2 text=3D"Error #2048"]
Please try reloading this page, if the problem persists, contact
tflash@thunderit.com and explain the problem
NOPOL! 4
All connection attempts exhaused(need a spell check there bud!),
please refresh the page and try again.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D


Re: TR/CryptXPACK.Gen3



Quoted text here. Click to load it
You know Ozzie, when I saw that submission I was thinking about you but I didn't
see
anything since and I deleted the analysis I did on that file.

As for feedback.  Only if it is requested in advance I know to expect it and you
put my
name in the comment field.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: TR/CryptXPACK.Gen3


Quoted text here. Click to load it

System Center Configuration Manager (SCCM) Client check utility

Drops and runs the script;  C:\WINDOWS\system32\SCCMcliver.vbs

Creates the log file;  C:\CPSLOGS\CPSsccmClient.Log

Runs the command...

reg.exe add HKLM\SOFTWARE\CPSCLEAR /v SMSassignedsite /t REG_SZ /f /d 0




--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: TR/CryptXPACK.Gen3

Boring :0)    I was hoping it was sneaky malware!

Thanks!

wrote:
Quoted text here. Click to load it


Re: TR/CryptXPACK.Gen3


Quoted text here. Click to load it

It's Microsoft.

BTW:  About the Chat on UploadMalware.  It isn't being used.  I don't know if it
has ever
been used.  Maybe when the site first came up but not now.



--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline