+- Twitist Forums (http://twitist.com)
+-- Forum: Twitter forums (/forum-1.html)
+--- Forum: Twitter General help (/forum-6.html)
+--- Thread: What is tr/crypt.xpack.gen3 trojan and how to remove it? (/thread-44295.html)
What is tr/crypt.xpack.gen3 trojan and how to remove it? - Roger - 11-19-2012 02:55 AM
4 days ago I downloaded a driver that comes with a virus. My free avira AV was able to detect these viruses and quarantined them. I thought everything was okay until I kept on receiving alerts from avira that viruses are detected. I quarantined them and went to the folders where they are located. There were suspicious files that couldn't be deleted!! So I looked for a force delete software and was able to delete them--at last!
I was thinking that maybe the previously removed viruses were not removed at all because I kept on receiving virus alert from avira..3 days after I was shocked not to be able to login to my gmail account!!! Not only 1 account but all my gmail accounts! I immediately reported the incident to gmail and after 1 hour they sent me gmail recovery instructions. I was able to access my account and I was correct with my impression that my account got hacked!
I ran avira again and detected the name of the trojan (tr/crypt.xpack.gen3) which is according to avira is a low risk trojan. How could that be? He was able to hack my gmail!! What worst is my paypal account got hacked as well!!! I'm so lucky my paypal doesn't have funds at that time although the hacker managed to send $0.50 from the $0.53 left from my account.
I immediately changed the passwords of my important account (including twitter which got hacked as well!!) That scared me!! avira is vulnerable to such "low-risk" trojan..according to gmail, the IP of hacker came from sweden but i doubt it (the hacker changed the language of my gmail to arabic).
I immediately reformat my laptop. I've read somewhere that such trojan can grip on the system no matter what free AV software you use. How dangerous this trojan is? How to remove it??
agree! looks like it's not a low-risk trojan. it can gain access to paypal as mentioned in the site.
I have also read some people encountered TR/Crypt.XPACK.Gen and TR/Crypt.XPACK.Gen2. I don't know the difference among them but I guess "3" is the latest and most dangerous.
- Lance L - 11-19-2012 03:03 AM
The answer lies here : http://www.trustedsource.org/malware-virus-description/286069/Trojan-Crypt-XPACK-Gen
Seems not that low-risk after all.
- Pall Mall - 11-19-2012 03:03 AM
run in normal mode
http://www.majorgeeks.com/Kaspersky_Free_Cleaner_d4515.html
kaspersky virus removal tool. what it won't fix delete the file
run in safe mode
http://malwarebytes.org
http://superantispyware.com
if you have that you probably have more
use this with avira - it ifills in the weak spots that avira has is free and works very well
http://immunet.com
- Fred Smith - 11-19-2012 03:03 AM
You can run other anti-malware you know.
See link.
- SH - 11-19-2012 03:03 AM
Get the following software, all free, from the links below. Get them from a clean computer onto a flash drive. Now boot your computer into safe mode (hold f8 key while booting up). Run each from safe mode. This works in most cases.
http://www.malwarebytes.org
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.superantispyware.com