Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Computer QUESTION: About "Packed.Win32.Krap.hm!A2"
www.threatexpert.com/report ^ | Aug 11, 2010

Posted on 08/11/2010 2:55:05 AM PDT by Yosemitest



TOPICS: Computers/Internet
KEYWORDS: bot; computerhelp; computers; malware; microsoft; microsofttax; software; tech; trojan; virus; windows

1 posted on 08/11/2010 2:55:06 AM PDT by Yosemitest
[ Post Reply | Private Reply | View Replies]

To: Yosemitest

sounds like a trojan virus that unloads a bunch of them at once.

I was able to delete the ones I got from a packet even though at startup I still get a message that something can’t be found.

I just used Malware Bytes


2 posted on 08/11/2010 2:59:59 AM PDT by GeronL (http://libertyfic.proboards.com <--- My Fiction/ Science Fiction Board)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Yosemitest

You can boot from a Linux Cd and then save all the files you want on Memory sticks. Then do a Windows recovery.


3 posted on 08/11/2010 3:07:03 AM PDT by Nateman (If liberals are not screaming you are doing it wrong!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL
I've run "Malwarebytes' Anti-Malware 1.46" with a recent update and it didn't detect it.
But "Online Armor++" detected it.
4 posted on 08/11/2010 3:12:00 AM PDT by Yosemitest (It's simple, fight or die.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Yosemitest

I googled it and found a few sources saying it was a false positive.


5 posted on 08/11/2010 3:27:58 AM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Yosemitest

Its a valid trojan so never mind about the false positive. Manual removal instructions here http://www.spywareremove.com/removePackedWin32Krapag.html

It will log key strokes and download other software.

Do a boot time scan and your AV should remove it.


6 posted on 08/11/2010 3:41:13 AM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Yosemitest
Without knowing your level of expertise:

On a non-infected box,

DL BitDefender's rescue disk,

Grind it to cd... It is in ISO format, so you need to know how to grind a CD from a file.

BitDefender.com: "How to create a BitDefender Rescue CD"

Boot to the disk, and scan the affected computer.

kb.BitDefender.com:"Using the BitDefender Rescue CD"

BitDefender's clean up engine is pretty effective. It is Linux, but the AV pops up when the boot is done, so all you really need to do is press it's start button...

This is just like in the old days... One needs the native OS to be off-line to kill the bugger, so one must use a boot disk.

I have other solutions if this one doesn't work, but they all require a miniaturized Windows platform to run from - Something Joe-user would have a hard time putting together... Lemme know.

7 posted on 08/11/2010 3:48:46 AM PDT by roamer_1 (Globalism is just Socialism in a business suit)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Yosemitest
If you get it fixed,, this is what I do, (I'm no expert)

1. for surfing the net, make another account w/o administrative permission. Only use this account to surf with. IF I get any malware, I delete that account and make a new one.

2. I have a separate little laptop that is used for banking only. NOTHING ELSE.

I have turned off all anti-virus and firewalls on the surfing computer. It is lightning fast :)

8 posted on 08/11/2010 4:30:57 AM PDT by MrPiper
[ Post Reply | Private Reply | To 1 | View Replies]

To: Yosemitest

sfl


9 posted on 08/11/2010 4:36:09 AM PDT by phockthis
[ Post Reply | Private Reply | To 1 | View Replies]

To: Yosemitest

One other thing you should do before you run a scan.Before you boot your computer, unplug your modem cable. Some of these malware viruses download things on startup and you wind up like a dog chasing its own tail. When you are clean, plug in your cable.


10 posted on 08/11/2010 4:38:31 AM PDT by TheCipher
[ Post Reply | Private Reply | To 1 | View Replies]

To: Yosemitest

http://www.malwarebytes.org/


11 posted on 08/11/2010 5:03:31 AM PDT by stinkerpot65 (Global warming is a Marxist lie.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Yosemitest

malwarebytes will get rid of it, but you also need to download rkill.com. It kills the process so you can safely use malwarebytes.

If you can’t get the programs downloaded onto your computer, download them onto a clean computer and copy to a flash drive or cd-rom and then install them through safe mode.


12 posted on 08/11/2010 5:23:15 AM PDT by melissa_in_ga (I can see November from my house!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Yosemitest

Do the following:

1. Restart your computer, while restarting, press and hold down the F8 key. If you hear a clicking sound, release the key and immediately press it down again. Repeat until you get to a screen that lists a number of options.

2. Select start in Safe Mode with networking,

3. Select the account named administrator if possible.

4. After startup, go online and download the following programs to your desktop: RKILL http://download.bleepingcomputer.com/grinler/rkill.exe”;

COMBOFIX http://www.google.com/url?sa=t&source=web&ct=res&cd=2&ved=0CA0QFjAB&url=http%3A%2F%2Fwww.combofix.org%2Fdownload.php&ei=DaTIS52dNJW09gS-3qSZCw&usg=AFQjCNHZOzvWVDVokuL0QVCBJjBrFheaCQ&sig2=r8HfGs5f-SLl62p-qREPfg”;

MALWAREBYTES: http://www.malwarebytes.org/mbam.php

5. Run RKILL it will stop the processes

6. Run Combofix, it will install the recovery console and update itself, and then run a full scan – let it complete.

7 After that install and run Malwarebytes in quickscan. That should remove the problem and fix the registry.

8. That evening run a complete scan with Malwarebytes

If you can’t get into the administrator account, download these files from another computer and copy them to the desktop. If you can, start in safe mode, log in to the computer and as soon as you can, run rkill, continue to try running it as soon as you see your desktop. It will kill the process and you can proceed from there.


13 posted on 08/11/2010 5:34:09 AM PDT by johncatl (...governs least, governs best.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL

I still get a message that something can’t be found.


Try running combofix to take care of that.


14 posted on 08/11/2010 5:46:36 AM PDT by free me (Sarah Palin 2012? You Betcha!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Yosemitest

ping


15 posted on 08/11/2010 5:54:04 AM PDT by The_Sword_of_Groo (Counting the days until the US gets to apologize for Obama)
[ Post Reply | Private Reply | To 1 | View Replies]

To: roamer_1
I'm running Windows XP SP2. What other solutions do you have?

And once you get rid of it, how do you keep it from coming back?

16 posted on 08/11/2010 10:48:27 AM PDT by Yosemitest (It's simple, fight or die.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Yosemitest
I'm running Windows XP SP2. What other solutions do you have?

How did the Bitdefender boot disk go?

From inside the Native OS (these are not bootable solutions):

Kaspersky AVPTool is a cleanup engine (manual scanner, limited-time use). DLD and install per normal settings. Run the scanner (if you next'd through the install, it will be on your desktop) After completion it will ask to uninstall.

**NOTE** If you say NO, it will remain... One can run it again from within it's folder on your desktop. But it MUST, MUST, MUST be run again/quit, w/ ask uninstall... Choose YES to uninstall. OTHERWISE, if the uninstaller isn't used, it will leave a low-level driver running in your box. DO NOT just delete it's folder.

ELSE, just choose "YES" to uninstall in the first place.

Each time it is installed, it will have a different and unique name... This is normal, so that bugs can't detect it by it's name. Not to worry.

REF: http://avptool.virusinfo.info/en/

NEXT Option:

WebDoctor Cureit is similar in function to KAV's AVPTool, in that it is a single DLD package. But it is simpler to use - Just DLD the executable and run it to fire up the scanner... Delete the executable when done.

WebDr Cureit is a pretty good scanner, but it is usually my last resort... It detects brilliantly, but very aggressively, and can come up with false positives. Be careful if it is giving you "generic" or "maybe" labeled names... It's a crapshoot as to whether they are really infected IMHO.

Try those and see. Best to run them from safe mode if you have it. Then see what is next...

And once you get rid of it, how do you keep it from coming back?

Windows: SP-3. Newest IE (whether you use it or not, PS: Don't use it, see below), Newest Media Player (whether you use it or not). ***ALWAYS ALL UPDATES***.

Firewall: Meh. At LEAST Windows Firewall running. More than that is questionable, especially if you are behind a router.

AV (Choose ONE from below):

Norton, Mcaffee, Trend... All are POO. Discard, slap upside head for being a dumba$$.

NOTE: McAffee and Norton do not uninstall cleanly, and you must find their respective uninstallers and run them AFTER normal uninstall/restart. Otherwise, many other AV's will not install due to their vestiges.

Everything below (except F-Protect) can be found at http://www.filehippo.com, mostly in the "Anti-malware" section.

For $$, the very BEST is Kaspersky Anti-Virus (Don't need the full Internet Security version) For multiple machines, find a local dealer that can set you up with corporate KAV (way cheaper). Extremely effective, but can be heavy (fat) on older machines.

Next best, NOD32 by Eset - Though if multiple machines, this gets spendy fast... Very effective, but it is very light-weight

Next best: F-Protect: Just about as good as above, but killer good deal for multiple boxes... $30 per year buys 5 seats. Very effective, pretty light-weight. This is my house brand, though I use Kaspersky on my server and test-benches.

Honorable mention: Sophos, BitDefender.

ALL of the above have 15-30 day trials, so try them and see which you prefer. ONLY ONE AV running on the box at a time

If $$ is a problem, FREEWARE:

Microsoft Security Essentials - Excellent protection, and probably the best AV at finding Rootkits. I run this on my laptop. NOTE: Requires Activated/Genuine Microsoft, so if you are running bandit, nevermind.

Avira Antivir (personal free): Excellent, but does not include an e-mail scanner. If you use only web mail (Yahoo, Gmail, hotmail, etc) this is a fine solution.

SPYWARE:

MUST HAVE Spybot Search and Destroy. Doesn't detect everything, but what it does, it does very well. Also has good adv. tools for start-up management, HOSTS file, etc. Note: turn off "tea-timer" on install.

AND

SuperAntiSpyware; Super all-around at spyware detection. If you are a malwarebytes fan, this could be skipped - But I think SuperAntiSpyware is better.

CLEANER:

CCleaner dumps all caches and trash with the push of a button. MUST HAVE.

Operation:

Only the AV runs in background. all others are manual scanners. So you have to run them once a week or so.

Running CCleaner first removes cookies and temp stuff, so any hits with the anti-spyware/anti-virus will be serious ones... So pay attention:

1.CCleaner
2.Spybot S&D (Update, immunize, scan, fix)
3.Superantispyware (Update, scan, fix)
4.Antivirus, (manual update, manual scan, fix)

Finally, for web browser, use Firefox, or Opera. Do not use IE for surfing, though it is fine for sites you know are safe. Preference is Firefox.

For Mail, use Thunderbird, Eudora, or Pegasus. Avoid OE and Outlook, UNLESS you have a PIM that you sync to your box. Preference is Thunderbird.

Browser and mail are important. IE and OE/Outlook use ActiveX, which is a sorry way to go. Install Sun Java, and most sites will use it instead, but even displaying a message in a preview pane in OE\Outlook can get you infected (Preview uses ActiveX), and most drive-by scripts use ActiveX code to infect.

Ancillary:

Newest Adobe Flash (two installers, one for IE, one for Firefox/Opera.
Newest Adobe Shockwave (if Shockwave is installed)
Newest/update Java

17 posted on 08/11/2010 6:12:52 PM PDT by roamer_1 (Globalism is just Socialism in a business suit)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Yosemitest

I have been using the following two programs for years now. Zero problems and my computer runs like day one. I have had my computer for 8 years now and it is extremely fast.

Just get CC Cleaner which is free.

http://www.piriform.com/ccleaner

and

Advance System Care. It will be the best $18 you ever spent.

http://download.cnet.com/Advanced-SystemCare-Free/3000-2086_4-10407614.html


18 posted on 08/11/2010 6:22:06 PM PDT by Sprite518
[ Post Reply | Private Reply | To 1 | View Replies]

To: roamer_1
My motherboard will NOT support SP3.
I downloaded it, and my computer froze up.
Microsoft support helped me get it back,
and told me to turn off automatic updates, and to stay with SP2 updates and no higher with the manual updates.

I'll check out what you suggested, but Online Armor++ 4.0 is my current firewall. I use CCleaner to help me get rid of bad system loads.
Spyware Terminator Advanced Mode and don't trust but a few select programs has help me keep them at bay, but they're still on my computer.

Advanced SystemCare Pro also helps, but I found a autosweep program loaded in an obscure location that was deleting most of my security programs after a certain time limit.
I believe I've stopped that little nasty job, but I'm not confident.

I heard on Fox news that there's a new virus that's wiping out allot of on-line banking accounts, and that's my biggest concern.

I'm seriously considering going to the pay version of Malywarebytes' Anti-Malware, but their free version, even with manual updates before I scan, didn't detect this problem.
Only Online Armor++ caught it.

19 posted on 08/12/2010 2:11:33 PM PDT by Yosemitest (It's simple, fight or die.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Sprite518
I'm using Advanced SystemCare Pro,
but one nasty little tool this virus uses is the "autosweep" in ACP, to wipe out your security programs, after a short time limit, if you disconnect the internet line.

I use CCleaner, and keep it updated, and I like it, but it was attacked by the "autosweep" program that this virus installed.

It took me three reloads from backup before I figured it out.

20 posted on 08/12/2010 2:17:15 PM PDT by Yosemitest (It's simple, fight or die.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Yosemitest
My motherboard will NOT support SP3.

That seems highly unlikely. I do a gazillion installations a year, and I have never seen SP-3 unable to go on... In fact, my install disks are made from an XP SP-3 master.

Now, it IS possible on upgraded systems - I have seen that - Where a retail upgrade was used to install WinXP with... But if you are using a stock, OEM installation disk, Just find someone with an SP-3 OEM installation disk and use it instead.

It seems more likely that some configuration is preventing a clean load from the SP-3 distributable, rather than hardware. Maybe something BIOS related (you should have the newest BIOS available).

SP-3, and updates following, are pretty critical to security. Many exploits that worked on SP-2 are no longer functional in SP-3. The same is true of Windows Media Player and Internet Explorer, to include DirectX... All of these subsystems are where your vulnerability lies.

I would highly recommend befriending a local guru to figure out what/why. Even if you had to start from a clean rub, it would be to your advantage.

Otherwise, chuck it, and get a newer used system. 2600+ to 3g boxes are readily available under $100 (or at least they are around here). One way or another, your system has to receive critical updates. There really isn't any good prevention (in Windows) without that solid base.

I'll check out what you suggested, but Online Armor++ 4.0 is my current firewall.

I am unfamiliar with OA++. I know the firewall, which is good, and I believe the AV component is by Ikarus, which is no terrible slouch, but I am not in favor of "one-step wonder suites." I MUCH prefer a layered defense - Due to that, I haven't tried it.

I DO know Ikarus, though, and I would suggest that there are better solutions available.

21 posted on 08/12/2010 5:24:46 PM PDT by roamer_1 (Globalism is just Socialism in a business suit)
[ Post Reply | Private Reply | To 19 | View Replies]

To: roamer_1
My bios is 1999 on a Toshiba Satellite A-75 S226.
Service Pack 3 won't work on my computer.
22 posted on 08/13/2010 10:08:46 PM PDT by Yosemitest (It's simple, fight or die.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: roamer_1

I want an "Apple Laptop" and I'm trying to make this one last until I can afford a new one.
I'm sick of "Windows" and the virus headaches.

I can take it back to factor specks and load SP2 from a disk and then get my firewall up and running, and then get the updates from windows.
But I still worry about getting viruses the first time I get on the internet, while I'm updating Windows XP.
It may be time to buy a new computer.

23 posted on 08/13/2010 10:33:30 PM PDT by Yosemitest (It's simple, fight or die.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Yosemitest
I want an "Apple Laptop" and I'm trying to make this one last until I can afford a new one. I'm sick of "Windows" and the virus headaches.

load your present laptop with Linux - Ubuntu is as easy as it gets, providing it will run everything from the Live! disk. Go dld the Ubuntu Live! ISO, grind it, and boot to it. Try it out. If everything works, then shove it on there. Why pay for the Apple, when you can get the tree for free? *snicker*

I can take it back to factor specks and load SP2 from a disk and then get my firewall up and running, and then get the updates from windows.
But I still worry about getting viruses the first time I get on the internet, while I'm updating Windows XP.

THERE's the problem. Screw "factory specs." Get ahold of an OEM XP SP3 disk

*ahem* *mumbles "torrent"* *cough*

Pardon me... something in my throat...

As I was saying, find an OEM SP-3 Installation disk (make sure Home vs. Pro)
Go to toshiba's site, dld the drivers for your box, unpack them and grind them to a second disk.
Boot up the OEM Install disk, rub off the system partition, and install.
After it is up and running, install the drivers, starting with the chipset drivers, then video, and whatever after that.

It will work. If it doesn't, you can always restore it to factory again

**NOTE** Do not remove the recovery partition (if it has one) when installing Windows, or the restore/factory function will not work.

**NOTE SOMMORE** Be sure your windows key is legible on the bottom of the box, ELSE use this to suck it out of the current installation before you rub it off... Similar problems exist for MS Office, etc...

***NOTE SOMMORE EVEN, YET*** Only a total moron wouldn't understand that this process will result in the loss of all data on the box. Get all important files off the box before you begin... Not sayin', just sayin' :D

OR, if your box is clean now (viruses gone):

You can try loading SP-3 from the IT distributable version. These work better than Win Update.

It may be time to buy a new computer.

It is ALWAYS time to get a new box. :D
If this is your excuse, it is as good as any...

But as far as laptops go, A Win7 64bit is the cat's a$$. With back 2 skewl going on, you should be happening in $450-$600 (think Acer).

Disclaimer: I am not a Win fanboi. Just don't like spending heavy bucks for fruit.

24 posted on 08/14/2010 12:10:58 AM PDT by roamer_1 (Globalism is just Socialism in a business suit)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Yosemitest
BTW, If you haven't upped the ram in that box, 2- 1g. sticks would make it scream... Even another 512 stick would make it a whole nuther thing. It's about a 3g processor (IIRC), so it is still way useable...

If you can get it running SP-3+, I would stuff a big drive (250+) and big ram in it, and drive it into the ground.

Befriend a good service tech in your area (back alley, not bow-tie)... good used parts are cheap.

25 posted on 08/14/2010 12:37:44 AM PDT by roamer_1 (Globalism is just Socialism in a business suit)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Yosemitest

BTW sommore,

You say you are loading your AV before allowing update to SP-3 - Some AV’s screw with installation. try disabling it, or use a different AV.

SP-3 update can look like it is totally froze up... it will sit there looking at you for 10 minutes. Let_it_finish.


26 posted on 08/14/2010 12:48:30 AM PDT by roamer_1 (Globalism is just Socialism in a business suit)
[ Post Reply | Private Reply | To 23 | View Replies]

To: roamer_1
I've got an SP3 OEM CD I paid $12.00 for several years ago that was mailed from Microsoft.
After I loaded it, it wiped out my Realtec Audio, and created other problems.
Microsoft Windows Technical Support is who told me that SP3 wouldn't work.
It took their technician's 3 days to get my system to where they could see that my motherboard wasn't compatible.

I tried to get the "BitDefender RESCUE CD ISO to load on boot up from the CD drive.
It wouldn't load the 319.5MB file.
I don't know what went wrong, but I'll try to figure it out.
27 posted on 08/14/2010 8:52:32 AM PDT by Yosemitest (It's simple, fight or die.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: roamer_1
I went to Bit Defender's site and am now downloading the new rescue cd iso file, and I'll try it after I burn it to a CD.
28 posted on 08/14/2010 8:58:48 AM PDT by Yosemitest (It's simple, fight or die.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: roamer_1
1.5 gig is all this system can take.
I've got a couple of stick drives and a "My Passport" 320 gig USB drive (lots of room to hid a malware or virus.

A service tech in am area is at least 30 miles away,and it's not really doable. I really do live in the sticks.

29 posted on 08/14/2010 9:05:07 AM PDT by Yosemitest (It's simple, fight or die.)
[ Post Reply | Private Reply | To 25 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson