Not what you were looking for? Ask our experts!
Reply
Bot Obliterator
Quads
Posts: 16,539
Registered: ‎07-21-2008

Re: Unable to remove Packed.Generic.238

You can tick 

 

"O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\HP_ADM~1.MET\LOCALS~1\Temp\mdm.exe" ?

 

as I looked it up, it's a Trojan Downloader

 

Quads 

Regular Contributor
Jormungandr
Posts: 85
Registered: ‎06-23-2009

Re: Unable to remove Packed.Generic.238

OK, I ran HijackThis and checked/ticked the items you listed. A new folder, "backups," has appeared on the desktop. 

 

 "Folder Options" is back in both Safe and Normal modes with "Show Hidden Files and Folders" and "Hide Protected Operating System Files (Recommended)" listed on it.

 

When I said, "Security Configuration Utility," I meant "System Configuration Utility." The warning and the utility continue to appear  after running HijackThis. I hope I didn't screw up.  I've been saying "System Security 2009" too much.

 

Prior to and after running HiJackThis, I got a new error message for Internet Explorer 8, 

"Data Execution Prevention- Microsoft Windows

To help protect your computer, Windows has closed this program"

 

Bot Obliterator
Quads
Posts: 16,539
Registered: ‎07-21-2008

Re: Unable to remove Packed.Generic.238

[ Edited ]

Do you have Regedit to??

 

Now in Folder Options check /tick   Show hidden files and folders, and  Show system protected files and click apply etc.

 

 

Now can yo go to this folder

 

C:\Documents and Settings\username\Local Settings\Temp 

 

Inside this folder you will find a folder or file named "19432504" or "19432504.exe" Don't click to run  DELETE the folder and/ or file

 

With the "System Configuration Utility" on startup or restart,  when it appears do you see a little box you can tick saying "don't notify me again sort of thing??

 

 

Quads 

Message Edited by Quads on 07-18-2009 08:35 AM
Regular Contributor
Jormungandr
Posts: 85
Registered: ‎06-23-2009

Re: Unable to remove Packed.Generic.238

"Do you have Regedit to??"

 

Access is still denied

 

 

 

"Now can yo go to this folder

 

C:\Documents and Settings\username\Local Settings\Temp 

 

Inside this folder you will find a folder or file named "19432504" or "19432504.exe" Don't click to run  DELETE the folder and/ or file"

 

I didn't find the it in there. Instead, I found it in:

 

C:\Documents and Settings\All Users\Application Data with  "19432504" folder, which has in it a "19432504" 1 kb file and a "19432504" 699 kb application file. Do I still delete it despite the different location?

 

 

"With the "System Configuration Utility" on startup or restart,  when it appears do you see a little box you can tick saying "don't notify me again sort of thing??"

 

Yes, but I was wary of checking it as I didn't know what it would do? Could have been another fake program, etc. Do I check/tick the box?

Regular Contributor
Jormungandr
Posts: 85
Registered: ‎06-23-2009

Re: Unable to remove Packed.Generic.238

Also, I found the files using Search, I hope that doesn't do any harm.
delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: Unable to remove Packed.Generic.238

Jormungander:

 

Delete the two files and check the box.  Checking the box will just stop it from notifying you.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Regular Contributor
Jormungandr
Posts: 85
Registered: ‎06-23-2009

Re: Unable to remove Packed.Generic.238

Ok, I deleted the folders and files and emptied the Recycle Bin. What's next?
Bot Obliterator
Quads
Posts: 16,539
Registered: ‎07-21-2008

Re: Unable to remove Packed.Generic.238

Now your problem with IE8

 

Start IE 8 without add-ons

Open Tools > Internet Options > Advanced

Pull slide down to bottom...

... you will find:

"Enable memory protection to help mitigate online attacks."

Remove check mark (now disabled)

Close IE 8; start IE 8 the usual way.

 

 

Then can you Download Malwarebytes http://www.filehippo.com/download_malwarebytes_anti_malware/   Install and Run a Full Scan??   may not be able to update yet, so Full scan first, will create a log after. Probably won't be able to get the rootkit but others around it. It will more than likely detect it though. 

 

Quads 

Regular Contributor
Jormungandr
Posts: 85
Registered: ‎06-23-2009

Re: Unable to remove Packed.Generic.238

"Enable memory protection to help mitigate online attacks" was already checked in IE8. I attempted to start normal IE8. The first two attempts asked if I was to go to my last session or my homepage before closing. My third attempt loaded my homepage (yahoo.com) before IE displayed a message, "Internet Explorer has closed this webpage to help protect your computer," and the "Date Execution Prevention" message appeared. However,  IE8  now works in safe mode.

 

I updated MalwareByte's Malware, which I already had, from version 2427 to 2461. I ran a scan, which took over 90 mins and made a log, which is attached. I took no action as I don't know what will happen and only want to do what you tell me lest I make things worse.  If you want me to delete the quarantine items, please tell me and I'll scan again and do it.

 

During the scan, N60 supposedly crashed as I got a "End Now" message, but it continued to remain the tray. Also during the scan, the IE8 "Data Execution Prevention" message appeared about every 10 mins. 

 

Also,  I noticed during the scan that "contents.IE5" apparently still had contents, which is why the scan was long, despite using Ccleaner ( I noticed that word ScrewAttack, which is a site I visit daily go by).  I haven't used IE8 since this started, only FireFox, which updated itself in Safe Mode. Windows XP did a update as well. 

 

 

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: Unable to remove Packed.Generic.238

Jormungandr:


"Enable memory protection to help mitigate online attacks."

Remove check mark (now disabled)

 


You were supposed to un-check it rather than leave it checked.

 

 

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain