Packer.Malware.VPacker.B

argi
argi
in Malware talk

Hi!


During a deep scan bit defender found Packer.Malware.VPacker.B and gone to quarantine.


after this event when i scan pc with avg antispyware or Ad-aware 2007, during the scan process it comes up a message from bit defender saying that Packer.Malware.VPacker.B was found, but hasn't inflected my pc because it stopped it.


what's the explanation of this?


thank you

Comments

  • Niels
    Niels

    Hello argi


    Blocked means that BitDefender denies the access to that particular infected file. Can you please post the location where the file was found? You can find it when you open BitDefender go to general,events and double click on the event infected files found and please post the location of the file.


    Regards


    Niels

  • argi
    argi
    Hello argi


    Blocked means that BitDefender denies the access to that particular infected file. Can you please post the location where the file was found? You can find it when you open BitDefender go to general,events and double click on the event infected files found and please post the location of the file.


    Regards


    Niels


    This is the location:


    File c:\system volume information\_restore{a60c317b-1bcd-43ba-adac-7411fce12902}\rp211\a0096945.exe


    infected with Packer.Malware.VPacker.B


    but why this happens during a scan by another antispyware?

  • AndreiASM
    AndreiASM

    Hi!


    Please deactivate System Restore on all drives by going to System Properties -> System Restore ->Turn off System Restore on all drives. The worm is located in the system volume information, which keeps track of restore points. ;) You could also temporarly deactivate BD real-time protection before you do that.


    Andrei

  • argi
    argi
    Hi!


    Please deactivate System Restore on all drives by going to System Properties -> System Restore ->Turn off System Restore on all drives. The worm is located in the system volume information, which keeps track of restore points. ;) You could also temporarly deactivate BD real-time protection before you do that.


    Andrei


    ok, first i deactivate system restore and then i scan again?

  • Niels
    Niels

    Hello argi


    That is because BitDefender scans also files and folders in the background. You can see that in realtime when you open BitDefender go to antivirus,shield there you will see the graph and you can view the statistics also.


    In your case the malware is located in a system restore point. To remove that try this go to start,my computer,rightclick on my computer,choose properties,system restore,check the option disable system restore on all stations confirm by pressing on apply and ok. After you done that uncheck it again and press on apply and ok.You will loose all system restore points.


    Regards


    Niels

  • argi
    argi
    Hello argi


    That is because BitDefender scans also files and folders in the background. You can see that in realtime when you open BitDefender go to antivirus,shield there you will see the graph and you can view the statistics also.


    In your case the malware is located in a system restore point. To remove that try this go to start,my computer,rightclick on my computer,choose properties,system restore,check the option disable system restore on all stations confirm by pressing on apply and ok. After you done that uncheck it again and press on apply and ok.You will loose all system restore points.


    Regards


    Niels


    Ok, thanks :)

  • Niels
    Niels

    Hello argi


    I suggest that you perform a deep scan to be sure. But normally it must be gone. If you still get the pop-up than you have to temporary disable the realtime protection of BitDefender just as Andrei said.


    Glad that I could help you.


    Regards


    Niels

  • AndreiASM
    AndreiASM

    Also glad that we could help you. :)


    Andrei

  • argi
    argi
    Also glad that we could help you. :)


    Andrei


    I scanned again and nothing was found.


    Thank you for your help!

  • vlad
    vlad

    Please note that Packer.* are detections for packers, not for malware. It simply means that the file couldn't be scanned properly because it is protected by a packer/protector which is infeasible to unpack in a virtual environment (such as B-HAVE). Packer.Malware.* are packers which have so far been only used with malware, but packers nevertheless.


    Samples detected as Packer.* could therefore still be clean (although it is unlikely), but should not be trusted until verified, so please submit such samples here.

  • Niels
    Niels

    Hello Vlad


    Thank you very much for your clarification.


    Regards


    Niels

  • Cd-MaN
    Cd-MaN

    Just to stress the point my colleague made: samples detected as Packer.* could therefore still be clean (although it is very, very, very unlikely).

  • lazers
    lazers
    Just to stress the point my colleague made: samples detected as Packer.* could therefore still be clean (although it is very, very, very unlikely).


    I have a file which is shown as infected with packer.pespin.a by BitDefender and as trojan.packed.pespin by spyware doctor v5. Is there any sure way of finding that is it a virus or not.


    Regards.

  • AndreiASM
    AndreiASM

    Yes, please place the suspicious file in an archive, protected with the password infected, and attach it to a new post. We`ll take a look at it.


    Regards!

All Time Leaders

Categories

Defenders of the month - March