As this is a Heuristic detection it may be malicious , but it may also be a false positive.
Description:
This is Trend Micro's proactive detection for suspicious -- and possibly malicious -- executable files that are compressed using Win32 compression tools. This detection also encompasses many appending viruses found in the wild.
This heuristic detection is based on well-established characteristics inherent to packed malware. All Portable Executable (PE) files found on Windows 95, 98, ME, NT, 2000 and XP matching these established characteristics are immediately detected. This keeps the customer one step ahead against possible virus infections.
Send files detected as PAK_GENERIC.001 to the email address mailtrap@trendmicro.com so that appropriate analysis can be done on the sample and a clean solution created and applied, if necessary.
Are you actually having any problems with the Pc? Pop-up's, un-initiated re-directions to site you didn't want whilst browsing, suspicious/unwanted progam behaviour? If not, then chances are that its an FP (false positive). As the file resides in your temporary internet folder , i would say it's ok just to delete it. Open your browser (IE , i presume) and under
tools click
internet options, under the
general tab and under
browsing history click
delete. From there you can delete
temporary internet files.( sorry if i'm teaching you to what you already know there!). Should the file not delete, or start giving you any further problems, or if you have any other detections of the Pak_generic variety then i would do as instructed and submit it to trend micro, only then can it be dealt with it properly.
If you have access to another comp and a flash stick (or CD/ DVD R/W), download MBAM (from the aforementioned links) to that and rename it mjinga.exe or similar before transferring it to the infected comp. Then see if you can run the installer from there. It sounds like you've got a case of rogue AV software and maybe some adware thrown in for good measure. (Vundo?)
Basically two types of pop-ups, anti-virus programs ads and shopping sites (pricegrabber lookalikes). Looks lke the files detected as viral are in a couple of folders in the Temp. Int. Files section, so makes it kinda hard to pick at them.
It looks like I can't even access the links you posted on the infected comp., the site (and others i have tried) never finish loading.
It might be worth your while posting a HJT log to ensure your totally clean and let an expert see if they can pinpoint any vulnerabilities which might have led to you getting infected in the first place, such as having your XP (SP3) up to date and Java (remove old ones, the current is Java Runtime 6 update 7).
melboy
336 Posts
0
August 12th, 2008 15:00
Are you using a trend micro product?
As this is a Heuristic detection it may be malicious , but it may also be a false positive.
Description:
This is Trend Micro's proactive detection for suspicious -- and possibly malicious -- executable files that are compressed using Win32 compression tools. This detection also encompasses many appending viruses found in the wild.
This heuristic detection is based on well-established characteristics inherent to packed malware. All Portable Executable (PE) files found on Windows 95, 98, ME, NT, 2000 and XP matching these established characteristics are immediately detected. This keeps the customer one step ahead against possible virus infections.
Send files detected as PAK_GENERIC.001 to the email address mailtrap@trendmicro.com so that appropriate analysis can be done on the sample and a clean solution created and applied, if necessary.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=pak_generic.001
See the solution tab for info on submitting samples.
mjinga
25 Posts
0
August 12th, 2008 18:00
melboy
336 Posts
0
August 12th, 2008 19:00
What is your OS, XP, Vista?
What is the file/path that is being detected?
mjinga
25 Posts
0
August 13th, 2008 13:00
mjinga
25 Posts
0
August 13th, 2008 15:00
melboy
336 Posts
0
August 13th, 2008 15:00
melboy
336 Posts
0
August 13th, 2008 16:00
Did you delete that file? What kind of pop-up's are you getting? See this post here:
http://www.dellcommunity.com/supportforums/board/message?board.id=si_virus&thread.id=58687
If your still having problems try following the instructions in Bugbatters post here:
http://www.dellcommunity.com/supportforums/board/message?board.id=si_virus&message.id=69739#M69739
On the HJT board post your Hijack this log, along with the MBAM log and details of the problems your having.
melboy
336 Posts
0
August 13th, 2008 17:00
If you have access to another comp and a flash stick (or CD/ DVD R/W), download MBAM (from the aforementioned links) to that and rename it mjinga.exe or similar before transferring it to the infected comp. Then see if you can run the installer from there. It sounds like you've got a case of rogue AV software and maybe some adware thrown in for good measure. (Vundo?)
Such as this: http://siri-urz.blogspot.com/
mjinga
25 Posts
0
August 13th, 2008 17:00
Basically two types of pop-ups, anti-virus programs ads and shopping sites (pricegrabber lookalikes). Looks lke the files detected as viral are in a couple of folders in the Temp. Int. Files section, so makes it kinda hard to pick at them.
It looks like I can't even access the links you posted on the infected comp., the site (and others i have tried) never finish loading.
mjinga
25 Posts
0
August 13th, 2008 22:00
Looks like MBAM did the trick, comp. feels super quick after being so sluggish. Thanks for all the help.
Lavasoft was always my go to... not anymore.
melboy
336 Posts
0
August 14th, 2008 05:00
Glad to have been of help :smileyhappy:
It might be worth your while posting a HJT log to ensure your totally clean and let an expert see if they can pinpoint any vulnerabilities which might have led to you getting infected in the first place, such as having your XP (SP3) up to date and Java (remove old ones, the current is Java Runtime 6 update 7).