TR/Crypt.xpack.gen

Scam · 19 Apr 2010 at 18:21

Hello all,

Two of our machines at work have been infected with this. Avira found them in:

C:\Program Files\Avid\Avid Media Composer

and I quarantined them. The file that was infected was DAE.dll. Problem is I guess that hasn't actually got rid of it, and it's also fubar'd our Avid software -- which now won't load. Slight problem!

I've just tried SDFix on one of the the systems but it didn't find anything, do I need to maybe un-quarantine the file first, so that it will find it?

Are there any other tools out there to get rid of this particular virus? :confused:

Thanks for any help or pointers!

bledd · 19 Apr 2010 at 18:26

You sure it's not a false positive?

Scan the file with a load of other scanners, it's probably just some compression algorithm that Avira doesn't like, it's not unusual for false positives to slip through the net whilst testing, especially for 3rd party software

Scam · 19 Apr 2010 at 21:08

Hmn.. is a false positive likely on a setup that hasn't changed for a while? Their both high-end editing machines and we rarely change anything on them (in an ideal world they wouldn't even be connected to the internet to be fair!). There hasn't been anything new installed on them for a good few months. :confused:

Broken Hope · 19 Apr 2010 at 21:37

Scam said:
Hmn.. is a false positive likely on a setup that hasn't changed for a while? Their both high-end editing machines and we rarely change anything on them (in an ideal world they wouldn't even be connected to the internet to be fair!). There hasn't been anything new installed on them for a good few months.

If the virus definitions are updated regularly then of course it's possible for a bug in the defs to flag a legit file as a virus. Your best bet would be to submit the file to Avira and see what they say.

bledd · 20 Apr 2010 at 09:20

^What he said

monkeyspank · 20 Apr 2010 at 09:27

Would a false positive stop his Avid software from loading?

bledd · 20 Apr 2010 at 09:29

I've never used or heard of Avid, but if a required dll has been quarantined, then of course it would stop it..

Scam · 20 Apr 2010 at 09:30

Right thanks for the input guys. I've sent the file off to Avira. Is there anywhere else I can submit it maybe?

I'm downloading all the usual tools, as well as a triasl of Nod32, maybe Kaspersky or something. Would these scans/AVs actually pick up the file if it's quarantined by Avira? :confused:

bledd · 20 Apr 2010 at 09:38

Upload the file here

http://virusscan.jotti.org/en-GB

It may well be a virus, but I'd want to check here first..

Disable the AV, and unquarantine it, then upload it

Scam · 20 Apr 2010 at 10:36

bledd. said:
Upload the file here

http://virusscan.jotti.org/en-GB

It may well be a virus, but I'd want to check here first..

Disable the AV, and unquarantine it, then upload it

Great link, thanks.

I'm starting to think this is a false positive too.

http://virusscan.jotti.org/en-GB/scanresult/36bc1ac207478cfce9c03d9fbaa6afb40393dfa3

bledd · 20 Apr 2010 at 12:44

Send Avira a link to this thread