I
itm2
Guest
The following trojans were detected when scanning the boot SSD on my Windows 10 machine:
TR/Crypt.XPACK.Gen, TR/Crypt.XPACK.Gen3, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen2, TR/ATRAPS.Gen2
There were 18 occurrences in all (see log below).
They were detected by an Avira boot CD, but were not flagged by either Panda AV or Malwarebytes in Windows.
When the machine first arrived I took an image of all of the partitions on the "clean" SSD using Macrium Reflect. The image was written to an external USB HDD, which is only connected temporarily for the purpose of backups. When I restored this image to the SSD and re-scanned using the Avira CD the trojans were detected again.
It could be that the Macrium image has been infected with the trojan when the external drive was temporarily connected to make a backup. Could it also be possible that one or more of these viruses is a firmware rootkit, and not removable by simply restoring a "clean" image of the SSD?
Any advice for how I can get rid of these trojans?
More...
TR/Crypt.XPACK.Gen, TR/Crypt.XPACK.Gen3, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen2, TR/ATRAPS.Gen2
There were 18 occurrences in all (see log below).
They were detected by an Avira boot CD, but were not flagged by either Panda AV or Malwarebytes in Windows.
When the machine first arrived I took an image of all of the partitions on the "clean" SSD using Macrium Reflect. The image was written to an external USB HDD, which is only connected temporarily for the purpose of backups. When I restored this image to the SSD and re-scanned using the Avira CD the trojans were detected again.
It could be that the Macrium image has been infected with the trojan when the external drive was temporarily connected to make a backup. Could it also be possible that one or more of these viruses is a firmware rootkit, and not removable by simply restoring a "clean" image of the SSD?
Any advice for how I can get rid of these trojans?
| Detection: | /target/C:/program files (x86)/common files/microsoft shared/ink/pipanel.exe |
| Virus name: | TR/Crypt.XPACK.Gen | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/syswow64/cmstp.exe |
| Virus name: | TR/Crypt.XPACK.Gen | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/syswow64/colorcpl.exe |
| Virus name: | TR/Crypt.XPACK.Gen | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/syswow64/ime/imejp/imjpuex.exe |
| Virus name: | TR/Crypt.XPACK.Gen3 | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/syswow64/ime/imetc/imtclnwz.exe |
| Virus name: | TR/Crypt.XPACK.Gen3 | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/syswow64/ime/shared/imccphr.exe |
| Virus name: | TR/Crypt.XPACK.Gen3 | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/syswow64/rasphone.exe |
| Virus name: | TR/Crypt.ZPACK.Gen | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/syswow64/wscadminui.exe |
| Virus name: | TR/Crypt.XPACK.Gen | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/amd64_microsoft-windows-e..-firsttimeinstaller_31bf3856ad364e35_10.0.18362.833_none_a91ce678f8bbddfc/microsoftedgestandaloneinstaller.exe |
| Virus name: | TR/Crypt.XPACK.Gen2 | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/amd64_multipoint-wmssvc_31bf3856ad364e35_10.0.18362.1_none_932164290f30bed0/wmssvc.exe |
| Virus name: | TR/ATRAPS.Gen2 | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/wow64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.18362.1_none_c9e3593323b3da97/imjpuex.exe |
| Virus name: | TR/Crypt.XPACK.Gen3 | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.18362.1_none_363617dab2913de6/imtclnwz.exe |
| Virus name: | TR/Crypt.XPACK.Gen3 | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/wow64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.18362.1_none_170ad1b852689779/colorcpl.exe |
| Virus name: | TR/Crypt.XPACK.Gen | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.18362.1_none_b2cc1f362bcb79d0/imccphr.exe |
| Virus name: | TR/Crypt.XPACK.Gen3 | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.18362.1_none_4bf8ea165a4a737b/rasphone.exe |
| Virus name: | TR/Crypt.ZPACK.Gen | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.18362.1_none_3bd259bf121ebdca/cmstp.exe |
| Virus name: | TR/Crypt.XPACK.Gen | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/wow64_microsoft-windows-securitycenter-core_31bf3856ad364e35_10.0.18362.449_none_7a710c20780fc5c4/wscadminui.exe |
| Virus name: | TR/Crypt.XPACK.Gen | file renamed |
| Virus Type: | trojan |
| Detection: | /target/C:/windows/winsxs/wow64_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_10.0.18362.1_none_1ea3e6193b2e7a0c/pipanel.exe |
| Virus name: | TR/Crypt.XPACK.Gen | alert ignored |
| Virus Type: | trojan |
More...