Help to fix Trojan.Malpack.Gen

firefox666 · Apr 18, 2020

My MalwareByte name that trojan like this: Trojan.Malpack.Gen and remove all of Files infected (*.exe and *.icon)
Its clone my file (for Ex: Main.exe to gMain.exe(orginal file, and hidden attribution) - Main.icon and infect file Main.exe (Most of them equal 522kb))

So, how can i rename not in manual all of g*.exe (Ex: gMain.exe -> Main.exe as original)

nasdaq · Apr 19, 2020

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your System Restore is disabled.
This fix will enable it and clean some remnant items from the registry.
===

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

I cannot find any reference in your logs about mail.exe and gmail.exe
Since you mentioned that Malwarebytes has changed the name I strongly suggest you contact Malwarebytes Support group and explain what happened

Here:

Malwarebytes for Windows Support Forum

Have questions or problems with Malwarebytes for Windows? Post them here to get advice from tech experts and fellow users. Learn how to optimize Malwarebytes for Windows for your needs and ensure it’s doing everything it can to protect you from online threats like spyware, ransomware, and...

forums.malwarebytes.com

I think it's important that they find out what has happened.

firefox666 · Apr 19, 2020

At first, thanks for your help. i have run your fixtlist.txt and here is my log.

firefox666 · Apr 19, 2020

And sorry to confuse you a little bit. it is Trojan rename, remove the infect file in stead of MalwareByte.

nasdaq · Apr 20, 2020

Hi,

Is the problem solved?
If not what issues are you having with this computer.

firefox666 · Apr 21, 2020

My problem still there. Trojan.Malpack.Gen and remove all of Files infected (*.exe and *.icon) MalwareByte removed *.exe and *.ico being enfected. I have do my seft by hand rename g*.exe(hiddent, original file) to unhiddent and remove prefix "g" to *.exe(the original name).

my problem exist, how to remane all of that file in automatic and safely

Thanks

nasdaq · Apr 21, 2020

Hi,

You can used the DOS command RENAME

Read about it.

DOS Command: RENAME

===

First unhide all the files.

Follow the directives on this page.
Unhide files/folders Windows.
How To:

http://windows.microsoft.com/en-ca/windows/show-hidden-files#show-hidden-files=windows-7

<<<>>>

There may be many files in different folders.

If you are not at ease with doing it manually I can give you a fix.

With this Farbar command you will be able to get all the files and the path.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
gmain.*
Once done, click on the Search File search button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
===

If you try to do it manually located the CMD.EXE
Run the file as an Administrator.

You must include the path of the file.

If you have a gmain.exe in the c:\

type this command.
RENAME c:\gmain.exe main.exe
The file will be renamed main.exe

To exit the DOS prompt type EXIT hit the ENTER KEY.

Post the log. If you need additional help please ask before proceeding.

firefox666 · Apr 22, 2020

I don't use Farbar program because it just scan in root drive c:/ instead of D, E .... (extend drive in my computer). i use MalwareByte to scan and remove trojan, Microsoft Explorer to scan and remove file with extention given (g*main type:icon) and last method i have use to rename, unhidden, fix name in comflexible is Bulk Rename Ultility.

My problem solved in 90%.

Thanks.

nasdaq · Apr 23, 2020

Hi,

Farbar does scan the programs files running in all drives.
Not the personal files.

What problems remains?

firefox666 · Apr 23, 2020

Problem remain is MalwareByte remove trojan with subfix is gmain.ico and main.exe but the original file still hidden and named gmain.exe. i must to rename all of that file to main.exe after malwarebyte complete scan and remove completly trojan on C, D,E... drive.

The things is my drive 1TB + SSD 128Gb datas to search and rename all of that by hand @@.

nasdaq · Apr 23, 2020

Hi,

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
C:\gmain.*
D:\gmain.*
E:\gmain.*
Once done, click on the Search File search button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
===

If the D: and E: drivers are external drivers make sure they are mounted.

The log will give me all the instances of the file.
I will see what I can do to rename them to main.*

The * means that the files extension will be reported.

firefox666 · Apr 24, 2020

thanks, i wrote python script to solve my problem at last.

nasdaq · Apr 24, 2020

Good work.

Stay safe.

Search

Help to fix Trojan.Malpack.Gen

firefox666

New Member

Attachments

nasdaq

Super Moderator

Malwarebytes for Windows Support Forum

Attachments

firefox666

New Member

Attachments

firefox666

New Member

nasdaq

Super Moderator

firefox666

New Member

nasdaq

Super Moderator

firefox666

New Member

nasdaq

Super Moderator

firefox666

New Member

nasdaq

Super Moderator

firefox666

New Member

nasdaq

Super Moderator

Similar threads