MrD

Trojan.Win32.Pakes.x3

21 posts in this topic

Hi

Today I got my first trojan/virus in about 10 years!

Well I started my computer as usual and about 3 minutes later when KIS auto updated, a warning pops up:

 

Trojan.Win32.Pakes.x3 in c:\windows\regedit.exe 145 KB

 

So a press neutrulize, then delete...

 

A new warning says that "regedit.exe.new" wasn't found in C:\WINDOWS\system32\dllcache.

 

Then I start a scan of my C-drive...

 

One more is found in c:\i386\regedit.exe

 

How can I be sure that the trojan isn't active any more?

 

I've been running KIS 6 month...no warnings earlier, and my protections settings is set to "recommended". Critical areas are scanned every day with the highest setting.

I don't know where this trojan came from...

I was online surfing a couple of hours earlier, but no warnings from KIS at that time.

 

Share this post


Link to post
Share on other sites

hello

it's a false alarm, please wait, it will be fixed in the next updates.

Edited by Lucian Bara

Share this post


Link to post
Share on other sites

Same thing happened to me, but this time mine is real and infected so I told KIS 7 to delete it...

Still scanning, could someone e-mail me a regedit.exe to ~no email please~ for WinXP +SP2 english!

This is emergency!!!!

Edited by Lucian Bara

Share this post


Link to post
Share on other sites

you can restore it from the backup. click on the protection status and go to the backup tab and restore the file.. but SFC should normally automatically restore the deleted regedit.

Share this post


Link to post
Share on other sites

Ok, I also pressed delete on my files (in my first post). Do I need those files, and should I restore them? Never noticed that win xp sp2 has so many regedit-files..!?

Share this post


Link to post
Share on other sites
Ok, I also pressed delete on my files (in my first post). Do I need those files, and should I restore them? Never noticed that win xp sp2 has so many regedit-files..!?

385263[/snapback]

restore them, here's an animation on how to do it (with v7), with v6 click on the statistics link in the main window

 

user posted image

 

Share this post


Link to post
Share on other sites

False Alarm?!?!!??!?!!?

Are you sure???

I just got this same friggen trojan,same symptoms,it infected regedit and upon deletion it created a regedit.exe.new!!!

 

Upon googling this trojan I get this:

http://www.kaspersky.com/viruswatchlite?se...3&hour_offset=4

 

I was this close to formatting.

Plz plz tell me this is really a false alarm!!

And if so how the hell is kaspersky even thinking its a threat?I dont understand someone please explain!!

I mean if its a false alarm then why is it creating a regedit.exe.new?Isnt that typical behaviour of a virus?Or did kaspersky make that new regedit?

Edited by G4nj4

Share this post


Link to post
Share on other sites

It is a false alarm as stated. Every anti virus software has false detections from time to time (it happens), Kaspersky has a very low rate of false detections and it is being corrected as we speak. You can restore from backup as shown in the animation above.

 

A false detection happens when a new malicious software signature is added to detections, but this signature also mistakenly flags a non malicious file as infected because it has a similarity to an infected file (for example)

Edited by MAPKOBKA^^

Share this post


Link to post
Share on other sites

Ok Ok,so then why did regedit.exe.new get created?Did kaspersky do that?

And also I deleted everything from backup.

How can I get regedit up and running again?Cause its no longer there sad.gif

 

Can I just download it from google or something?

Share this post


Link to post
Share on other sites

A few days ago i removed my KAV6 and installed KAV7, just to play around (trial license for now).

 

Before uninstalling KAV6, i did a full system scan which found nothing.

 

Today KAV7 says that i've got a: Trojan.Win32.Pakes.x3

 

File with trojan is: c:\windows\regedit.exe

 

Could this be a false positive or is this a read trojan which KAV6 couldn't detect? If its a real trojan, then what does it do? What kind of damage has it done?

 

 

PS:

windows xp (sp2) also pops up a window that says:

"Windows File Protection, files that are required to run windows have been replaced by unrecognized ones... etc etc"

 

Share this post


Link to post
Share on other sites

Yo need to look what Lucian Bara sayed.

You can restore it from backup.

Share this post


Link to post
Share on other sites

The same problem, yesterday detect virus (and KIS delete file) "Packed.Win32.PolyCrypt.b" in the file "PrintServer130.exe" (WordPerfect X3) and now, after update the signatures, KIS no detect the virus. I restore them wacko.gif

 

Share this post


Link to post
Share on other sites

So if you restore, will the problem still be present?

Share this post


Link to post
Share on other sites
So if you restore, will the problem still be present?

385791[/snapback]

 

No, with the new signatures update the problem is solved, no detect the virus in the file. Thanks smile.gif

Share this post


Link to post
Share on other sites

I've read the post http://forum.kaspersky.com/index.php?showtopic=42082 that talks about this detection report - which seems to say this is a false detection and that the next KAV update would correct it. However I have run updates and still receive this report on a full scan.

 

The complete detected error says:

"detected: Trojan program Trojan.Win32.Pakes.x3 Running module: regedit.exe\regedit.exe"

 

I'm not sure how to proceed -- would appreciate any advice.

 

BTW because this is regedit, I have NOT tried to do anything to this file (like neutralize or remove)

 

Thanks -

Edited by gammax500

Share this post


Link to post
Share on other sites

hello

do another update, reboot

then right click on protection choose reports, and in the detected tab right click and select discard all. do a nother scan on the file.

 

if it still occurs post the database information posted under service (release date) & an update report

Edited by Lucian Bara

Share this post


Link to post
Share on other sites
I've read the post http://forum.kaspersky.com/index.php?showtopic=42082 that talks about this detection report - which seems to say this is a false detection and that the next KAV update would correct it.  However I have run updates and still receive this report on a full scan. 

 

The complete detected error says:

"detected: Trojan program Trojan.Win32.Pakes.x3  Running module: regedit.exe\regedit.exe"

 

I'm not sure how to proceed -- would appreciate any advice.

 

BTW because this is regedit, I have NOT tried to do anything to this file (like neutralize or remove)

386561[/snapback]

You're using WinXP SP2, correct? You should have several copies of regedit.exe on your HD. Back one up on a CD, Flash Drive, 5.25 Floppy [grin], whatever. Here are all of the copies of regedit in my C:\Windows directory.

 

http://img74.imageshack.us/img74/6378/kis57oh2.jpg

 

Since the current version of regedit for Windows was released with SP2, you can always burn a copy of the SP2 CD.

 

http://www.microsoft.com/windowsxp/sp2/default.mspx

 

When I was using dialup, I ordered one. Small postage/media charge, and I got it in the mail the next day.

 

Ed. Note.: BTW, this FP has been fixed, correct? I never got a hit myself with my AVS 6.0.2.621 install, with riskware category unchecked.

 

Ron smile.gif

 

Edited by Piston Ron

Share this post


Link to post
Share on other sites
hello

do another update, reboot

then right click on protection choose reports, and in the detected tab right click and select discard all. do a nother scan on the file.

 

if it still occurs post the database information posted under service (release date) & an update report

386563[/snapback]

 

Thank you! This did the job - no more alerts.

 

A

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now