Author Topic: packerd.bundle (Read 7807 times)

Leah · « **on:** November 09, 2005, 08:35:10 PM »

After three days, I'm at the end of my rope! Bazooka scanner indicates that I have the PackerD.Bundle on my computer; I'm getting popups CONSTANTLY while surfing and my resources are being hogged.

I've tried to do the manual removal steps (removing registry keys, related files, etc..) but I don't HAVE any of them. I've searched my registry and my harddrive both in normal boot and safemode boot and nothing ever shows. I've run Avast, Adaware, Ewido, and SpySweeper and none of them are picking it up - they remove dozens of other things, but in the end I'm still showing this PackerD thing on my Bazooka scan.

Help?

DavidR · « **Reply #1 on:** November 09, 2005, 09:11:00 PM »

Well for starters there is nothing on google on PackerD.Bundle.

What is Bazooka saying it is?
where is it located and what is the file name that is supposedly infected?

If you can find the location of infected file you could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.

However, it may well be something very minor and only picked up by bazooka or even an FP of bazooka.

Leah · « **Reply #2 on:** November 09, 2005, 09:53:14 PM »

This is what Bazooka gives me:
http://www.kephyr.com/spywarescanner/library/pacerd.bundle/index.phtml?source=app

polonus · « **Reply #3 on:** November 09, 2005, 10:32:18 PM »

Hi Leah,

This is spyware, and it looks like this:
http://www.benedelman.org/spyware/installations/pacerd/details.html
If you haven't this, you're not infected.
Here a desinfection of a similar program:
http://www.webhelper4u.com/nontransponders/wallpapers4u_4022005.html
These spyware bundle installations change with time. Post a hijackthis log some of the bundle has to be uninstalled manually.

greets,

polonus

DavidR · « **Reply #4 on:** November 09, 2005, 11:10:57 PM »

Quote from: Leah on November 09, 2005, 09:53:14 PM

This is what Bazooka gives me:
http://www.kephyr.com/spywarescanner/library/pacerd.bundle/index.phtml?source=app

Thanks, but where is it located on your drive, is it just one file or multiple files.

For stuff like this to get established it needs certain admin privileges, give yourself a fighting chance and deny these rights.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator.

Leah · « **Reply #5 on:** November 09, 2005, 11:28:58 PM »

I don't know, that's just it. Bazooka tells me it's there, but not exactly where. Nothing else I've tried to run picks it up. I'm sorry if I sound stupid; I've been lucky enough to never really have any major viruses/problems with my computer.

DavidR · « **Reply #6 on:** November 09, 2005, 11:34:58 PM »

I used to run bazooka but didn't really like it's interface so it's gone. It never found anything on my system, so I can't recollect what information it gives or if there is a log file that you could check to see if the file name and location are recorded.

Anyway based on the above links it attempts to put files in the system folders and create registry entries, so DropMyRights is just the tool to stop this in its tracks and stop it getting established.

Lisandro · « **Reply #7 on:** November 10, 2005, 01:50:47 AM »

Quote from: DavidR on November 09, 2005, 11:34:58 PM

I used to run bazooka but didn't really like it's interface so it's gone. It never found anything on my system

Me too... I always asked myself about what Bazooka really does...

galooma · « **Reply #8 on:** November 10, 2005, 02:58:29 AM »

@ Leah

this might sound stupid but..
Is it worth suggesting that maybe there`s an uninstaller for this program in add/remove?

Spiritsongs · « **Reply #9 on:** November 10, 2005, 06:29:06 AM »

Leah :

Since you have Ad-Aware, you might consider asking the
experts for help on the forums at www.landzdown.com ;
this forum is staffed by the volunteer experts who used
to provide assistance on the now-defunct Lavasoft
Ad-Aware Support forums; this forum also has experts
skilled in the use of the HijackThis program .

polonus · « **Reply #10 on:** November 10, 2005, 08:07:28 PM »

Hi Leah,

Here you can read all about this false google toolbar on SpywareGuide.com:
http://www.spywareguide.com/articles/the_rogue_google_toolbar_histo_88.html

I for one particulatly do not like toolbars, the preference bar in Firefox not counted, because there are an enormous amount of rogue toolbars, and a lot of toolbar and BHO's, browser helper objects do spy on the end-users or at least track them all of the time.

greets,

polonus

hsk23 · « **Reply #11 on:** November 17, 2005, 05:55:40 AM »

Hi Leah,

I have the same thing coming up on my Bazooka too and like you I have none of the suggested registry or files. But it is in my system causing random messages to pop up about my system. I have no idea how I got it since I try to be safe as possible by running all sorts of Anti stuff. Just letting you know that you're not the only one and if anyone can help please do. Thanks

babyoh · « **Reply #12 on:** November 21, 2005, 07:31:11 AM »

i just got hit with it too...

Pacerd.bundle shows up in my bazooka scan.

(this showed on saturday nov 19th at 11:50 PM Pacific time -- i think we're unlucky to be the 1st bunch to get it... seeing as all these posts are recent.)

***
nothing works to get rid of it, by the way. norton / spybot / adaware don't SEE it...
BAZOOKA DOES... but i've followed these instructions SIX times -- i don't have the "infected" files to remove!

this is what bazooka / kephyr posted on it... but they haven't helped me at all...

http://www.kephyr.com/spywarescanner/library/pacerd.bundle/index.phtml?source=alerts

babyoh · « **Reply #13 on:** November 21, 2005, 07:40:41 AM »

FYI --

i got infected trolling online last night; i got over 30 things that showed up in adaware, spybot, norton & bazooka.

very strange, since my firewall / anti-virus usually help protect me fairly well. (from now on, i'm a FIREFOX user

-- was using in. explorer :'( )

anyway -- i was able to get rid of all the other stuff EXCEPT for packerd.bundle.

i noticed the kephyr guys are asking for people to send them infected files; they must not completely have a handle on packerd.bundle either...

babyoh · « **Reply #14 on:** December 01, 2005, 04:05:54 PM »

packerd.bundle is a tenacious sob.

if you ever have this problem again in BAZOOKA, generate a log - that pointed me precisely where i needed to go to delete the malware.

i either missed the packerd.bundle afflicted file, or it re-generated; i had maybe 35 - 45 infections at one time, so it was a little overwhelming.

a few definitely came back, but now my computer seems to be completely "clean" again.

bazooka's a cool program -- NOTHING else caught this thing

Author Topic: packerd.bundle (Read 7807 times)

Leah

packerd.bundle

DavidR

Re: packerd.bundle

Leah

Re: packerd.bundle

polonus

Re: packerd.bundle

DavidR

Re: packerd.bundle

Leah

Re: packerd.bundle

DavidR

Re: packerd.bundle

Lisandro

Re: packerd.bundle

galooma

Re: packerd.bundle

Spiritsongs

Re: packerd.bundle

polonus

Re: packerd.bundle

hsk23

Re: packerd.bundle

babyoh

Re: packerd.bundle

babyoh

packerd.bundle PS

babyoh

packerd.bundle resolved