Avast! missed Trojan.Crypt.ZPACK.Gen

[MajesticOne]

A nasty trojan got through Avast! called Trojan.Crypt.ZPACK.Gen.

Difficult to remove and masquerades as firefox.exe in running processes and resumes itself if the process is stopped within 5 seconds.

Spy Hunter 4 was able to detect the infected file, but was unable to remove it.

[polonus]

Hi MajesticOne,

To remove Crypt.ZPACK.Gen, you must first stop any Crypt.ZPACK.Gen processes that are running in your computer's memory. To stop all Crypt.ZPACK.Gen processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the "Processes" tab, search for Crypt.ZPACK.Gen, then right-click it and select "End Process" key.

To delete Crypt.ZPACK.Gen registry keys, open the Windows Registry Editor by clicking on the Windows "Start" button and selecting "Run." Type "regedit" into the box and click "OK." Once the Registry Editor is open, search for the registry key "HKEY_LOCAL_MACHINE\Software\Crypt.ZPACK.Gen." Right-click this registry key and select "Delete."

Finally, to completely get rid of Crypt.ZPACK.Gen, you must manually remove other Crypt.ZPACK.Gen files. These Crypt.ZPACK.Gen files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, Crypt.ZPACK.Gen might create a file like
%PROGRAM_FILES%\Crypt.ZPACK.Gen\Crypt.ZPACK.Gen.exe. Locate and remove these files,

polonus

[MajesticOne]

Hi MajesticOne,

To remove Crypt.ZPACK.Gen, you must first stop any Crypt.ZPACK.Gen processes that are running in your computer's memory. To stop all Crypt.ZPACK.Gen processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the "Processes" tab, search for Crypt.ZPACK.Gen, then right-click it and select "End Process" key.

This one was not that easy. It self-replicated every time its process was stopped (in this case it was firefox.exe) and its process would just return. It is a nasty one!