F-Secure Malware Information Pages: Packed

Main Index

Security Guide

F-Secure World Map

Security Alerts

Virus Statistics

Malware Removal Tools

Malware Code Glossary

Submit Malware Sample

Select local site

Main Index » Security Centre » Descriptions

F-Secure Malware Information Pages: Packed

[Summary] \| [Disinfection] \| [Detailed Description]
Name :	Packed
Alias:	Packed.Win32.Tibs, Packed.Win32.Exeref, Packed.Win32.CryptExe, Packed.Win32, Packed.Win32.PolyCrypt, Packed.Win32.Klone
Type:	Trojan
Category:	Malware
Platform:	W32

Radar

Summary

Packed.Win32 is the designation for the generic detection of malicious software (trojans, backdoors, worms, adware) that is packed with certain sophisticated file compressors.

Back to the Top

Disinfection

Manual Disinfection

F-Secure Anti-Virus may not be able to remove files, identified with the prefix Packed.Win32. automatically. So a user's action may be required to select proper disinfection action.

If a file, detected with the Packed.Win32. prefix is an executable with SCR, PIF, CMD, DLL or EXE extension, located in Windows, Windows System or in a root folder of C: drive, this file can be safely deleted or renamed. Here are the instructions on how to remove infected files that F-Secure Anti-Virus does not clean automatically:

http://support.f-secure.com/enu/home/virusproblem/howtoclean/howtodeleteinfectedfile.shtml

Generic malware disinfection instructions can be found here:

http://support.f-secure.com/enu/home/virusproblem/howtoclean/

Back to the Top

Detailed Description

We have introduced generic detection of malicious software (trojans, backdoors, worms, adware) that is packed with certain sophisticated file compressors. These file compressors are designed to protect packed files from being debugged, emulated or unpacked. The unpacker's code is in many cases polymorphic, so exact detection of such protected files is problematic, and that is why generic detection has been introduced.

F-Secure Anti-Virus detects malicious files that are packed with versions of file compressors that were purchased using stolen credit cards or hijacked webwallet accounts. Those file compressor versions are widely used by virus writers and illegal adware distributors to protect files that they create and distribute.

If you find a legitimate file that is detected as Packed.Win32.PolyCrypt, Packed.Win32.Tibs, Packed.Win32.Klone, Packed.Win32.CryptExe or Packed.Win32.Exeref by F-Secure Anti-Virus please send it to us for review.

Back to the Top

F-Secure Corporation

Last Modified: October 04, 2006