Packed.Generic.402

Posted: April 18, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	26

First Seen:	April 18, 2013
Last Seen:	January 10, 2022
OS(es) Affected:	Windows

Packed.Generic.402 is a heuristic label for PC threats that have been obfuscated to conceal them from detection by various anti-malware products. As a general PC threat, Packed.Generic.402 may display a wide range of traits but is most often associated with attacks by high-level PC threats like backdoor Trojans and spyware. One of the latest Packed.Generic.402 attacks shamelessly exploited the recent Boston Marathon bombing – sending links to drive-by-download sites that installed Packed.Generic.402 while pretending to offer harmless video news about the tragic event. Ultimately, no matter how safe they appear to be, sites that are promoted in unusual spam e-mail messages always should be considered suspicious, and any potential Packed.Generic.402 infection always should be met with the immediate deployment of your best anti-malware programs.

Why 'See No Evil' Doesn't Translate to Safety with Malware

Packed.Generic.402 can be employed in any number of different attacks against your PC, but usually is the result of a malicious file that's enclosed in an archive file (such as a ZIP package). The latest attack campaign to use Packed.Generic.402 is combination RedKit Exploit Kit and Trojan.GenericKDZ.14575 attack that begins with spam e-mail messages. With no more content than a misleading (and variable) subject line about the Boston bombing and an enclosed link, these e-mail messages try to redirect victims to a specially-designed malicious website.

The website even includes legitimate movies related to the aforementioned tragic event but also disguises a RedKit Exploit Kit's drive-by-download in the form of an unloaded movie. SpywareRemove.com malware experts note that the initial download is detected as Packed.Generic.402, whereas the actual payload may be identified by the name of Trojan.GenericKDZ.14575 – a multi-purpose Trojan with an emphasis on password theft.

However, Packed.Generic.402 also is associated with other types of PC threats. Other kinds of malware that SpywareRemove.com malware experts have seen Packed.Generic.402 install include rogue anti-virus programs from the Trojan FakeAV family, Police Ransomware Trojans from the Ransomlock family and variants of the Zbot (AKA Trojan Zeus) Trojan. Many of Packed.Generic.402's payloads are high-level PC threats that include advanced functions for disabling other programs and security features.

The Specific Response to Take Against a Generic Threat

Recent Packed.Generic.402 infections through the manner described earlier in this article should be considered hazardous on a level with any other type of advanced spyware infection, even though they may not exhibit any particular symptoms while attacking your PC. Despite this, SpywareRemove.com malware experts stress that Packed.Generic.402 also can be used for other attacks or be installed through other methods. Online browser security, updating your programs habitually, avoiding suspicious links and having anti-malware protection all are part of avoiding a Packed.Generic.402 infection.

Many competent anti-malware programs should be able to detect Packed.Generic.402 as malicious before its contents are installed on your computer. However, since Packed.Generic.402 is specifically designed to be difficult to detect, other anti-malware products may have difficulty in identifying Packed.Generic.402. To minimize this problem and give your security software the best chance of deleting Packed.Generic.402 and its payload, SpywareRemove.com malware experts recommend that you always keep your anti-malware programs updated for recent variants of all PC threats (by updating the software's threat database).

Aliases

Virus.Agent [Ikarus]Heuristic.LooksLike.Win32.Suspicious.E [McAfee-GW-Edition]TR/Waledac.EB.2 [AntiVir]BackDoor.SlymENT.1498 [DrWeb]HEUR:Trojan.Win32.Generic [Kaspersky]Generic_s.BBL [AVG]W32/Kryptik.X!tr [Fortinet]Trojan/Win32.Tepfer [AhnLab-V3]Heuristic.LooksLike.Win32.Suspicious.B [McAfee-GW-Edition]Trojan.Fakealert.37412 [DrWeb]Trojan.Win32.FakeAV.qxph [Kaspersky]Win32:FakeAV-ENP [Trj] [Avast]Packed.Generic.402 [Symantec]Generic-FAGQ!38A5233318B2 [McAfee]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ALLUSERSPROFILE%\Datos de programa\B02E87CE3C0D42810000B02DD7A74966\B02E87CE3C0D42810000B02DD7A74966.exe

File name: B02E87CE3C0D42810000B02DD7A74966.exe
Size: 421.37 KB (421376 bytes)
MD5: 38a5233318b2fb611b6fd1095e58b75a
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Datos de programa\B02E87CE3C0D42810000B02DD7A74966
Group: Malware file
Last Updated: April 29, 2013

%WINDIR%\Temp\temp13.exe

File name: temp13.exe
Size: 815.61 KB (815616 bytes)
MD5: 9761e53715897183f7e5d3ecb009630d
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\Temp
Group: Malware file
Last Updated: April 29, 2013

boston.avi_______.exe

File name: boston.avi_______.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file