Running a full scan with “StopZilla” it shows a servere infection called Packed/RLPack. Scans with other protection software does not show this. Also StopZilla says that it is deleted however a repeat scan still detects this.
I called support at StopZilla and they wanted several hundred dollars to repair - i do not have a clue what to do - any ideas?
Thank you, Leo
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the URL in the addressbar and post it here so we can see
alternative
Jotti`s http://virusscan.jotti.org/en
VirSCAN http://virscan.org/
have you run a quick scan with malwarebytes for a second opinion ?
Yes - I have run scans with Malwarebytes and nothing is identified.
The File size is greater than 20 MB, it will not upload
Here is the path…
c:\swsetup\app\multimedia\cyberlink\hpmediasmartdvd4.0.1.3902\hpmsdvd\hp\tmp\src\data1.cab
how big ?
40+
here is the path (sorry dont know if this helps)
c:\swsetup\app\multimedia\cyberlink\hpmediasmartdvd4.0.1.3902\hpmsdvd\hp\tmp\src\data1.cab
OK, jotti can take 25mb
anyway this looks as something that belongs to HP… so i guess a False Poitive ?
here is also what Malwarebytes say about Stopzilla
I believe that this one has been classified as scraping the edge of rogue for a while but not quite crossing it . Certainly it is not a recommended antimalware application .I know that it turns up on a lot of crapware sites when I go looking for new rogues .
Hmmmm - OK Thank you. When I called StopZilla they were pretty quick to turn a service call into a sales call, which had me wondering.
I scaned the specific file with avast and it showed no threat.
Thanks again!
Leo
@ LeoMennitt
Is this the trial version or have you actually paid for this ?
Knew nothing about StopZilla, so I went a googling and found that the site doesn’t have a particularly good reputation http://www.mywot.com/en/scorecard/stopzilla.com. But the last report was early this year.
If anyone was asking for several hundred dollars for a repair, I would tell them to take a running jump and get rid of the software. Especially given that other software doesn’t detect anything.
I have my doubts about the detection given all that it is called Packed/RLPack, which is pretty damn vague. It looks like it is making a detection based only on a packing method and that is pretty poor as not everything with a particular method of packing (compression) would be malware. So I would have liked to have seen something more detailed.
Some of the ratings aren’t very good, check the negative ratings, http://download.cnet.com/Stopzilla/3000-8022_4-10104765.html.
STOPzilla.com, Rogue software or not, you decide.
http://issviews.com/blog/stopzilla-com-rogue-software-or-not-you-decide/
I am wondering why no1 have posted that stopzilla is related to the famous google redirect virus(tdss variant),when you are infected by this tdss variant you usually get redirects to stopzilla site etc.It seems that stopzilla pnwed itself on its own 
DragonMaster Jay - Malware Analyst - admin of Advanced Malware AnalystsNow this is an interesting person to back up that it is good...
There are a two sites run by him which to my mind are dubious at malware removal.
Could be the site for com155 ;D
I would never use Stopzilla as there is no way of verifying that it actually finds anything
Read about Packed.RLPack here: http://www.pctools.com/nl/mrc/infections/id/HeurEngine.Packed.RLPack/
Files detected as HeurEngine.Packed.RLPack are files found to have an encryption or compression code that was confirmed to be used by known malwares to bypass detection. Files being tagged by this are labeled as suspicious but not necessarily malicious. We recommend that the files detected by this should be sent to us for further analysis to have an appropriate solution.
Packed.RLPack needs to be removed from your system upon immediate detection. This means that the moment you suspect you have it running on your machine, you need to find it and remove it properly.
An cleansing example for such malware:
Files associated with Packed.RLPack infection, process to kill: siiswin.exe
Remove Packed.RLPack registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ c:\WINDOWS\siiswin.exe
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN c:WINDOWSsiiswin.exe
polonus
LOL ;D