Author Topic: avast showing WIN 32: MALWARE GEN infection,not able to delete it  (Read 35095 times)

0 Members and 1 Guest are viewing this topic.

qrius2noall

  • Guest
I have been using Avast Free for the last four years(with mixed kind of emotions)and recently switched to AVAST 5 FREE.While downloading and installing some app Avast went crazy and gave alarms about WIN 32:malware gen(quite sad because while downloading and prior to install that app ,I had repeatedly scanned it with Avast but nothing was flagged as malware at that time.The trouble started after installation of that downloaded app )As Avast Was unable to delete the infection(file being offline or read only,as informed by Avast)I did reinstall of C drive but the trouble prevails.Dependable utilities (i have been using for years like CCLEANER uTORRENT,Malwre bytes etc) are being flagged troublesome and it is just annoying to say the least.Repeated uninstall and reinstall of AVAST 5 have not resolved the issue and as a last resort,I wanted to scan the PC in safe mode but sadly again,AVAST CANNOT SCAN IN SAFE MODE:ERROR MESSAGE BEING-UNABLE TO START SCAN THERE ARE NO MORE END POINTS AVAILABLE FROM THE END POINT MAPPER

while right click scanning of c drive ,Avast shows signs of WIN32:malware genbut not able to delete these or move to chest.Same is the case with boottime scan also

So You Can imagine ,I am feeling helpless and irritated-doubting whether these are false alarms(PC is working Reasonably Ok,no issues of slow or crashes)because at start of any app,AVAST starts flagging these as malware but unable to do anything about these infection-MILLION DOLLAR QUESTION-WHAT IS THE POINT IN KEEPON USING AVAST IF IT CANNOT PROTECT FROM MALWARE OR DELETE IT IF DETECTED

Any suggestions as to how to resolve this issue are most welcome and appreciated

q2na

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #1 on: March 04, 2010, 07:08:09 PM »
No security program have 100% detection or removal, that is why you should have moore than one (only one antivirus )


Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run cuick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #2 on: March 04, 2010, 07:26:01 PM »
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

Why can't avast delete it, e.g. what error is given ?
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

- If you have Win2k, XP, vista or Win7 (all 32bit), you could enable a boot time scan. From the avast UI, Scan Computer, Boot-time Scan, Schedule Now button and reboot.
 
Look in the C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt file, check this file using notepad for info on the scan/detections, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

qrius2noall

  • Guest
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #3 on: March 04, 2010, 07:32:30 PM »
Thks For your quick reply

I had Done Complete and full scan with MALWARE BYTE(Avast Flagged It too) Prior to  posting this problem in this forum.Whatever Was pointed out by MALWARE BYTES scan results ,I got it deleted with malware bytes and restarted PC ,But sadly the problem still persists,that is one reason for feeling helpless and frustrated.

I have portable version of SUPER ANTISPYWARE and can do the scan with that also


Any suggestions are still most welcome(can these be false alarms)

q2na

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #4 on: March 04, 2010, 07:37:43 PM »
Could you post the MBAM log please and then

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS  to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
    • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav


    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Please attach the log in your next post.


    qrius2noall

    • Guest
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #5 on: March 04, 2010, 07:48:37 PM »
    THKS for your reply

    THE SCAN REPORTS (AVAST 5 FREE)

    03/04/2010 07:44
    Scan of C:

    Scan of C:\*

    File C:\WINDOWS\system32\ole32.dll is infected by Win32:Malware-gen, Delete: Error 0xC0000121 {An attempt has been made to remove a file or directory that cannot be deleted.}, Delete: Error 0xC0000121 {An attempt has been made to remove a file or directory that cannot be deleted.}, Delete: Error 0xC0000121 {An attempt has been made to remove a file or directory that cannot be deleted.}, Delete: Error 0xC0000121 {An attempt has been made to remove a file or directory that cannot be deleted.}, Delete: Error 0xC0000121 {An attempt has been made to remove a file or directory that cannot be deleted.}, Move to chest: Error 0xC0000121 {An attempt has been made to remove a file or directory that cannot be deleted.}, Move to chest: Error 0xC0000121 {An attempt has been made to remove a file or directory that cannot be deleted.}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}
    Number of searched folders: 939
    Number of tested files: 54344
    Number of infected files: 1


    Another scan done with avast 5 free

    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 7:33:58 AM
    *

    3/4/2010 7:34:12 AM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/4/2010 7:43:15 AM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 7:57:10 AM
    *

    3/4/2010 7:57:32 AM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    3/4/2010 7:57:32 AM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/4/2010 8:00:29 AM   C:\Documents and Settings\Daksh\Local Settings\Temporary Internet Files\Content.IE5\U7RGV9WY\f[1].exe [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
    During the file delete, error occurred: The process cannot access the file because it is being used by another process
    3/4/2010 8:00:30 AM   C:\DOCUME~1\Daksh\LOCALS~1\Temp\yyyyy [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    3/4/2010 8:18:12 AM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/4/2010 8:21:06 AM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/4/2010 3:13:49 PM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/4/2010 5:48:07 PM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/4/2010 5:49:22 PM   C:\Documents and Settings\Daksh\Local Settings\Temporary Internet Files\Content.IE5\U7RGV9WY\f[1].exe [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
    During the file delete, error occurred: The process cannot access the file because it is being used by another process
    3/4/2010 5:49:24 PM   C:\DOCUME~1\Daksh\LOCALS~1\Temp\ttttt [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 7:24:07 PM
    *

    3/4/2010 7:25:14 PM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/4/2010 7:27:21 PM   C:\Documents and Settings\Daksh\Local Settings\Temporary Internet Files\Content.IE5\48Q0UBAF\f[1].exe [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
    During the file delete, error occurred: The process cannot access the file because it is being used by another process
    3/4/2010 7:27:22 PM   C:\DOCUME~1\Daksh\LOCALS~1\Temp\yyyyy [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 9:31:58 PM
    *

    3/4/2010 9:42:03 PM   C:\Documents and Settings\Daksh\Local Settings\Temporary Internet Files\Content.IE5\48Q0UBAF\f[1].exe [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    3/4/2010 9:42:05 PM   C:\Documents and Settings\Daksh\Local Settings\Temporary Internet Files\Content.IE5\U7RGV9WY\f[1].exe [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    3/4/2010 10:22:18 PM   E:\SETUPS DOWNLOADED\Morpheus.Photo.Animation.Suite.v3.11\MorpheusPhotoAnimationSuite-311.exe [L] Win32:CabMod [Drp] (0)
    File was successfully moved to chest...
    3/4/2010 10:22:31 PM   E:\SETUPS DOWNLOADED\Farmatech Radmin 3.4\Radmin Viewer 3.4 Portable.exe [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    3/4/2010 10:24:08 PM   E:\SETUPS DOWNLOADED\MP3 RESIZER EDITOR-MADE PORTABLE\$TEMP\EULA.exe|>wibb32.exe|>$TEMP\nvvscv.exe|>nsis.hdr [L] NSIS:Downloader-T [Trj] (0)
    File was successfully moved to chest...
    3/4/2010 10:24:09 PM   E:\SETUPS DOWNLOADED\MP3 RESIZER EDITOR-MADE PORTABLE\$TEMP\EULA.exe|>wibb32.exe|>$TEMP\nvscv.exe|>nsis.hdr [L] NSIS:Downloader-T [Trj] (0)
    While moving file to chest, error occurred: The system cannot find the file specified
    During the file delete, error occurred: The system cannot find the file specified
    3/4/2010 10:27:10 PM   E:\System Volume Information\_restore{A12F6E18-3525-4DAA-8A1C-4568EE3DE2D8}\RP1\A0000113.exe [L] Win32:CabMod [Drp] (0)
    File was successfully moved to chest...
    3/4/2010 10:27:13 PM   E:\System Volume Information\_restore{A12F6E18-3525-4DAA-8A1C-4568EE3DE2D8}\RP1\A0000114.exe [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    3/4/2010 10:27:14 PM   E:\System Volume Information\_restore{A12F6E18-3525-4DAA-8A1C-4568EE3DE2D8}\RP1\A0000115.exe|>wibb32.exe|>$TEMP\nvvscv.exe|>nsis.hdr [L] NSIS:Downloader-T [Trj] (0)
    File was successfully moved to chest...
    3/4/2010 10:27:14 PM   E:\System Volume Information\_restore{A12F6E18-3525-4DAA-8A1C-4568EE3DE2D8}\RP1\A0000115.exe|>wibb32.exe|>$TEMP\nvscv.exe|>nsis.hdr [L] NSIS:Downloader-T [Trj] (0)
    While moving file to chest, error occurred: The system cannot find the file specified
    During the file delete, error occurred: The system cannot find the file specified
    3/4/2010 10:27:41 PM   E:\TEST DOWNLOADS\MEDIA -Video Splitter-SOLVEIGMM-portable v1.2.705.4\Stubs\5283da368222ccee720a9482cb6c6788524b080\wmplayer.exe [L] Win32:Trojan-gen (0)
    File was successfully moved to chest...
    3/4/2010 10:36:09 PM   E:\TEST DOWNLOADS\AutoRun Typhoon 4.3.0 Portable\patch\autorun.typhoon.pro.4.3.0-patch.exe [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    3/4/2010 10:38:07 PM   E:\USEFUL CRUCIAL UTILITIES FOLDER\FOXIT READER-UTILITY SUITE\Infix PDF Editor 4.0.4 Portable.exe [L] Win32:Agent-AJGY [Trj] (0)
    File was successfully moved to chest...
    3/4/2010 10:52:50 PM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 10:54:15 PM
    *

    3/4/2010 10:56:05 PM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/4/2010 10:56:39 PM   C:\Documents and Settings\Daksh\Local Settings\Temporary Internet Files\Content.IE5\48Q0UBAF\f[1].exe [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The process cannot access the file because it is being used by another process
    During the file delete, error occurred: The process cannot access the file because it is being used by another process
    3/4/2010 10:56:40 PM   C:\DOCUME~1\Daksh\LOCALS~1\Temp\yyyyy [L] Win32:Malware-gen (0)
    File was successfully moved to chest...

    CONTD. IN THE NEXT POST
    *


    qrius2noall

    • Guest
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #6 on: March 04, 2010, 07:51:23 PM »
    CONTINUED FROM PREVIOUS


    *

    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 7:33:58 AM
    *

    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 7:57:10 AM
    *

    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 7:24:07 PM
    *

    3/4/2010 7:33:42 PM   http://www.ebookslib.org/the-global-money-markets.html [L] JS:Small-C [Trj] (0)
    3/4/2010 7:33:45 PM   http://www.ebookslib.org/favicon.ico [L] JS:Small-C [Trj] (0)
    3/4/2010 7:34:01 PM   http://www.ebookslib.org/the-global-money-markets.html [L] JS:Small-C [Trj] (0)
    3/4/2010 7:34:05 PM   http://www.ebookslib.org/favicon.ico [L] JS:Small-C [Trj] (0)
    3/4/2010 7:34:32 PM   http://www.ebookslib.org/cellular-mobile-radio-systems-designing-systems-for-capacity-optimization.html [L] JS:Small-C [Trj] (0)
    3/4/2010 7:34:34 PM   http://www.ebookslib.org/favicon.ico [L] JS:Small-C [Trj] (0)
    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 9:31:58 PM
    *

    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Thursday, March 04, 2010 10:54:15 PM

    THKS FOR YOUR REPLIES-IWANT TO GET TO THE BOTTOM OF IT BEFORE I THINK OF UNINSTALLING AVAST
    *

    qrius2noall

    • Guest
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #7 on: March 04, 2010, 07:55:45 PM »
    STRANGELY WHY AVAST 5 FREE NOT ABLE TO SCAN IN SAFE MODE-THE ERROR IT SHOWS IN SAFE MODE SCAN IS:

    UNABLE TO START SCAN THERE ARE NO MORE END POINTS AVAILABLE FROM THE END POINT MAPPER

    ANY IDEA WHAT THAT MEANS  ?


    Thanks Once again

    Q2na
    « Last Edit: March 04, 2010, 08:33:39 PM by qrius2noall »

    qrius2noall

    • Guest
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #8 on: March 04, 2010, 08:34:43 PM »
    Thanks Once again ESSEXBOY

    Here is the malware byte scan report-apparently all what was flagged bad has been quarentined and deleted by MALWARE BYTE

    Malwarebytes' Anti-Malware 1.44
    Database version: 3824
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    3/4/2010 10:52:49 PM
    mbam-log-2010-03-04 (22-52-49).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|)
    Objects scanned: 235366
    Time elapsed: 1 hour(s), 10 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 13

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    D:\SOFTWARE FOLDER JUMBO-SETUPS\SETUPS DOWNLOADED\WINDOWS SIMULATOR FOR INSTALLTION-SETUP-\winxp_simulator.exe (Trojan.Logger) -> Quarantined and deleted successfully.
    D:\SOFTWARE FOLDER JUMBO-SETUPS\SETUPS DOWNLOADED\tcp ip patcher\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
    D:\SOFTWARE FOLDER JUMBO-SETUPS\SETUPS DOWNLOADED\REG ERROR REPAIR-SETUP\erpsetup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    D:\SOFTWARE FOLDER JUMBO-SETUPS\SETUPS DOWNLOADED\ERROR REPAIR UTILITY-PORTABLE\erpsetup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    D:\SOFTWARE FOLDER JUMBO-SETUPS\SETUPS DOWNLOADED\Ebooster 3 build 491 plus patch\patch\eBoostr 3.0 build 491 Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\NOT IN ACTIVE USE UTILITIES\xp key changer\update_xp_cd_key.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\tcp ip patcher\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\FLV Direct Player-SETUP\FLVDirect.exe (Adware.MediaPass) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\PDF UTILITY-Nitro PDF PRO-Setup\keygen\kg_nitro_pdf_professional.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\Sandboxie.v3.42.WinAll.Incl.Keygen-CRD\keygen\kg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\exe dll files extractor-PE EXPLORER-SETUP\crack.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    E:\TEST DOWNLOADS\WORD PROCESSOR-ATLANTIS-PORTABLE\AtlantisPortable\App\Atlantis\unicows.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    E:\Z-CRUCIAL SETUPS FOR REINSTALL\FOXIT READER-UTILITY SUITE SETUPS\Foxit Reader Pro 2.3.2008.2825 - Olexijl\patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #9 on: March 04, 2010, 08:38:00 PM »
    Quote
    :\NOT IN ACTIVE USE UTILITIES\xp key changer\update_xp_cd_key.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\tcp ip patcher\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\FLV Direct Player-SETUP\FLVDirect.exe (Adware.MediaPass) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\PDF UTILITY-Nitro PDF PRO-Setup\keygen\kg_nitro_pdf_professional.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\Sandboxie.v3.42.WinAll.Incl.Keygen-CRD\keygen\kg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\SETUPS DOWNLOADED\exe dll files extractor-PE EXPLORER-SETUP\crack.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    E:\TEST DOWNLOADS\WORD PROCESSOR-ATLANTIS-PORTABLE\AtlantisPortable\App\Atlantis\unicows.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    E:\Z-CRUCIAL SETUPS FOR REINSTALL\FOXIT READER-UTILITY SUITE SETUPS\Foxit Reader Pro 2.3.2008.2825 - Olexijl\patch.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
    Well that is where it came from

    If you could run and then post OTS I will see what remains

    qrius2noall

    • Guest
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #10 on: March 04, 2010, 08:45:00 PM »
    Thanks Once Again ESSEXBOY

    here is the link for OTS scan report

    http://www.mediafire.com/download.php?wwvyk0wwomh


    http://www.mediafire.com/download.php?wwvyk0wwomh

    Thks for your help

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #11 on: March 04, 2010, 08:49:25 PM »
    You have set it to private - could you unlock and post the sharing link - or attach the OTS log to your post

    qrius2noall

    • Guest
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #12 on: March 05, 2010, 02:23:52 AM »
    hi ESSEXBOY

    Sorry for messing up with mediafire link-it is first time I have uploaded.Anyway The file is public for download

    Meanwhile I have done couple of scans with AVAST 5 FREE and the report is as follows:

     avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Friday, March 05, 2010 5:33:53 AM
    *

    3/5/2010 5:40:45 AM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/5/2010 5:40:48 AM   C:\WINDOWS\system32\core.dll [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Friday, March 05, 2010 5:52:23 AM
    *

    3/5/2010 5:56:35 AM   C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Friday, March 05, 2010 6:25:55 AM
    *

    As you can see Avast is detecting the infection but is not able to remove it

    C:\WINDOWS\winstart.bat     
    Error:File is offline-it is currently not available(ERROR 42006)

    C:\WINDOWS\SYS32\ole32.dll
    threat    high    Win32:Malware-gen
    The Specified file is read only(Error 6009)

    I hope this new info helps you to help me in this lousy situation

    Funny thing is I canot do the scan in SAFE MODE-The error message from AVAST is

    UNABLE TO START SCAN.THERE ARE NO MORE END POINTS AVAILABLE FROM THE END POINT MAPPER     

    Any idea what it implies?

    Willbe waiting fot replies from YOU, David and PONDUS

    Thank you All

    q2na

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #13 on: March 05, 2010, 01:41:00 PM »
    Avast is not in its default folder which may be part of the problem

    Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

    Code: [Select]
    [Unregister Dlls]
    [Processes - Safe List]
    YY -> statbar  .exe -> E:\USEFUL CRUCIAL UTILITIES FOLDER\statbar  .exe
    [Registry - Safe List]
    < Run [HKEY_USERS\S-1-5-21-1078081533-1682526488-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1078081533-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YY -> "StatBar" -> E:\USEFUL CRUCIAL UTILITIES FOLDER\statbar  .exe [E:\USEFUL CRUCIAL UTILITIES FOLDER\statbar  .exe]
    [Files - No Company Name]
    NY ->  winstart.bat -> C:\WINDOWS\winstart.bat
    [Empty Temp Folders]


    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

    I will review the information when it comes back in.

    I can see no indication that ole32.dll has been modified.  However, I will search for a spare copy and do a replace

    Run OTS
    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program.
    • Check the box that says Scan All Users
    • Under the Custom Scan box paste this in

    /md5start
    OLE32.DLL
     /md5stop


    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Please attach the log in your next post.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

    bobo1

    • Guest
    Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
    « Reply #14 on: March 05, 2010, 03:10:59 PM »
    Did you just format C: ?.
    Could be a boot sector virus! on your multiple partitions?. Deleting the C: & multipartitions and recreate new other partitions using a DOS win 98 start up disk via floppydrive A: is only cure to get rid of boot sector viruses or use XP cd rom and del partition! and do a clean install of xp. Rather drastic though. This is what i do if anyone has widespread virus problems on their PCs to repair on large disks i create 2 partitions C: & D: depending how big the drive is in the first place.
    « Last Edit: March 05, 2010, 03:17:07 PM by bobo1 »