Dear Contributors,
As mentioned, this virus is "very pernicious" - I was in the same position as original poster.
I tried everything... (sailing close to the dreaded reformat!)
The reason I'm posting on this old thread is because I found a "breakthrough solution".
I did a (pretty wide) search on google image using the term "W32:Malware-gen" and happened upon a blogger who mentioned using Microsoft Update to solve this virus infection. (It didn't sound like a particularly "technical" solution to me, but good news this works!)
Here are the exact steps I followed to eradicate "W32:Malware-gen" explorer.exe process
Firstly, W32:Malware-gen appears to be bundled with other nasties that even Avast did not identify.
ESET Online Scanner found:
Win32:TrojanDownloader.Adload.NIQ
Win32 Toolbar Babylon
MalwareBytes found:
Trojan.BHO (2 instances in registry HKCR)
So, the general advice to run full scans using other AV engines seems sound. I also "immunized" with SpywareBlaster and found a nice "reg mod" that closes port 445.
Ok, back to the main plot:
1. I reinstalled MS Internet Explorer V8 (IE
while online2. It will ask you to reboot once IE 8 is finalized. Please do that.
3. Reboot in Normal Mode, connect to the Internet.
4. Start IE v8 > Tools >
Windows Update /windowsupdate.microsoft.com/
5. If IE v8 has installed correctly, you will see "checking for updates"
6. Then, you will see a full list of updates.
Here are the important ones:
All the KB "Security Updates" (all very small files)
The "Cumilative Update for XP" (6MB)
I installed 72 of these in all (critical ones) but not Service Pack 3- thats huge!
7. After download and install - system requires reboot. Please do that.
8. When I retested with Avast (running a scan in memory) after reboot - Joy of Joys! The W32:Malware-gen process explorer.exe virus had vanished!
Why re-install IE v8 ?
Combofix (which I admit not understanding at all) put 2 IE v8 icons on my desktop). It's also likely I just had a corrupt installation of IE v8 on my aging XP SP2 machine.
Why does the Microsoft Update Fix work?
I'd love feedback on this one! explorer.exe is essential to Windows, I think it's the shell or GUI that controls most of the fun stuff we see and use. So, its no wonder Avast decides not to delete this file when it finds a virus (somehow) attached to it.
Some viruses, apparently, "inject code" into the "address space" of very important processes like explorer.exe. (I have no idea what this really means, opinion welcomed). In this case, I don't know what really happened. I'm
guessing Microsoft Update patches a vulnerablity related to explorer.exe.
Curiously, the "oldtech" method of just replacing "explorer.exe" with a system disk version had no affect in this case. "explorer.exe" appeared to be unmolested by the virus. (File versions, sizes matched)... So, the mystery is
why did Avast spot this as a virus?Hope this helps someone else (even the experts!) out there in Internet Land.
Kind Regards, NB