Win32:Malware-gen: Avast keeps finding this malware

[luisisrael]

Hi Essexboy,

After you helped me elimitaning this win32 virus it somehow appeared again (so maybe it was just hidden).
I noticed you were out for a while (from 28th till 08th October) so I waited till now to write again.

Just like before, Avast from time to time finds this file DESKTOP.INI infected by Win32:Malware-gen.

But now from time to time Avast blocks automatically the activities of this Win32 virus and shows the message that a Threat was Detected, like this:

C:\Windows\assembly\tmp\800000c0.sys -> Win32:Malware-gen tryed to create or infect this file (and was stopped by Avast).

Also like before. After I scan and exclude the infected Desktop.ini there comes some clean logs. And then again the virus reappears.

How should I proceed?
Is it possible that this is a false positive?

Thank you

Luis Santiago Israel

[DavidR]

It may have been as a result of how you got infected in the first place rather than this one being hidden.

So you should proceed as before, Download the latest OTL version, Run OTL and attach the logs and essexboy will take a look at them..

[essexboy]

You have a choice of two possible infections here either zero access or conserv dependant on which it is will determine my approach

OTL will let me know which it is

After I scan and exclude the infected Desktop.ini

This is part of the infection

[luisisrael]

Hello Essexboy,

follow attached OTL log - part 1

[luisisrael]

log part 2 - Extras

[essexboy]

I can see no sign of it there - lets do one further run with combofix, although I feel it will find nothing

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[luisisrael]

Combofix log attached.
the computer is working normally.

ahoj
Luis

[essexboy]

Just an ADS there which appeared to be from your bank - but it is something I will bear in mind next time I see it

Once you are happy run the cleanup routine again