Author Topic: Win32:Malware-gen - C:\Windows\System32\dinput32.dll  (Read 5722 times)

0 Members and 1 Guest are viewing this topic.

loopync

  • Guest
Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« on: June 26, 2010, 08:25:30 PM »
I've attached a picture of what I am getting constantly regarding this Win32:Malware-gen
I am also a novice and don't understand what i should be doing.  I have run Trend Micro, my windows malware program, and of course Avast which didn't find it when it scanned.  How can avast block something but not find it?  That seems bizarre to me.\
This thing is popping up ALL the time and driving me crazy.  Just started today.  Sometimes the count on it is in the 50's and when I go to the chest there appears to be 100's of the same thing.  HELP PLEASE

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #1 on: June 26, 2010, 08:55:17 PM »
Well there is obviously something else (hidden/undetected) that is restoring the file, not to mention there also has to be a registry entry responsible for the run command winlogon.exe for C:\Windows\System32\dinput32.dll.

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Also available a portable version of SAS, http://www.superantispyware.com/portablescanner.html, no installation required.


SuperAntiSpyware (SAS) should I believe be able to deal with this one.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

loopync

  • Guest
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #2 on: June 26, 2010, 10:12:27 PM »
Thank you.  I am runninmg the Malwarebytes now and not liking what I see.  It is on object 147011 and says 7063 objects infected.  Is that even possible?
« Last Edit: June 27, 2010, 03:05:24 AM by loopync »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #3 on: June 26, 2010, 10:45:14 PM »
A Quick scan would be enough to get you started and generally will have picked up most of the detections.

Can you modify your post and remove the 80-90 blank lines to something that doesn't mean scrolling forever to see the end of the post, see example quote.

Thank you.  I am runninmg the Malwarebytes now and not liking what I see.  It is on object 147011 and says 7063 objects infected.  Is that even possible?

I am currently running the Malwarebytes and scared to death by what I am seeing.  It's been running now for 2:25 hours and shows over 7,000 objects infected.  Is that even possible?

If you were intending to copy and paste some data, then it failed and only inserted blank lines.

I can't comment on the figures, depends on what it classes as infected, but it is entirely possible to have those kinds of numbers though uncommon.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

loopync

  • Guest
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #4 on: June 27, 2010, 03:06:23 AM »
I don't have a clue what happened to that post.  The lines at the bottom were the same as the ones at the top.  Sorry about that.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #5 on: June 27, 2010, 03:19:12 AM »
I take it that the MBAM scan has now completed you could attach the log file (see below) so we can have a lok at what was found as I guess it would be too large to copy and paste.

Check out the C:\Program Files\Malwarebytes' Anti-Malware\ or C:\Documents and Settings\YourUsername\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\ folders for the mbam-log{date of scan}.txt files.

- When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

loopync

  • Guest
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #6 on: June 27, 2010, 03:33:20 AM »
It says the log file is too big to post  >:(

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #7 on: June 27, 2010, 03:43:57 AM »
How big is it ?
Try breaking it up and create two or three .txt files and attach the parts in two or three posts.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

loopync

  • Guest
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #8 on: June 27, 2010, 03:58:29 AM »
It is 622 KB. I does say everything has been quarantined and deleted.  I'm running the scan again just to make sure.  So far nothing is infected.  My avast is behaving also.

Thanks for all your help and I will let you know when its done scanning.  It might be tomorrow as I'm going to bed soon.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #9 on: June 27, 2010, 05:07:38 AM »
Wow that is by far the biggest MBAM log I have ever come across, your going to bed soon, its 4am here in the UK ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

loopync

  • Guest
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #10 on: June 27, 2010, 05:18:06 AM »
I was wondering about you still being up at that hour.  I saw the British flag but thought maybe you were living in the states or Canada.  I'm an old girl so need my beauty sleep.  Get to bed!!!!!..lol

CharleyO

  • Guest
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #11 on: June 28, 2010, 12:23:00 PM »
***

Hi loopync,

In your first post, you mentioned having run both Trend Micro and avast. It is not good to run 2 resident AV programs at the same time as they will cause conflicts. If you are running 2 AV programs at the same time, this could likely be part of the cause of your very infected computer.

Please let us know for sure if you are running both Trend Micro and avast as resident AV programs.


***

loopync

  • Guest
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #12 on: June 28, 2010, 12:35:05 PM »
I don't run them both at the same time.  Avast is my antivirus program but when it didn't find anything I downloaded Housecall and ran it.  I do have it all fixed now thanks to your forum help and Maleware Bytes.  Great program.  All is clear now and again thanks for this forum.

CharleyO

  • Guest
Re: Win32:Malware-gen - C:\Windows\System32\dinput32.dll
« Reply #13 on: June 28, 2010, 12:56:37 PM »
***

Thanks for the reply, loopync. Housecall is completely OK to use.

It is good to know that all is well with your computer now.   :)


***