Author Topic: win32 malware-gen  (Read 16185 times)

0 Members and 1 Guest are viewing this topic.

Joetymp

  • Guest
win32 malware-gen
« on: December 16, 2012, 10:51:38 PM »
Hello,

I had Avast pop up the other day advising that I had a win32 malware-gen infection in some files. I sent the files to the avast chest, but I am still having avast pop up saying it has found rootkits on my system. MBAM scans are clean!? Whenever I send the files found to be infected during boot time scan to chest or delete them, my mouse stops working and the only way to get it back is to do a system restore. Now when I try to access the avast support log i uploaded to avast tech support ticket, it tells me it is not accessible access denied, whenever I try to create a new log, it just runs and runs.  Then I click the close out x box, and it tells me it can't complete the function error 0x3e3!?  No help from support ticket sent yet...Holy hell, please help!
« Last Edit: December 17, 2012, 11:26:16 PM by Joetymp »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32 malware-gen
« Reply #1 on: December 16, 2012, 11:05:53 PM »
Please follow the steps here http://forum.avast.com/index.php?topic=53253.0

Also what file is avast alerting on ?

Joetymp

  • Guest
Re: win32 malware-gen
« Reply #2 on: December 16, 2012, 11:29:29 PM »
When I ran the adw cleaner and it rebooted, my mouse stopped working again!  I dont know how to get my mouse back without doing a system restore point.  Should I do that now, or will I lose the adw scan I just did, putting me back at square one?

Joetymp

  • Guest
Re: win32 malware-gen
« Reply #3 on: December 16, 2012, 11:33:19 PM »
The rootkit file is C:\...\trz258.tmp
The other files are ELhid.sys, ELmon.sys, and ELmou.sys

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: win32 malware-gen
« Reply #4 on: December 16, 2012, 11:36:55 PM »
The rootkit file is C:\...\trz258.tmp
The other files are ELhid.sys, ELmon.sys, and ELmou.sys
related topic   
http://forum.avast.com/index.php?topic=111239.0
http://forum.avast.com/index.php?topic=111341.0
« Last Edit: December 16, 2012, 11:41:36 PM by Pondus »

Joetymp

  • Guest
Re: win32 malware-gen
« Reply #5 on: December 17, 2012, 12:41:06 AM »
Sorry for the delay, my system restore took forever...
any idea how I can get my mouse function back without restoring!? every time I have to reboot trying to clean this damn computer I lose my mouse and have to system restore!!!

Joetymp

  • Guest
Re: win32 malware-gen
« Reply #6 on: December 17, 2012, 01:47:12 AM »
Sorry, I didn't see any "extras.text"

Joetymp

  • Guest
Re: win32 malware-gen
« Reply #7 on: December 17, 2012, 01:49:37 AM »
Not sure if the first time i attached OTL.text if I had it saved in the right ansi format...here it is again.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: win32 malware-gen
« Reply #8 on: December 17, 2012, 02:02:13 AM »
There may be some delay due to differing time zones and availability of essexboy. It is now 1am in the UK so he will be in bed, he should be back later today.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Joetymp

  • Guest
Re: win32 malware-gen
« Reply #9 on: December 17, 2012, 04:25:12 AM »
Here is the last log...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: win32 malware-gen
« Reply #10 on: December 17, 2012, 03:47:12 PM »
They all appear to be false positives

Restore these three files from the Chest and add them to Avast exclusions
the ELmou.sys file is your mouse driver

ELhid.sys, ELmon.sys, and ELmou.sys

Joetymp

  • Guest
Re: win32 malware-gen
« Reply #11 on: December 17, 2012, 11:25:47 PM »
THANK YOU a MILLION TIMES!