Author Topic: win32 malware-gen  (Read 12465 times)

Offline Joetymp

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
win32 malware-gen
« on: December 16, 2012, 08:51:38 PM »
Hello,

I had Avast pop up the other day advising that I had a win32 malware-gen infection in some files. I sent the files to the avast chest, but I am still having avast pop up saying it has found rootkits on my system. MBAM scans are clean!? Whenever I send the files found to be infected during boot time scan to chest or delete them, my mouse stops working and the only way to get it back is to do a system restore. Now when I try to access the avast support log i uploaded to avast tech support ticket, it tells me it is not accessible access denied, whenever I try to create a new log, it just runs and runs.  Then I click the close out x box, and it tells me it can't complete the function error 0x3e3!?  No help from support ticket sent yet...Holy hell, please help!
« Last Edit: December 17, 2012, 09:26:16 PM by Joetymp »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #1 on: December 16, 2012, 09:05:53 PM »
Please follow the steps here http://forum.avast.com/index.php?topic=53253.0

Also what file is avast alerting on ?

Offline Joetymp

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #2 on: December 16, 2012, 09:29:29 PM »
When I ran the adw cleaner and it rebooted, my mouse stopped working again!  I dont know how to get my mouse back without doing a system restore point.  Should I do that now, or will I lose the adw scan I just did, putting me back at square one?

Offline Joetymp

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #3 on: December 16, 2012, 09:33:19 PM »
The rootkit file is C:\...\trz258.tmp
The other files are ELhid.sys, ELmon.sys, and ELmou.sys

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21658
  • Gender: Male
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #4 on: December 16, 2012, 09:36:55 PM »
The rootkit file is C:\...\trz258.tmp
The other files are ELhid.sys, ELmon.sys, and ELmou.sys
related topic   
http://forum.avast.com/index.php?topic=111239.0
http://forum.avast.com/index.php?topic=111341.0
« Last Edit: December 16, 2012, 09:41:36 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Joetymp

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #5 on: December 16, 2012, 10:41:06 PM »
Sorry for the delay, my system restore took forever...
any idea how I can get my mouse function back without restoring!? every time I have to reboot trying to clean this damn computer I lose my mouse and have to system restore!!!

Offline Joetymp

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #6 on: December 16, 2012, 11:47:12 PM »
Sorry, I didn't see any "extras.text"

Offline Joetymp

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #7 on: December 16, 2012, 11:49:37 PM »
Not sure if the first time i attached OTL.text if I had it saved in the right ansi format...here it is again.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69205
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #8 on: December 17, 2012, 12:02:13 AM »
There may be some delay due to differing time zones and availability of essexboy. It is now 1am in the UK so he will be in bed, he should be back later today.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Joetymp

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #9 on: December 17, 2012, 02:25:12 AM »
Here is the last log...

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #10 on: December 17, 2012, 01:47:12 PM »
They all appear to be false positives

Restore these three files from the Chest and add them to Avast exclusions
the ELmou.sys file is your mouse driver

ELhid.sys, ELmon.sys, and ELmou.sys

Offline Joetymp

  • Newbie
  • *
  • Posts: 8
    • Personal Message (Offline)
Re: win32 malware-gen
« Reply #11 on: December 17, 2012, 09:25:47 PM »
THANK YOU a MILLION TIMES!

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now