Win32:Malware-gen popping up

[arquebus]

Logged on to my computer this morning and was greeted with
"MALWARE BLOCKED

avast! File System Shield has blocked a threat.
No further action is required.
 
 Object:  C:\Users\David\AppData\Local\Temp\mwgmliry.dll
 Infection:  Win32:Malware-gen
 Action:  Moved to chest
 Process:  C:\Windows\Microsoft.NET\Framework\v2.0...\csc.exe

The threat was detected and blocked when the file was created or modified"

I moved the file out of the chest to upload it to jotti's site (results).  When I deleted it I got another message identical to the first except for
"Object:  C:\$RECYCLE.BIN\S-1-5-21-29068602...\$RD09X97.dll
...
 Process:  C:\Windows\explorer.exe"

I'm currently running a full scan.

[Pondus]

check your computer for malware with this

Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
always update the program so you have lates database before you scan
click the remove selected button to quarantine any infections found
you may post the scan log here

[arquebus]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5550

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/01/2011 5:06:25 PM
mbam-log-2011-01-18 (17-06-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 631492
Time elapsed: 1 hour(s), 37 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

While it was scanning, I got another Avast message identical to the first one, but with the file "5xkgstgk.dll"


edit: If it's any help, here are the OTL logs attached

[LYNXScout]

Same thing here.

http://i.imgur.com/RtWvs.png

Started happening about 2 days ago.  My husband is having the same issue apparently, in England.  It pops up on every boot-up with some random .dll file, then randomly throughout the day.

[nanenj]

I have begun experiencing the same thing.  A friend in Norway is experiencing the same.  My own case is both a desktop and laptop.  Don't think there's any information I can add that provides any more insight.

[Jephery]

I'm experiencing the same issue, starting this afternoon.

From my File System Shield log:

1/18/2011 2:00:41 PM   C:\Users\Jeff\AppData\Local\Temp\wrzm9yjt.dll [L] Win32:Malware-gen (0)
File was successfully moved to chest...
1/18/2011 5:00:28 PM   C:\Users\Jeff\AppData\Local\Temp\4fktxflg.dll [L] Win32:Malware-gen (0)
File was successfully moved to chest...
1/18/2011 8:00:28 PM   C:\Users\Jeff\AppData\Local\Temp\q-ohkne9.dll [L] Win32:Malware-gen (0)
File was successfully moved to chest...
1/18/2011 11:00:56 PM   C:\Users\Jeff\AppData\Local\Temp\llawn-lk.dll [L] Win32:Malware-gen (0)
File was successfully moved to chest...

It could just be a coincidence, I'm not sure, but the detected .dll is appearing about every 3 hours it seems.

[happyboy7]

This exact thing started happening to me this afternoon.  Not once in a year has anything been detected until today.  Last night I updated to the latest version of Avast (was told to update and restart computer).  There have been four events today, all from C:\Users\...\AppData\Local\Temp folder.  They have each been labeled a different .dll with the virus listed as Win32:Malware-gen.

I've run a full scan with Avast and it found nothing.  I ran a full scan with Malwarebytes and it found nothing.  And, I ran a scan with SuperAntiSpyware and it found only tracking cookies.

This is very strange!  

[TheLoneTerran]

Hello all.

I updated Avast when it prompted me to when I booted up my PC for the day. I am now having the exact same problem as the others. I ran a full scan on my PC with Avast and Malwarebytes and I keep getting this same error. Always the Win32:Malware-gen in the AppData folder. It happens pretty much as soon as my CPU is booted up and then periodically throughout the hours. Here are my malwarebytes results if it helps.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4084

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/19/2011 1:44:02 AM
mbam-log-2011-01-19 (01-44-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 596444
Time elapsed: 1 hour(s), 43 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Pondus]

@TheLoneTerran
You are using a old version of malwarebytes, it looks as you have never updated it since install

Malwarebytes' Anti-Malware 1.46   Database version: 4084

Latest is 1.50.1 with database 5552 when i post
malwarebytes is releasing 5 - 10 updates a day

[arquebus]

I'm experiencing the same issue, starting this afternoon.

From my File System Shield log:

1/18/2011 2:00:41 PM   C:\Users\Jeff\AppData\Local\Temp\wrzm9yjt.dll [L] Win32:Malware-gen (0)
File was successfully moved to chest...
1/18/2011 5:00:28 PM   C:\Users\Jeff\AppData\Local\Temp\4fktxflg.dll [L] Win32:Malware-gen (0)
File was successfully moved to chest...
1/18/2011 8:00:28 PM   C:\Users\Jeff\AppData\Local\Temp\q-ohkne9.dll [L] Win32:Malware-gen (0)
File was successfully moved to chest...
1/18/2011 11:00:56 PM   C:\Users\Jeff\AppData\Local\Temp\llawn-lk.dll [L] Win32:Malware-gen (0)
File was successfully moved to chest...

It could just be a coincidence, I'm not sure, but the detected .dll is appearing about every 3 hours it seems.

Very interesting, as there seems to be a 3 hour gap between a number of my alerts as well...

[Pondus]

They all seem to be in temp folder....not sure if this will help but you can try


TFC - Temp File Cleaner by OldTimer
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

[TheLoneTerran]

Thank you Pondus. I updated and am running another scan. I'll post results when I get them. Ty.

[Pondus]

The good thing with MBAM 1.50.1  it will promt you for update if you try scanning with and old database...
I think the default setting is 7 days....

[arquebus]

They all seem to be in temp folder....not sure if this will help but you can try


TFC - Temp File Cleaner by OldTimer
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Tried this, still getting the alerts

[Pondus]

Have sendt a note to Essexboy so he will pop in when he arrives later (late) today..

he is usually in here from 8:00pm 11:59pm uk time