win32:malware-gen

[mag92]

Recently my computer got infected with win32-generic virus. It spread to most of the executable files on my hard drive. Since i couldn't find proper solution to remove the virus ,so i recovered my OS to an earlier system image.Later i installed a clean download of AVAST free anti virus and ran a quick scan which did not reveal any virus. when i tried to scan the drives which were not affected by the system recovery , the win32:malware-gen ,win32:DROPPER-KQQ and win32:sality viruses were revealed on many exe files and avast was unable to repair it....but same folder scan using malwarebytes didnot show any infections..plz help...

[Pondus]

It spread to most of the executable files on my hard drive.

this indicate you have a file infector....

the win32:malware-gen ,win32:DROPPER-KQQ and win32:sality viruses

sality is a file infector

but same folder scan using malwarebytes didnot show any infections..plz help...

Malwarebytes does not scan for file infectors.....and they recomend format c:.... reinstall

Miekiemoes: Director of Research @ Malwarebytes
http://miekiemoes.blogspot.no/2009/02/virut-and-other-file-infectors-throwing.html

[Pondus]

i will notifie Essexboy....maybe he can help you

[essexboy]

The following programme may need to be run several times and no guarantee can be given

Download  Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip 
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key: 

under Windows 2000 run the registry file SafeBootWin200.reg 
under Windows XP run the registry file SafeBootWinXP.reg 
under Windows 2003 run the registry file SafeBootWinServer2003.reg 
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg

[mag92]

 the sality killer program failed to find any infections.
Anyway, most of the infections found in the avast scan were win32:malware-gen.

i tried scanning a single setup file separately. It seems like each .exe file is associated with both the win32:malware-gen. and the win32:DROPPER-KQQ .
i've attached the snip of the scan results of a single setup file.

[Pondus]

follow this guide and attach the requested logs...not copy and paste....  http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done essexboy will have a look   

[mag92]

aswMBR is crashing after running for sometime...what should i do.....i've attached the other logs with this post.

[Pondus]

essexboy may not need it...but you can try run it from safe mode...

[essexboy]

Did you use sality killer on the other drives as well ?

[mag92]

yes ,when i ran the sality killer,it searched all the drives sequentially.

the quickscan using aswMBR did not find any threats.
here's the log of the scan by aswMBR over the infected drive.i selected the drive from the drop down option in the aswMBR window and hit the scan .
it was red all over. 

[essexboy]

Is there anything important on that drive ?

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

• Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
• Launch drwebliveusb.exe.
• The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).

• To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
• Files will be copied automatically.
• Once the copying process is completed, press the Exit button to close the application.
• Reboot the infected computer with the USB in the drive
• Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  
• As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

• Use arrow keys to select  DrWeb-LiveCD (Default)
• When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.

• The programme will now scan for and cure/delete any malware that it finds.  Allow it to do so 
• Once completed reboot to normal windows
• No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

[mag92]

I have done as you have suggested by running the dr.web live usb program by booting from  the usb. but when i selected cure it sent all the infected files to quarantine. apparently though the drive is virus free(i ran a scan) but the applications have been rendered useless.....no worries as the files were not so important...but there's my another ext.HDD  carrying similar infections and i do not want to mess up my collection..so plz...help me out....and many thanks to you for bearing with me till now.

[essexboy]

The problem with file infectors is that they can cause damage to the main file, insamuch as they are beyond repair.  Generally it only affect executable files, so although the programmes have gone the data may be safe 

But to be honest with this type of infection you are best reformatting and starting again