Win32:Malware-gen C:\Windows\Installer\...\80000000.@

[mimi0815w]

I've been getting a consistent pop-up from avast about the following:

Win32:Malware-gen C:\Windows\Installer\...\800000cb.@
Please help!
Avast Program version : 7.0.1426
Virus definitions version: 120708-0
Number of definitions: 3488685

Windows 7 x64 NTFS

Avast scanned my PC and reported ok. plesae help.

[essexboy]

Please follow the steps in this thread http://forum.avast.com/index.php?topic=53253.0
Then attach the logs here

[mimi0815w]

log files attached.

[essexboy]

This should stop it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :Files
  C:\Windows\Installer\{1d8cfe9b-a373-289f-0e75-d1c34635c803}
  C:\Users\Cliff\AppData\Roaming\msexmg.dll
  C:\Users\Cliff\AppData\Local\{1d8cfe9b-a373-289f-0e75-d1c34635c803}
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[mimi0815w]

aswMBR.txt log file attached. btw, OTL did not create Extras.Txt.

[mimi0815w]

following instructions provided by essexboy. attached OTL log after running the fix. I noticed that C:\Windows\Installer\{1d8cfe9b-a373-289f-0e75-d1c34635c803} folder still exist after reboot, so I restart Win7 in safe mode, but still can't delete the folder. I still see pop-up windows regarding this malware-gen. I wll run combofix and post log next.

[Pondus]

OTL did not create Extras.Txt.

it only does on first run....not important, just extra tech info

[mimi0815w]

combofix seems to fix the problem ( infected services.exe), log attached.  Many thanks to all who helped.

[essexboy]

Aye the infected services replaces the installer file, but OTL stops the other one being created and clears the way for Combofix..  How is the computer now ?

[VHF]

I have this same thing and is driving me crazy.  Was told to stop using an AVP I had used for years with no virus issues and use Microsoft.  I've had nothing but trouble since and now have Avast but this issue pops up every few minutes.  What can I do to fix it?

[essexboy]

Could you follow the steps here and attach them in your own thread 

http://forum.avast.com/index.php?topic=53253.0