Author Topic: Win32.downloader.gen Help Desperately Needed! (Read 7898 times)

James Quenton · « **on:** April 12, 2013, 08:46:12 PM »

So, I've had this trojan for some time, now. I have reason to believe it's been on my hard drive for maybe two weeks, but my spybot picked it up around six days ago. Every scan I've used on it (avast, malware antibites, superantispyware, AVG, spybot, ect.) has been useless, as only one of them has picked up the trojan on radar, and it couldn't successfully delete it. Every online removal tutorial has been equally as useless, if not much worse.

I've seen some people complain about said trojan on this site, and everyone has been saying the tutorials you've provided were successful. Only problem is that each one says that it's only specific for said system. Could you please help me delete this pesky thing, because it's honestly starting to scare me.

I don't have any money on me, and I need this system for school.

James Quenton · « **Reply #1 on:** April 12, 2013, 10:20:44 PM »

Please, I need help as soon as possible!

Pondus · « **Reply #2 on:** April 12, 2013, 10:25:57 PM »

have you considered that this may be a False Positive from SpyBot ? ...... a program most of use here think is waste of disk space
have you tested the detected file at www.virustotal.com ?

follow guide and attach logs AdwCleaner / Malwarebytes / OTL / aswMBR http://forum.avast.com/index.php?topic=53253.0

Pondus · « **Reply #3 on:** April 12, 2013, 10:35:58 PM »

Quote

(avast, malware antibites, superantispyware, AVG, spybot, ect.)

do you have avast and AVG installed ?

James Quenton · « **Reply #4 on:** April 12, 2013, 10:43:18 PM »

Quote from: Pondus on April 12, 2013, 10:35:58 PM

Quote
(avast, malware antibites, superantispyware, AVG, spybot, ect.)
do you have avast and AVG installed ?

I recently got AVG and Avast installed to see if I could kill this thing with them, but there's been no luck. Also, I'm pretty sure this trojan is legit. It's showed up in three scans and the side effects that are said to come with it have been plaguing my computer. I know Spybot is a waste of disk space, but it seems like it's the only program that's been even slightly useful the past few days.

I'll try to see if your other post will help at all...

Pondus · « **Reply #5 on:** April 12, 2013, 10:49:28 PM »

Quote

I'll try to see if your other post will help at all...

when done a removal expert will be notified and check the logs...

James Quenton · « **Reply #6 on:** April 12, 2013, 11:39:27 PM »

Here's the log. Ignore the "part one - part three" thing. That's a long story...

James Quenton · « **Reply #7 on:** April 12, 2013, 11:41:06 PM »

Sorry. I realize I'm going to have to download more logs than this. I'll get to it as soon as I can.

James Quenton · « **Reply #8 on:** April 13, 2013, 01:48:23 AM »

Alrighty. Here are the logs, just as you asked...

I'll post the ASWmbr log in my next post as the tutorial directed.

James Quenton · « **Reply #9 on:** April 13, 2013, 01:56:05 AM »

And... here's the last log needed. Help as soon as possible would be appreciated, but no rush.

essexboy · « **Reply #10 on:** April 13, 2013, 12:10:27 PM »

What is spybot reporting ? File name and location

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:OTL
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)

:Files
C:\Program Files\SearchProtect

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

James Quenton · « **Reply #11 on:** April 13, 2013, 01:24:09 PM »

My Spybot simply told me that I had malware and that the name of said malware was win32.downloader.gen. It was painfully vague, yes. That's been contributing to the problem.

Anyway, here's that updated log you wanted.

essexboy · « **Reply #12 on:** April 13, 2013, 01:38:29 PM »

OK lets see what spybot is reporting

Open SpyBot.
Check for problems.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Paste (Ctrl+V) those results to this thread

James Quenton · « **Reply #13 on:** April 13, 2013, 02:55:32 PM »

Well, screw me running! Spybot said that I have no problems. I'm clean! Well, how bout that. Maybe those antivirus programs wiped the Trojan!

Thank you for the support and the directions, nonetheless. I... guess I'll be going, now.

<walks into the sunset>

essexboy · « **Reply #14 on:** April 13, 2013, 03:40:20 PM »

It may well have been this C:\Program Files\SearchProtect as it is a PUP

How is the computer behaving ?

Author Topic: Win32.downloader.gen Help Desperately Needed! (Read 7898 times)

James Quenton

Win32.downloader.gen Help Desperately Needed!

James Quenton

Re: Win32.downloader.gen Help Desperately Needed!

Pondus

Re: Win32.downloader.gen Help Desperately Needed!

Pondus

Re: Win32.downloader.gen Help Desperately Needed!

James Quenton

Re: Win32.downloader.gen Help Desperately Needed!

Pondus

Re: Win32.downloader.gen Help Desperately Needed!

James Quenton

Re: Win32.downloader.gen Help Desperately Needed!

James Quenton

Re: Win32.downloader.gen Help Desperately Needed!

James Quenton

Re: Win32.downloader.gen Help Desperately Needed!

James Quenton

Re: Win32.downloader.gen Help Desperately Needed!

essexboy

Re: Win32.downloader.gen Help Desperately Needed!

James Quenton

Re: Win32.downloader.gen Help Desperately Needed!

essexboy

Re: Win32.downloader.gen Help Desperately Needed!

James Quenton

Re: Win32.downloader.gen Help Desperately Needed!

essexboy

Re: Win32.downloader.gen Help Desperately Needed!