Author Topic: Win32:Malware-gen  (Read 46455 times)

0 Members and 1 Guest are viewing this topic.

daveshans

  • Guest
Win32:Malware-gen
« on: May 12, 2013, 11:49:14 PM »
I downloaded the newest Avast a few days ago and now every time my computer boots I get a warning about a virus being moved to the chest. It's identified as Win32:Malware-gen. It doesn't show up when I do a boot scan though.

I've run the scans in the pinned topic and attached the logs. Is there anything that can be done?

daveshans

  • Guest
Re: Win32:Malware-gen
« Reply #1 on: May 12, 2013, 11:50:20 PM »
Extra attachment.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37597
  • Not a avast user
Re: Win32:Malware-gen
« Reply #2 on: May 12, 2013, 11:54:06 PM »
malware removers are notified, it may take hours before they arrive so be patient....
most of them are in European time zone and it is midnight here now so you may not see any until tomorrow


daveshans

  • Guest
Re: Win32:Malware-gen
« Reply #3 on: May 12, 2013, 11:55:20 PM »
malware removers are notified, it may take hours before they arrive so be patient....
most of them are in European time zone and it is midnight here now so you may not see any until tomorrow
Thanks.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #4 on: May 13, 2013, 12:30:22 PM »
Hi,

Step#1



> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

  • Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
  • In the window that opens on the top right corner, click Settings.
  • In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

  • Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
  • In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.



> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.

ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.

If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.


> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.



******************************


Step#2


Please download zoek.exe and save it to your desktop.

  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
standardsearch;
  • Click on button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"



daveshans

  • Guest
Re: Win32:Malware-gen
« Reply #5 on: May 13, 2013, 01:40:36 PM »
Done.

daveshans

  • Guest
Re: Win32:Malware-gen
« Reply #6 on: May 13, 2013, 01:43:26 PM »
Second attachment.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #7 on: May 13, 2013, 03:36:39 PM »
Those logs doesn't looks so bad. We will run AntiRootkit Checking now.

Step#1


Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/

Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit

    Please note: This is a beta version so please be sure to read the disclaimer and note of it.

  • Unzip/unrar MBAR in a folder to your Desktop
  • Open the folder where the contents were unzipped to run mbar.exe

  • Click on Next > then on Update button to download fresh definitions.
  • When database updates click Next
  • In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"

  • If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
    Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.

  • The Clean up procedure will be Scheduled for process.
  • When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.


***********************


Step#2



Download TDSSKiller  and save it to your desktop

    Execute TDSSKiller.exe by doubleclicking on it.

  • Re-run TDSSKiller.exe and click on Change parametres.
  • Under Additional options check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Click on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and attach the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

daveshans

  • Guest
Re: Win32:Malware-gen
« Reply #8 on: May 13, 2013, 04:26:08 PM »
Done.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #9 on: May 13, 2013, 04:42:13 PM »
All looks just fine.

Quote
I downloaded the newest Avast a few days ago and now every time my computer boots I get a warning about a virus being moved to the chest. It's identified as Win32:Malware-gen.

Do you still getting these warnings?
If you do, can you tell us the exact name with path of detected file?


Also, could you go here:
C:\ProgramData\AVAST Software\Avast\report

...and attach here "BehaviorShield.txt" log

daveshans

  • Guest
Re: Win32:Malware-gen
« Reply #10 on: May 13, 2013, 06:15:09 PM »
No warning when I booted up just now.

The path was C:\Users\Dave\AppData\Local\Temp but the name was always different. The last few names were iefgtvgj.dll c4ygo0pm.dll ub4wuz1j.dll.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #11 on: May 13, 2013, 06:54:10 PM »
This is %temp% folders. CF is automated to deletes the contents of those folders.

It is necessary to uninstall ComboFix :
  • Click Start (or ) then Run.


    On Windows7 or Vista you may use Start Search field if Run is not available.

  • In the line of text type in (Copy) the following:
Code: [Select]
ComboFix /Uninstall
    Note that there is a space between " ComboFix " and " /Uninstall " .

    • then click OK (or press Enter ).
    Wait for the uninstall process is complete.



    We will keep other tools and let me know tomorrow how your computer running.

    daveshans

    • Guest
    Re: Win32:Malware-gen
    « Reply #12 on: May 13, 2013, 07:00:28 PM »
    Unnistalled, I'll let you know tomorrow. Thanks for the help.

    daveshans

    • Guest
    Re: Win32:Malware-gen
    « Reply #13 on: May 14, 2013, 01:28:50 PM »
    I've booted up a few times since yesterday without any issues.

    I assume I should change all my passwords just to be on the safe side.

    Offline magna86

    • Anti Malware Fighter
    • Avast Evangelist
    • Massive Poster
    • ***
    • Posts: 4235
      • Ambulanta MyCity Forum - ASAP Member
    Re: Win32:Malware-gen
    « Reply #14 on: May 14, 2013, 08:58:31 PM »
     :)  Will remove the used tools.

    Please download DelFix by "Xplode" to your Desktop.

    Run the tool and check the following boxes below;
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore

    Now click on "Run" button. Wait for the programme completes his work.

    Tool will create and open an log report (DelFix.txt)
    Note: The report will also be stored on C:\DelFix.txt


    > I don't need DelFix log report.



    *****************



    I recommended to keep Malwarebytes and to use MCShield if you will.
    You may download MCShield from one of the following links:

    MyCity -  Official download link
    Softpedija - Mirror download link

    It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
    And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.