Author Topic: Win32:Malware-gen  (Read 46301 times)

0 Members and 1 Guest are viewing this topic.

daveshans

  • Guest
Re: Win32:Malware-gen
« Reply #15 on: May 14, 2013, 09:30:12 PM »
All done, thanks.

kaise1

  • Guest
Re: Win32:Malware-gen
« Reply #16 on: May 15, 2013, 02:33:19 PM »
here also many thanks magna86

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #17 on: May 15, 2013, 04:33:10 PM »

Sweeters

  • Guest
Win32:Malware-gen
« Reply #18 on: December 05, 2013, 06:51:00 PM »
Hello i found same name "Virus: i would like very much to delete it

any help C:\Users\admin\appdata\Local\temp\wz9196

names like Office 2010 toolkit 2.0.1.exe

thanks!

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #19 on: December 05, 2013, 07:20:26 PM »
This will "delete" your virus.


 Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
TFC Info:
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Sweeters

  • Guest
Re: Win32:Malware-gen
« Reply #20 on: December 05, 2013, 09:36:43 PM »
Hello And thanks for your reply

i did as you said and i run a new scan now
but the file is still in virus chest (should be there?)

Also do u know what could be that file ?

Thanks again!

Sweeters

  • Guest
Re: Win32:Malware-gen
« Reply #21 on: December 05, 2013, 10:10:03 PM »
Hm nice found different file in folder of downloads

name of the file is stream_api.dll :(

( i should wait and write both together)

i dont see the folder that avast gives me in my download folder :(

Can you please help me again ?

Aplogise for any inconvenience

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #22 on: December 06, 2013, 12:18:54 AM »
Hi,
Quote
i did as you said and i run a new scan now
but the file is still in virus chest (should be there?)
As it says this is virus chest. You don't have to worry about, nothing can escape from there.
Or...you can empty virus chest if you will.

Quote
Also do u know what could be that file ?
Nothing, location points to system %temp% folder where various program place its temporary files during installation or some running.
As there are malware that know to use %temp% as loading point avast know to flag this junk files. TFC cleans all temp files.


Quote
Can you please help me again ?
Of course, but I think you're not infected. If you wish check, run this:







Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Next...






Please download GMER, the RootKit Detector tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.
  • Wait for initial scan to finish - if there is any query, click No;
  • Click [ Scan ] button and wait until the full scan is complete;
  • Click [ Save ... ]- save the report to the Desktop (named ARK );

  • Then click the >>> button and select Autostart card;
  • Click [ Scan ] button;
  • After quick scan, click Copy button;
  • Open notepad and Paste text. Save report to the Desktop (named autostart )
> Attach here both Gmer logreports. (ARK.txt and autostart.txt)

Sweeters

  • Guest
Re: Win32:Malware-gen
« Reply #23 on: December 06, 2013, 01:58:05 AM »
"Of course, but I think you're not infected. If you wish check, run this"

wish no but yes i would like to do aaaand...

Here you are!

Thank you very much for your help!

P.S do you know any good links or books (yes there are still people who prefer paper than screen ) that i can learn more about internet/wifi/password security. this i would like to do is to build a secure pc!

or i want to become like you?

Thanks again
« Last Edit: December 06, 2013, 02:10:41 PM by Sweeters »

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #24 on: December 06, 2013, 01:59:10 PM »
Hi,

Do not be alarm on Gmer's Rootkit warnings, they are avast related driver.


Start > ControlPanel > remove the following:
BS Player ControlBar Toolbar for IE (x32 Version: 6.17.1.25)



Then...

note: this isn't malware, they are just adware leftovers (bad toolbar values) and we are removing them...




1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
Start
C:\Users\Antonis\AppData\Local\Conduit
C:\Program Files (x86)\BS_Player_ControlBar
C:\Users\Antonis\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
HKCU\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Antonis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {5666d534-3431-11e3-94fb-18a905caaa67} - H:\setup.exe
HKU\Lucienka\...\Policies\system: [LogonHoursAction] 2
HKU\Lucienka\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
URLSearchHook: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
URLSearchHook: HKCU - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
BHO-x32: BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} -  No File
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Antonis\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
Task: {032959A5-A6A7-42C6-9B35-0CBE8835FFA8} - System32\Tasks\BackgroundContainer Startup Task => C:\Users\Antonis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll [2013-10-15] (Conduit Ltd.) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6
AlternateDataStreams: C:\Users\Antonis\Cookies:cXgwAEbKFHTXn9yyVrBxxaDYF
AlternateDataStreams: C:\Users\Antonis\AppData\Local\EadHWeQGYJSi93:QRgnEnpqhFkalTfgHgtJk0Q0
CMD: ipconfig /all
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Sweeters

  • Guest
Re: Win32:Malware-gen
« Reply #25 on: December 06, 2013, 02:10:10 PM »
First step i did

but for the second i had second thoughts about it

Could you please explain me what will do ? was my question

please find attached the report

Thank you!
 
Friendly,
« Last Edit: December 06, 2013, 03:38:01 PM by Sweeters »

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #26 on: December 06, 2013, 03:30:07 PM »
Quote
P.S do you know any good links or books (yes there are still people who prefer paper than screen ) that i can learn more about internet/wifi/password security. this i would like to do is to build a secure pc!
Unfortunately, I do not have non a single link at hand.  :(

Quote
or i want to become like you?
If you wanna learn how to fight malware, I recommend next school with English based language:

http://www.techsupportforum.com/forums/
http://www.geekstogo.com/forum/
http://www.bleepingcomputer.com/forums/


My home forum also provide malware removal school but they are non-English language based.


Quote
Could you please explain me what will do ? was my question
This I do not understand. To do with what?


-------------------------


Fix went fine. How's your computer running now?

Sweeters

  • Guest
Re: Win32:Malware-gen
« Reply #27 on: December 06, 2013, 03:37:34 PM »
Hi and thanks for everything
Computer is running fine

but also before was fine just Avast found all these and i said to get rid of them

Many many thanks for everything
if everything was in balance i will be sure that all this "good" will come back to you, now i just hope so :)

Have a good day
Antonis

P.S i will take a look

« Last Edit: December 06, 2013, 03:39:05 PM by Sweeters »

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32:Malware-gen
« Reply #28 on: December 06, 2013, 03:41:57 PM »
 :)
You are malware free.   Posted logs are now appear cleans and show no signs of active infection.




Good workman always cleans up after himself.
The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



---    ---    ---    ---    ---    ---    ---    ---    ---    ---    ---


To help AntiVirus to protect your computer and speed it up, I recommend that you download, install and keep the following free programs:
1. Keep Malwarebytes Anti-Malware, update it regularly or from time to time and run a Quick Scan weekly.
Malwarebytes will detect and remove all traces of known malware. MBAM isn't AntiVirus and it can NOT replace it.

2. Keep MCShield Anti-Malware, the tool will be updated regularly and perform auto-checking for malware to each attached USB memory device.
MCShield, has been designed as a lightweight scanner that's smart enough to catch even new worms and work in fully automatic removal mode.

3. It’s recommended to delete Temporary Files every once in a while. Run the tool and click on the Start button and TFC will begin to clean. Then restart the computer.
Temp File Cleaner aka TFC by OldTimer
TFC is small & usefull utility that shall clean up temp files from all userprofiles and system folders.


---      ---      ---      ---      ---      ---      ---      ---      ---      ---      ---


How to protect yourself?
-  I recommend that you use one of the fantastic opportunities provided by avast! 2014.

1. Adjust avast! to target PUP software:
Run avast! 2014 by clicking the system tray icon in the lower right corner of the screen.
Click on Settings, in the new window that opens, click on Active Protection, then under File System Shield click on gear wheel...
Under Sensitivity part of option check box for Scan for potentialy unwanted programs PUP.


2. avast! Software Updater. Run avast!, click on Tools > Software Updater.
For security reasons, make sure you do update your browser(s), Java, Flash Player, and basically every software you use often.

3. avast! Browser Cleanup.  Run avast!, click on Tools > BrowserCleanup.
Browser Cleanup tool is an integrated tool in avast! AV that allows you the control on browsers unwanted addons.

4. avast! Malware Scan. Run avast!, click on Scan and preform QuickScan by clicking on Start button.
Every once in a whilere, it's recommended to preform virus scan with avast! 2014.

Windows Updates, beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
Widnows XP; Windows Vista; Windows 7 and Windows 8