Author Topic: Malware-Gen infection  (Read 2426 times)

0 Members and 1 Guest are viewing this topic.

bwb

  • Guest
Malware-Gen infection
« on: August 25, 2013, 09:02:15 PM »
Hi,

I was infected with Malware-Gen yesterday after clicking an exe I shouldn't have. Machine is Windows 8. After realizing what I did, within 20 seconds or so, I hard shutoff the machine + disconnected it from the internet before turning it back on.

I briefly reconnected internet to download AVAST and scanned the drive, which identified Malware-Gen in an Application Data/ folder. I then followed some of the online guides off my iPad: TDSSKILLER (didn't find anything), Combofix (found a couple registry entries and a C:\Install.exe), Malwarebytes Anti-Malware (didn't find anything), RogueKiller (a couple registry and tcp/ip entries), HitmanPro (didn't find anything), Emsioft Emergeny Kit (nothing), Eset Online Scanner (nothing), AdwCleaner (nothing). I've also rerun Avast, Malwarebyes, and Windows Defender through full scans without finding anything, so I don't think the trojan got too far.

I did generate an OTL log (attached). Greatly appreciated if someone could see if it looks clean.

Side note: CREATERESTOREPOINT was run in OTL, but I didn't see the restore point in the windows system restore points. Is this a different restore point and, if so, how do I delete it?

Thanks!

[Edit: Removing log file attachment since issues resolved]
« Last Edit: August 26, 2013, 07:21:06 PM by bwb »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware-Gen infection
« Reply #1 on: August 25, 2013, 11:19:11 PM »
Nothing apparent there, how is the computer behaving ?

bwb

  • Guest
Re: Malware-Gen infection
« Reply #2 on: August 25, 2013, 11:53:07 PM »
Nothing out-of-the-ordinary that I can tell, even right after double clicking the exe yesterday. Hopefully I caught it early enough before it fully rooted... I did not notice any .dll affected in the earlier tool logs either. Admittedly, I'm a little surprised Windows Defender or UAC didn't complain at any point. For reference, I mostly followed http://malwaretips.com/blogs/remove-win32malware-gen/.

Should I be running "Cleanup" in OTL before deleting otl.exe?

Thanks again! I was reading through some of your earlier posts for others while I was cleaning things yesterday, and they were very helpful.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware-Gen infection
« Reply #3 on: August 26, 2013, 11:43:13 AM »
That link is a bit of an overkill for what is usually a bundled software problem.  However, it does confirm a squeaky clean system :)

To remove OTL and its associated folders run it and press the cleanup button.  This should also remove combofix

bwb

  • Guest
Re: Malware-Gen infection
« Reply #4 on: August 26, 2013, 07:40:44 PM »
Maybe I spoke too soon- Hitman Pro detected something today (Gen.Trojan.Heur!IK). Log attached. Though, maybe a false positive? Time coincides with when I ran AdwCleaner.
« Last Edit: August 26, 2013, 07:44:19 PM by bwb »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware-Gen infection
« Reply #5 on: August 26, 2013, 07:45:26 PM »
Yep that has locked onto AdwCleaner and is a false positive

bwb

  • Guest
Re: Malware-Gen infection
« Reply #6 on: August 26, 2013, 07:46:43 PM »
Yep that has locked onto AdwCleaner and is a false positive

Cool, thanks again!