Author Topic: Win 32 gen found need help  (Read 16342 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Win 32 gen found need help
« Reply #30 on: April 02, 2009, 02:32:35 PM »
Avast Alerts if I click on the file if im not trying to upload. I will check exclusions.
You need to exclude that files or avast will block the uploading.
The best things in life are free.

John2009

  • Guest
Re: Win 32 gen found need help
« Reply #31 on: April 02, 2009, 11:09:49 PM »
Im back and I found two more viruses in restore while I was at school, I will move those and exclude an scan with virus total.

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Win 32 gen found need help
« Reply #32 on: April 03, 2009, 03:49:58 AM »
It's somewhat safer to just turn off system restore until you know that your system is clean.  Then turn it back on and create a restore point.

You don't want the nasty files to return from system restore, so get rid of them for the time being...
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

John2009

  • Guest
Re: Win 32 gen found need help
« Reply #33 on: April 03, 2009, 04:06:36 AM »
Hey just did virus total, It is NOT a false positive. Most say Trojan.Agent

http://www.virustotal.com/analisis/79e7159a125329a0f5c8d956f6e7748b

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Win 32 gen found need help
« Reply #34 on: April 03, 2009, 05:33:51 AM »
Yuck... that doesn't look good. Get rid of that bugger!
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

John2009

  • Guest
Re: Win 32 gen found need help
« Reply #35 on: April 03, 2009, 02:17:47 PM »
Now we have discovered what haunts my system, How do I get rid of it?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Win 32 gen found need help
« Reply #36 on: April 03, 2009, 03:36:07 PM »
You never did answer this question from my first reply way back when and it forms the basis of any action required.

What action did you choose on detection, Move to Chest is safest option ?

If when avast detects it and you send it to the chest (we investigate, which we have done) and normally after a few weeks we scan it again within the chest and if still detected we delete it.

However, as a result of your investigation we have conclusive evidence (we have) that it is a good detection then we can delete it from the chest (and suspect folder) rather than wait a few weeks before doing so.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Win 32 gen found need help
« Reply #37 on: April 03, 2009, 03:49:05 PM »
Im back and I found two more viruses in restore while I was at school, I will move those and exclude an scan with virus total.

OK, if you haven't sent these to the chest, you should have done so, you should be getting into that habit now, and investigate. You don't say what the malware name was, so it leaves us guessing win32:trojan-gen ?

If as scythe944 suggested you could disable system restore, personally I'm against that being done too early as a) avast should be able to deal with malware in the system volume information, b) by disabling system restore you lose ALL restore points infected or otherwise, so it leaves no possibility of going back. I'm not a fan of system restore but it is better than nothing.

We also don't know if you have run SAS and MBAM from safe mode as you haven't said and there are no logs posted (these scans produce reports).

There have been many questions asked and some suggestions offered, but what we need most is answers from you as they help us to help you. We thrive on information and wither without it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

John2009

  • Guest
Re: Win 32 gen found need help
« Reply #38 on: April 03, 2009, 10:40:26 PM »
I moved ALL files to chest, I said It shows Trojan.Gen(virus total reports most Trojan.Agent/dwnldr.Link to report in prior post) Ihave Not run MBAM or SAS. Should I? Will it be able to remove it without damaging my system restore because its in there.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Win 32 gen found need help
« Reply #39 on: April 03, 2009, 11:26:24 PM »
Yes you should run them as if there an undetected or hidden file that is causing the trojans if they keep generating then that process has to be found.

We wouldn't suggest something if it were going to damage anything or we would comment on the possible negative aspect/s. Like my comment about not disabling system restore as you would loose the good restore points.

As I said in my previous post "a) avast should be able to deal with malware in the system volume information," so ne comment or reservation.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

John2009

  • Guest
Re: Win 32 gen found need help
« Reply #40 on: April 04, 2009, 12:36:29 AM »
In safe mode or not
How do I fix the system restore?

John2009

  • Guest
Re: Win 32 gen found need help
« Reply #41 on: April 04, 2009, 01:23:05 AM »
Malware Bytes isnt too happy...


Malwarebytes' Anti-Malware 1.35
Database version: 1938
Windows 5.1.2600 Service Pack 3

4/3/2009 7:20:49 PM
mbam-log-2009-04-03 (19-20-43).txt

Scan type: Quick Scan
Objects scanned: 77089
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.

Trojan.Agent spotted

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Win 32 gen found need help
« Reply #42 on: April 04, 2009, 01:23:22 AM »
Preferably in safe mode.

If you moved the infected files found in the system volume information folder to the chest, you have nothing to fix.

System Restore isn't broken, it is functioning as it should.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

John2009

  • Guest
Re: Win 32 gen found need help
« Reply #43 on: April 04, 2009, 01:25:49 AM »
That was not in safe mode, But I dont know how to quarintine on MBAM. Will safe mode reveal more things to MBAM?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: Win 32 gen found need help
« Reply #44 on: April 04, 2009, 01:39:16 AM »
OK, on the MBAM log.

See if you can find this file h@tkeysh@@k.dll in the system32 folder, if you can, manually copy it to the avast chest, I want you to send it to avast (see #### below for instructions), before running MBAM again as you didn't select any action and we want to remove the stuff found. See below ~~~~

####
Add the file to the User Files (File, Add) section of the avast chest where it can do no harm (see image1) and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove using MBAM.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

~~~~
Run MBAM again in normal mode first as you started that way.
Run MBAM and this time when the scan is complete,all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed, see image2.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security