Author Topic: Win32-Malware-gen --> Unable to remove this malware  (Read 72626 times)

Offline sethuaug08

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Win32-Malware-gen --> Unable to remove this malware
« on: December 03, 2009, 06:17:43 AM »
Hi Support Team,

I am using Avast Home Edition , My Virus database has been updated till date, but am keep getting the message that avast has detected a "Win32-Malware-gen" Virus/worm , it says recommended option to " Move to Chest " ,i tried to move it, but i keep getting this message various number of times , which is frustrating, And i tried with " delete " and  " repair " option as well, which results the same.

Is that mean that avast is unable to delete that virus ? or please advise .

I would be happy if you guys can help me out to resolve this problem permanently.

Anyone who would like to help me can email me @ sethuaug08@gmail.com

Thanks for all your help in advance.

Regards,
Sethu
« Last Edit: December 03, 2009, 06:22:14 AM by sethuaug08 »

Offline hpguru

  • Full Member
  • ***
  • Posts: 186
  • Gender: Male
    • Hpguru.net
    • Personal Message (Offline)
Re: Win32-Malware-gen --> Unable to remove this malware
« Reply #1 on: December 06, 2009, 02:05:08 PM »
Is your problem resolved by email?
AMD Phenom 8550 X3, 8GB DDR2, 1000GB & 640GB HDD, ATI Radeon HD 4650 (1GB), Acer X223W CRT, Windows Vista Home Premium 64-bit with Avast 5 Free, Windows Defender, Firefox & WOT.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Win32-Malware-gen --> Unable to remove this malware
« Reply #2 on: December 06, 2009, 02:07:03 PM »
What is the file name and location ?

Offline richdebc

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Win32-Malware-gen --> Unable to remove this malware
« Reply #3 on: December 06, 2009, 03:08:00 PM »
I've just found exactly the same problem, and would love to know what to do about it! Don't want to hijack the thread, but my file is C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\01b6201019.exe - there's also a dll with the same name there.

Cheers.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Win32-Malware-gen --> Unable to remove this malware
« Reply #4 on: December 06, 2009, 05:57:42 PM »
@richdebc

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Offline BradJ

  • Jr. Member
  • **
  • Posts: 25
    • Personal Message (Offline)
Re: Win32-Malware-gen --> Unable to remove this malware
« Reply #5 on: December 07, 2009, 11:03:35 AM »
Does it seem like a similar problem I have been having here:

http://forum.avast.com/index.php?topic=51859.0

Offline richdebc

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Win32-Malware-gen --> Unable to remove this malware
« Reply #6 on: December 07, 2009, 06:39:05 PM »
Thanks Essexboy. MBAM kept crashing, including after I reinstalled it, but once I got as far as telling it to remove the 17 problems it found before it crashed.

After that I ran a Boot-time scan using Avast! which found a whole host of infected files. I moved them all to the chest except explorer.exe which it wouldn't move. Now there's no sign of the virus - I can't figure out if it's actually gone though, since explorer wasn't dealt with? A jotti scan of explorer.exe found nothing, and the computer seems to be working fine.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Win32-Malware-gen --> Unable to remove this malware
« Reply #7 on: December 07, 2009, 07:34:51 PM »
@richdebc  Explorer was probably hooked by the malware but not infected

Do you have the MBAM log to see what was there and whether it needs a deeper look

@BradJ Looking now

Offline richdebc

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: Win32-Malware-gen --> Unable to remove this malware
« Reply #8 on: December 07, 2009, 08:06:45 PM »
This is the log... It missed the exe Avast found as I think it was moved to the chest at the time, but found the dll with the same file name (01b620101).

Cheers.
« Last Edit: December 07, 2009, 08:09:13 PM by richdebc »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Win32-Malware-gen --> Unable to remove this malware
« Reply #9 on: December 07, 2009, 08:19:39 PM »
msqpdxserv.sys  This is a member of the TDSS family so it may be worth doing a deeper scan if you want

If you want a deeper scan

To ensure that I get all the information this log will need to uploaded to Mediafire and post the sharing link.

Download OTS  to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
    • Under custom scans copy and paste the following
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      /md5stop
      %systemroot%\*. /mp /s
      c:\$recycle.bin\*.* /s
      CREATERESTOREPOINT
      [/list]
      • Now click the Run Scan button on the toolbar.
      • Let it run unhindered until it finishes.
      • When the scan is complete Notepad will open with the report file loaded in it.
      • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

      Offline richdebc

      • Newbie
      • *
      • Posts: 6
        • Personal Message (Offline)
      Re: Win32-Malware-gen --> Unable to remove this malware
      « Reply #10 on: December 08, 2009, 07:53:48 PM »
      OTS seems very thorough! Here's the log: http://www.mediafire.com/?woxiinhztte

      Offline essexboy

      • avast! Überevangelist
      • Maybe Bot
      • *****
      • Posts: 28953
      • Gender: Male
      • Dragons by Sasha
        • Malware fixes
        • Personal Message (Offline)
      Re: Win32-Malware-gen --> Unable to remove this malware
      « Reply #11 on: December 08, 2009, 08:18:00 PM »
      Aye 'tis a thorough log - so far I can see one downloader plus a few of its mates

      Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

      Code: [Select]
      [Unregister Dlls]
      [Registry - Safe List]
      < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1004336348-879983540-725345543-500\] > ->
      YN -> HKEY_USERS\S-1-5-21-1004336348-879983540-725345543-500\: SearchURL\\"provider" -> gogl
      < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      YN -> "rundll32.exe" -> []
      < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      YN -> "rundll32.exe" -> []
      [Files/Folders - Modified Within 30 Days]
      NY ->  leocfucb.job -> C:\WINDOWS.0\tasks\leocfucb.job
      NY ->  sdfinacs.dll -> C:\WINDOWS.0\sdfinacs.dll
      [File - Lop Check]
      NY ->  com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1 -> C:\Documents and Settings\Administrator\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
      [Custom Scans]
      YY ->  setuplog.exe -> C:\setuplog.exe
      YY ->  WHAT.EXE -> C:\WHAT.EXE
      NY ->  1 C:\*.tmp files -> C:\*.tmp
      [Empty Temp Folders]


      The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

      I will review the information when it comes back in.

      Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.


      Offline richdebc

      • Newbie
      • *
      • Posts: 6
        • Personal Message (Offline)
      Re: Win32-Malware-gen --> Unable to remove this malware
      « Reply #12 on: December 08, 2009, 09:01:43 PM »
      Fix log: http://www.mediafire.com/?zm41mowzgod
      OTS log after fix: http://www.mediafire.com/?tcizyjinvb2

      Not seen any problems since running the avast boot scan...

      Offline essexboy

      • avast! Überevangelist
      • Maybe Bot
      • *****
      • Posts: 28953
      • Gender: Male
      • Dragons by Sasha
        • Malware fixes
        • Personal Message (Offline)
      Re: Win32-Malware-gen --> Unable to remove this malware
      « Reply #13 on: December 08, 2009, 09:13:26 PM »
      That looks good

      Run OTS and hit the cleanup button.  It will remove all the programmes we have used plus itself.

      Offline richdebc

      • Newbie
      • *
      • Posts: 6
        • Personal Message (Offline)
      Re: Win32-Malware-gen --> Unable to remove this malware
      « Reply #14 on: December 09, 2009, 06:56:17 PM »
      Brilliant! Thanks so much for your help!

       

      Google Chrome

      AVAST recommends using the FREE Google Chrome™ browser.

      Download Google Chrome Now