Author Topic: Explorer.exe INFECTED win32:malware.gen  (Read 37302 times)

0 Members and 1 Guest are viewing this topic.

YoKenny

  • Guest
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #30 on: December 09, 2009, 01:24:07 AM »
Windows XP Service Pack 3 has been available for over a year and provides many Critical Updates plus performance improvements.

You need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don't automatically download or install them.

IE8 is more secure than IE6 and has a lot better performance:
http://www.microsoft.com/windows/Internet-explorer/default.aspx

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #31 on: December 09, 2009, 04:49:41 AM »
Hi Bradj,

Looks good. Don't worry about the file MBAM deected, it was a legitamate tool we downloaded, MBAM was just complaining about it's location.

Kaspersky detected a quarintined file and an old system Restore point that will be romoved when we clean up the tools.

First we need to restore a file mistakenly removed so I will need to see this file

C:\Qoobox\ComboFix-quarantined-files.txt

Thanks

BradJ

  • Guest
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #32 on: December 09, 2009, 05:35:53 AM »
Hi, heres the file

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #33 on: December 09, 2009, 06:20:42 AM »
Hi Bradj,


Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.

  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
Code: [Select]
DEQUARANTINE::
C:\Qoobox\Quarantine\c\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll.vir

Quit::


In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close  all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Only a DeQuarantine.txt will be produced, please post it's contents.

Everything OK?

Thanks

BradJ

  • Guest
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #34 on: December 09, 2009, 08:41:51 AM »
Hi, yes everything has been ok.

C:\Qoobox\Quarantine\c\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll.vir -> c:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll ( 704512 bytes )

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #35 on: December 09, 2009, 02:38:52 PM »
Hi Bradj,

If no other problems, we can clean up our tools.

From your desktop, please delete
    , if present
  • any notepads/logs that we created
  • Win32kDiag.exe
  • GMER.zip
  • GMER.exe

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /uninstall

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep MBAM updated and use it regularly.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have an antivirus program and an on demand antispyware program.

I suggest you use an antispyware program with resident (real time) scanning. You could enable Spybot's TeaTimer.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)

You should also use Spyware Blaster to help immunize your computer.

 - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.
 
OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.

- Keep your antivirus program updated, as well as any other security programs you have.

- You may also want to read this article By Tony Klein
http://www.freedomlist.com/forum/viewtopic.php?t=22879

Take care

BradJ

  • Guest
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #36 on: December 09, 2009, 08:15:10 PM »
Thanks for everything.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #37 on: December 10, 2009, 02:22:16 AM »
Hi Bradj,

You are welcome, glad I could b of help.

JanAchik123

  • Guest
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #38 on: December 10, 2009, 09:45:45 PM »
There is a explorer.exe infection and to get rid of it, you need to get a fresh explorer.exe from a different pc, or run the sfc file checker.
Sfc: Insert your operating system disk (Windows XP, Vista, 7 etc), then Start>Run>type cmd>type sfc /scannow and it will scan and repair missing/corrupted windows files.

BradJ

  • Guest
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #39 on: December 10, 2009, 10:46:38 PM »
I think my issues have been dealt with well beyond this point but thanks though.  I also do not believe explorer.exe was infected but that it was somehow hooked by the malware / trojan.
« Last Edit: December 10, 2009, 10:48:51 PM by BradJ »

cakedoer2

  • Guest
Re: Explorer.exe INFECTED win32:malware.gen
« Reply #40 on: January 02, 2010, 11:40:48 PM »
Hey, BradJ, make sure you get an install CD in the near future. It will be very useful when you deal with these kinds of situations.

Cheers and a happy new year.