Author Topic: Win32 malware help  (Read 2267 times)

0 Members and 1 Guest are viewing this topic.

Offline jajabar

  • Newbie
  • *
  • Posts: 1
Win32 malware help
« on: December 06, 2009, 06:10:34 AM »
Hi guys.i am a newbie.i have a Win32:Malware-gen and can't seem to get rid of it...no matter what i try..avast keeps sending me warnings but despite taking the recommended actions,the virus is still in my temp files.the file name is C:\Windows\Temp\qfog.tmp\svchost.exe.The Avast warnings keep popping up but its not deleting the file.A full scan by McAfee doesnt detect anything.Please help
« Last Edit: December 06, 2009, 06:12:13 AM by jajabar »

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: Win32 malware help
« Reply #1 on: December 06, 2009, 07:31:38 AM »
Step 1: Windows Disk Cleanup Utility ============

1   Press Windows Key + R
2   Type in: cleanmgr
3   Put a check beside: Temporary Internet Files and Temporary Files. Optionally, you may check other options too
4   Click OK

Step 2: avast! Boot Time Scan ============

1   Double click avast! antivirus desktop icon and wait for memory test to complete
2   avast GUI will appear. Right click anywhere on avast!'s window and select Schedule Boot Time Scan...
3   Click Advanced options and select Move infected file to Chest on the first dropdown list and leave the other one as it was. Click Schedule
4   You will be asked for a system restart. Click Yes to do it now or No to let avast wait for you to manually restart your PC
        NOTE: Optionally, you may enable scanning of archive files. If it is enabled, scanning would be more thorough but would take more time

Step 3: Malwarebytes Antimalware (MBAM) ============

1   Download Malwarebyes' Antimalware here
2   Proceed to installing MBAM after downloading
3   On the last dialog box, do not forget to leave Update Malwarebytes' Antimalware and Run Malwarebytes' Antimalware checked
4   Malwabytes' Antimalware GUI would appear, from there select Perform Quick Scan and click Scan
5   When scan is completed, click Show Results
6   Click Remove Selected and then, a notepad file will appear.
7   On the notepad window, click File > Save As and save it on your desktop. You may now close MBAM.

Step 4: Root Repeal (RR) ============

1   Download RootRepeal here
2   Double click RootRepeal.exe to open RootRepeal GUI
3   Click on the Report tab at the bottom then click the Scan button
4   A dialog box will appear. Put a check beside:
  • Drivers
  • Processes
  • SSDT
  • Hidden Services
5   Click the OK button. A dialog box may appear,  select all drives showing
6   Click OK to start the scan
7   A notepad text will appear. On the notepad window, click File>Save as.. and save it on your desktop.
8   Go back here on your topic and start a reply. On the Reply window, click Additional Options
9   Attach the two .txt files that we created and saved on your desktop (click more attachments to have more slots for attaching files)
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

Offline Rusty Dave

  • Newbie
  • *
  • Posts: 1
Re: Win32 malware help
« Reply #2 on: December 07, 2009, 09:07:46 AM »
Great response - did it solve the problem?

Offline sitysit

  • Newbie
  • *
  • Posts: 1
Re: Win32 malware help
« Reply #3 on: December 07, 2009, 10:23:07 AM »
Got the same problem with Win32:Malware-gen
Infected file is windows/system32/ctfmon.exe

I'm not sure it infected. Virus total show 5 warnings from 40 tests. File was tested by other antivirus programs, there are no any problems.
I see many people got the same notification from avast, but other files are infected.
Is  this new false alarm?
« Last Edit: December 07, 2009, 10:24:40 AM by sitysit »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 82687
  • No support PMs thanks
Re: Win32 malware help
« Reply #4 on: December 07, 2009, 04:23:16 PM »
It would have been helpful to have posted the URL of the VT results page.

avast doesn't alert on my copy of ctfmon, see image, on XP Pro SP3 - what is your OS version ?

What is your VPS version (current version 091207-0 and the one I scanned with) ?
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro