Author Topic: avast showing WIN 32: MALWARE GEN infection,not able to delete it  (Read 30452 times)

0 Members and 1 Guest are viewing this topic.

Offline qrius2noall

  • Jr. Member
  • **
  • Posts: 39
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #30 on: March 05, 2010, 11:19:21 PM »
part-2

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 21:54 . 2004-08-03 19:56   1169920   ----a-w-   c:\windows\system32\ole32.dll
2010-03-05 21:53 . 2010-02-23 00:59   --------   d-----w-   c:\documents and settings\Daksh\Application Data\uTorrent
2010-03-05 11:26 . 2009-04-16 20:43   84632   ------w-   c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\UrlRule.dll
2010-03-05 11:26 . 2009-04-16 20:43   125592   ------w-   c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\SecScan.dll
2010-03-05 11:26 . 2009-04-16 20:43   92824   ------w-   c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\SecEx.dll
2010-03-05 11:26 . 2009-04-16 20:43   424560   ------w-   c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\runiep.dll
2010-03-05 11:26 . 2009-04-16 20:43   207512   ------w-   c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\rsdialog.dll
2010-03-05 11:26 . 2009-04-16 20:43   215704   ------w-   c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\pweb.dll
2010-03-05 11:26 . 2009-04-16 20:43   744088   ------w-   c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\ptools.dll
2010-03-05 11:26 . 2009-04-16 20:43   809624   ------w-   c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\pscan.dll
2010-03-05 11:25 . 2009-04-16 20:43   297584   ------w-   c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\KakaMgr.dll
2010-03-05 09:09 . 2010-02-23 00:14   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-03-04 23:34 . 2010-02-23 03:59   12328   ----a-w-   c:\documents and settings\Daksh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 23:21 . 2010-02-22 22:35   22748   ----a-w-   c:\windows\system32\emptyregdb.dat
2010-02-25 06:48 . 2010-02-22 22:38   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-23 11:13 . 2010-02-23 11:13   32768   ----a-w-   c:\windows\Help\ItzilzIm.dll
2010-02-23 03:44 . 2010-02-23 03:44   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-02-23 03:43 . 2010-02-23 03:43   --------   d-----w-   c:\program files\C-Media 3D Audio
2010-02-23 02:23 . 2010-02-23 02:23   --------   d-----w-   c:\documents and settings\Daksh\Application Data\SUPERAntiSpyware.com
2010-02-23 02:23 . 2010-02-23 02:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-23 00:14 . 2010-02-23 00:14   10134   ----a-r-   c:\documents and settings\Daksh\Application Data\Microsoft\Installer\{4C933A3B-6201-4C90-AB28-598561131C06}\_05672270EB30CCA6FD3838.exe
2010-02-23 00:14 . 2010-02-23 00:14   16958   ----a-r-   c:\documents and settings\Daksh\Application Data\Microsoft\Installer\{4C933A3B-6201-4C90-AB28-598561131C06}\_8C792585F69A42291AD1A1.exe
2010-02-23 00:14 . 2010-02-23 00:14   16958   ----a-r-   c:\documents and settings\Daksh\Application Data\Microsoft\Installer\{4C933A3B-6201-4C90-AB28-598561131C06}\_6FEFF9B68218417F98F549.exe
2010-02-23 00:14 . 2010-02-23 00:14   16958   ----a-r-   c:\documents and settings\Daksh\Application Data\Microsoft\Installer\{4C933A3B-6201-4C90-AB28-598561131C06}\_15D66DCE894BB3F91E0E6F.exe
2010-02-22 23:50 . 2010-02-22 23:50   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-02-22 23:50 . 2010-02-22 23:50   --------   d-----w-   c:\program files\Java
2010-02-22 23:50 . 2010-02-22 23:50   152576   ----a-w-   c:\documents and settings\Daksh\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-02-22 22:54 . 2010-02-22 22:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-22 22:39 . 2010-02-22 22:39   --------   d-----w-   c:\program files\microsoft frontpage
.

(((((((((((((((((((((((((((((   SnapShot@2010-03-05_20.23.18   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-05 21:34 . 2010-03-05 19:39   16384              c:\windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"avast5"="e:\useful~1\ANTIVI~2\avastUI.exe" [2010-02-11 2756488]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\ACTIVE DOWNLOADS\\uTORRENTS\\uTorrent.exe"=
"c:\\ODIN\\Diet\\DietOdin.exe"=
"e:\\TEST DOWNLOADS\\ANTI VIRUS MALWARE-REMOVEIT-\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/5/2010 5:33 AM 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/5/2010 5:33 AM 19024]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\12.tmp --> c:\windows\system32\12.tmp [?]
S3 SASENUM;SASENUM;

S3 SbieDrv;SbieDrv;e:\useful crucial utilities folder\SANDBOXIE\SbieDrv.sys [2/3/2010 4:10 PM 115432]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.freeware365.com/desktop/folderguide.htm
TCP: {66A4DF95-55B1-4AC1-9006-CE521313193D} = 202.56.215.6,202.56.230.6
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 03:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\12.tmp"
.
Completion time: 2010-03-06  03:41:59
ComboFix-quarantined-files.txt  2010-03-05 22:11
ComboFix2.txt  2010-03-05 22:05
ComboFix3.txt  2010-03-05 21:10
ComboFix4.txt  2010-03-05 20:24

Pre-Run: 37,327,380,480 bytes free
Post-Run: 37,317,783,552 bytes free

- - End Of File - - F80584E1358D41E7CF22694C9F13CC


Now it is not saying that ole32.dll is corrupt,So does it mean that trouble is nearly over ESSEXBOY or there are still miles to go

thks and cheers

q2na

Offline qrius2noall

  • Jr. Member
  • **
  • Posts: 39
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #31 on: March 05, 2010, 11:20:55 PM »
ok doing it now and will post

thks

q2na

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #32 on: March 05, 2010, 11:23:26 PM »
Quote
Now it is not saying that ole32.dll is corrupt,So does it mean that trouble is nearly over ESSEXBOY or there are still Smiles to go

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..Run OTL/S and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done
SPRING CLEAN
 
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
THEN

Download Flush Flash from Here and follow the easy to use instructions on the same page

NEXT

Download and run Puran Disc Defragmenter


Offline qrius2noall

  • Jr. Member
  • **
  • Posts: 39
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #33 on: March 05, 2010, 11:40:56 PM »
Thanks A Lot ESSEXBOY

The quick scan has come out clean,though it says some of the files couldnot be scanned.

In the scan log it mentions about the moved file

c:\_OTS\Moved Files\C_WINDOWS\winstar.bat

error:file is offline.it is currently not available(42006)

So I will do the followup action as kindly suggested by you,step by step,now that the biggest headache is over ,but as they say  IT AIN'T OVER UNTILL ITS OVER SO
on to next clean up,

I will keep you informed abou the progress and i have some followup questions which I hope you will kindly help me with

Thanks a million

Q2na

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #34 on: March 06, 2010, 12:00:04 AM »
No problem, I will be offline soon but back tomorrow

Offline qrius2noall

  • Jr. Member
  • **
  • Posts: 39
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #35 on: March 06, 2010, 12:09:55 AM »
HI ESSEXBOY

Avast has gone nuts again as soon as I started the app CCLEANER,with the same notification about win32:malware-gen infection and file has been moved to chest

Apparently it is a bigger problem than it looks right now

It is same as yesterday,whenever iam starting Ccleaner or utorrent or statbar ,AVAST starts giving threat notices although all these apps  and the rest of PC seems to be working ok(no Major crashes or task manager problems or unwarranted CPU usage),so what do you reckon  ?  may be observe it some more or start the cleaning process once again or deleting the flagged utilities and reinstalling these again canbe helpful-in fact I use the portable version of CCLEANER so it is not even installed in registry

Waiting for your sage advice once again

Q2NA

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #36 on: March 06, 2010, 01:36:51 PM »
Dare I ask are these cracked programmes downloaded using P2P ?

Quote
Ccleaner or utorrent or statbar
Delete these programmes completely and re-install fresh copies - they may have residue renv infections

Let me know if that helps

Once you have deleted the said programmes - re-run MBAM and post the log

Offline qrius2noall

  • Jr. Member
  • **
  • Posts: 39
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #37 on: March 06, 2010, 04:02:06 PM »
Hi ESSEXBOY

These apps have been downloaded from original sites(all these are popular freeware,easily available from there original sites from download,so no point in getting these from any other site-cracked or otherwise)

Anyway,This Morning  ALL  HELL SEEMED TO HAVE BROKEN LOOSE-upon booting pc ,IT took extralong boottime with desktop having no taskbar and windows though workable,not being fully functional so the only alternative workable seemed to be -DO REPAIR REINSTALL of WIN XP,which I could  and did,but troubles with AVAST started as usual-surely a pitiable state of affairs.

I had posted this problem in another site also,ther people suggested using rootkit scanners/killers ,but sadly nothing came out of rootkit scanners so nothing to kill.
Lastly A utility called HITMAN PRO seemed to have caught one trojan in Utorrent
file ,so after quarentining it and a reboot,every thing seems to be working ok so far.

I have since then discarded all Utorrent ,CCLEANER files from system,obtained Fresh setups from original sites,and installed these once again.Upon Start of these ,so far there are no warnings from AVAST and quick scan seems to be clean,Except warning that winstart.bat file (we moved yesterday with OTS is in RECYCLERS) cannot be scanned being offline,so I have since then stopped SYSTEM RESTORE fron working

I just wanted to know how to remove/delete files in RECYCLERS?W'd these be automatically removed upon creation of new restore point or not?If not then I better
leave SYSTEM RESTORE STOPPED for couple of days more-As I Certainly won't like to start this whole sad story to start once again

SO AT THE TIME OF POSTING THESE,everything seems to be working ok(keeping fingers crossed though) and before we close this post ,I will Inform YOU of the final state of affairs.....

Thanks a  lot once again

Q2NA

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #38 on: March 06, 2010, 04:51:49 PM »
I would recommend against turning off system restore as it is a usefull safety net - once turned off all restore points are deleted, so you can turn it back on again

I actually had someone who had a cracked version of MBAM

Quote
have since then discarded all Utorrent ,CCLEANER files from system,obtained Fresh setups from original sites,and installed these once again
Sensible as the one file I found yesterday with renv means there could have been other crippled versions which restarted once you ran the programmes that had the infection

The problem with my scanners is they only check 30 days back - so if the infection was older I would not have seen them

Could you run another OTS scan change the file age to 90 days and I will see if there are any others remaining.  It will be a big log though so will probably need to be uploaded to mediafire 

Offline qrius2noall

  • Jr. Member
  • **
  • Posts: 39
Re: avast showing WIN 32: MALWARE GEN infection,not able to delete it
« Reply #39 on: March 10, 2010, 09:30:49 PM »
Hi ESSEXBOY   

As i said im my earlier post,everything seems to have settled down to normal routine(last two days I hve been testing it extensively),So I guess we can safely close this post,if there is any fresh issue.i will give reference of this post also,and w'd post a fresh thread.

SO THANKS A LOT FOR COMING TO RESCUE AND EXTENDING A HELPING HAND.

Cheers

Q2NA