Win:32Malware-gen

[Erixx]

Hello. First preview of the possible errors of interpretation but it will turn the text.

Operating system: Windows XP

Avast! 5 Anti-Virus Win32: Malware-gen found in the following location:

Important files:

C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ dllcache \ lsass.exe

Less important:

C: ** Username ** \ Temp \ avast_4 (so avast4 Avast5 before because it was above, but it also detected the virus avast4)

C: \ Systemvolumeinformation \ a pair of exe file

Search, detect the infected file is C: \ WINDOWS \ system32 \ lsass.exe improved but I do not know trouble code 32

C: \ WINDOWS \ system32 \ dllcache \ lsass.exe this file into quarantine, but I think I can put the necessary files
The other files are placed in quarantine.

virustotal.com checked the file C: \ WINDOWS \ system32 \ lsass.exe but Avast4 Avast5 and it has an anti-virus as infected.

But if this is C: \ WINDOWS \ system32 \ lsass.exe file in the right-mouse button click is slow to come into the other options are also well.

Boot-time search, I can not repair the file system.

All right how could I be on my system.

Any help appreciated.

[Pondus]

Have you tried?

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here

[Erixx]

All right, but this anti malware programs can improve the picture?? Just because you do not want to delete system files.

[YoKenny]

Do you have Windows XP SP3

[Erixx]

No, this is a 5-year system is full of family values is not much I would like to re-install.

[YoKenny]

Best you learn about Backup:
http://en.wikipedia.org/wiki/Backup

If you don't have XP SP3 then the system is totally vulnerable to MANY infections! :'(

[Erixx]

And I know that it is not blind to this alarm, I saw you asked about the board that this is true or false, because only virusotal.com avast! antivirus it still continued to indicate that the virus.

[Erixx]

Have you tried?

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here

Here is the malwarebytes log you requested:

Malwarebytes' Anti-Malware 1:46
www.malwarebytes.org

Database Version: 4457

Windows 05/01/2600
Internet Explorer 6.0.2600.0000

21/08/2010. 21:07:58
mbam-log-2010-08-21 (21-07-58). txt

Scan type: Quick Scan
Objects scanned: 131854
Elapsed time: 11 minutes, 6 seconds

Memory Processes Infected: 0
Memory Modules Infected: 0
Infected registry keys: 0
Registry Values Infected: 0
Infected registry data elements: 0
Folders Infected: 0
Infected files: 0

Memory Processes Infected:
(No malicious items found)

Memory Modules Infected:
(No malicious items found)

Infected registry keys:
(No malicious items found)

Infected Registry Values:
(No malicious items found)

Infected registry data elements:
(No malicious items found)

Folders Infected:
(No malicious items found)

Infected files:
(No malicious items found)

In addition, he did have a full investigation into the watched folder where systemvoluminformation but avast did not find anything alarming.

Where avast alerts systemvolumeinformationba also tested the exe VirusTotal but the 3 is the same as the alarm anti-virus lsass.exe file.

In short, malwarebytes found nothing, only 2 log file is an older virus which has left behind.

This was the 2 files:

Infected files:

C: \ Documents and Settings \ user \ Application Data \ avdrn.dat (Malware.Trace) -> Quarantine and deleted successfully.
C: \ Documents and Settings \ user \ Application Data \ wiaserva.log (Malware.Trace) -> Quarantine and deleted successfully.

So then this false alarm??

Here is the VirusTotal log file lsass.exe from:


Update Antivirus Version Last Result

AhnLab-V3 2010.08.22.00 08/21/2010 -

AntiVir 8.2.4.38 20.08.2010 -

Antiy AVL 2.0.3.7 08.16.2010 -

Authentium 5.2.0.5 08.21.2010 -

08/21/2010 Avast 4.8.1351.0 Win32: Malware-gen

Avast5 5.0.332.0 08.21.2010 Win32: Malware-gen

AVG 9.0.0.851 08.21.2010 -

BitDefender 7.2 08.21.2010 -

CAT-QuickHeal 08/21/2010 11:00 -

ClamAV git-0.96.2.0 21.08.2010 -

Comodo 5805 08/21/2010 -

DrWeb 5.0.2.03300 21.08.2010 -

Emsisoft 5.0.0.37 21.08.2010 -

eSafe 7.0.17.0 19.08.2010 -

eTrust-Vet 36.1.7804 21.08.2010 -

F-Prot 4.6.1.107 08.21.2010 -

F-Secure 9.0.15370.0 21.08.2010 -

Fortinet 4.1.143.0 08.21.2010 -

GData 21 08.21.2010 Win32: Malware-gen

Ikarus T3.1.1.88.0 08/21/2010 -

Jiangmin 13.0.900 08/21/2010 -

Kaspersky 7.0.0.125 08.21.2010 -

McAfee 5.400.0.1158 08/21/2010 -

McAfee, GW 2010.1B Edition 08/21/2010 -

Microsoft 1.6103 08.21.2010 -

NOD32 5384 08/21/2010 -

8/21/2010 6:05:11 Norman -

nProtect 2010-08-21.01 08/21/2010 -

Panda 10.0.2.7 08/21/2010 -

PCTools 7.0.3.5 08.21.2010 -

Prevx 3.0 08/21/2010 -

Rising 22.61.04.04 20/08/2010 -

Sophos 4.56.0 08.21.2010 -

Sunbelt 6771 21/08/2010 -

SUPERAntiSpyware 4.40.0.1006 08/21/2010 -

Symantec 20101.1.1.7 21/08/2010 -

TheHacker 6.5.2.1.352 08/20/2010 -

TrendMicro 9.120.0.1004 21/08/2010 -

TrendMicro HouseCall-9.120.0.1004 08/21/2010 -

VBA32 3.12.14.0 08/20/2010 -

ViRobot 2010.8.18.3995 08/21/2010 -

VirusBuster 5.0.27.0 08.21.2010 -

MD5: 9aad6a77cdbe6daa9758a28b9145e580

SHA1: caef3e2a2b899d90a8d2be6b5d49af5980603926

SHA256: 2218bb5f7354819b4f363954adba17ec800ae1d8443821e9ce822255f8f133eb

File size: 11.776 bytes

Scan date: 2010-08-21 17:28:13 (UTC)


This is the systemvolumeinformation in the exe file:


Antivirus Version Last Update Result

AhnLab-V3 2010.08.22.00 08/21/2010 -

AntiVir 8.2.4.38 20.08.2010 -

Antiy AVL-2.0.3.7 08.16.2010 -

Authentium 5.2.0.5 08.21.2010 -

08/21/2010 Avast 4.8.1351.0 Win32: Malware-gen

Avast5 5.0.332.0 08.21.2010 Win32: Malware-gen

AVG 9.0.0.851 08.21.2010 -

BitDefender 7.2 08.21.2010 -

CAT-QuickHeal 08/21/2010 11:00 -

ClamAV git-0.96.2.0 21.08.2010 -

Comodo 5805 08/21/2010 -

DrWeb 5.0.2.03300 21.08.2010 -

Emsisoft 5.0.0.37 21.08.2010 -

eTrust-Vet 36.1.7804 21.08.2010 -

F-Prot 4.6.1.107 08.21.2010 -

F-Secure 9.0.15370.0 21.08.2010 -

Fortinet 4.1.143.0 08.21.2010 -

GData 21 08.21.2010 Win32: Malware-gen

Ikarus T3.1.1.88.0 08/21/2010 -

Jiangmin 13.0.900 08/21/2010 -

Kaspersky 7.0.0.125 08.21.2010 -

McAfee 5.400.0.1158 08/21/2010 -

Microsoft 1.6103 08.21.2010 -

NOD32 5384 08/21/2010 -

8/21/2010 6:05:11 Norman -

nProtect 2010-08-21.01 08/21/2010 -

Panda 10.0.2.7 08/21/2010 -

PCTools 7.0.3.5 08.21.2010 -

Prevx 3.0 08/21/2010 -

Rising 22.61.04.04 20/08/2010 -

Sophos 4.56.0 08.21.2010 -

Sunbelt 6771 21/08/2010 -

SUPERAntiSpyware 4.40.0.1006 08/21/2010 -

Symantec 20101.1.1.7 21/08/2010 -

TheHacker 6.5.2.1.352 08/20/2010 -

TrendMicro 9.120.0.1004 21/08/2010 -

TrendMicro HouseCall-9.120.0.1004 08/21/2010 -

VBA32 3.12.14.0 08/20/2010 -

ViRobot 2010.8.18.3995 08/21/2010 -

VirusBuster 5.0.27.0 08.21.2010 -

MD5: 9aad6a77cdbe6daa9758a28b9145e580

SHA1: caef3e2a2b899d90a8d2be6b5d49af5980603926

SHA256: 2218bb5f7354819b4f363954adba17ec800ae1d8443821e9ce822255f8f133eb

File size: 11,776 bytes

Scan date: 2010-08-21 18:29:43 (UTC)

[Erixx]

Well, you think of the results described above on the basis of false alarms reported by lsass.exe?? Sorry to double post-understand.