Win32:Malware-gen = Nightmare! Please help!

[jp516x]

I just registered for the forum so hello everyone 

I am trying to fix my boyfriend's mom's computer... for the second time. I helped her last time (IE: Updated her non-existant anti-virus with Avast Free, did a full scan, and installed Spybot S&D). It appeared that we totally cleaned her computer out but now, whatever it is, is back with a vengence.

First off, a program simply called "Scanner" at some point had installed onto the computer. I deleted it and thought it might solve the problem but it didn't.

In the Avast virus chest:
Name: EKqkYGiiiokoX.dll
Original Location: C:\Users\Cheryl\AppData\Local\Temp
Virus: Win32:Malware-gen

I scanned the computer with Malwarebytes. I did a quick scan first. 5 items came up and I removed them. The computer restarted before I had the chance to save the log. After I restarted, I decided to run a full scan too. I have tried this atleast 3 times, but it keeps freezing before it gets to finish... and 3 more infected objects keep coming up each time.


I have installed the other logging program OTL and it saved the logs. However, I don't have the other computer hooked up to my network because I am afraid the malware could somehow infect my network. I also don't want to copy the files to a disc then to my computer for the same reason.

Am I being too cautious or do you think it will be fine? I believe the logs are the only way I can take a step to fixing whatever this problem is......

Thanks in advance.
-Jess

[Left123]

Hello and welcome
Try Malware bytes
www.malwarebytes.org
Download
Install
Update
I repeat update
Scan
post results
Merry Christmas!

[jp516x]

Do you think that if I hook the infected computer up to my network, the malware could some how infect my network and/or computers on my network?

[Left123]

Well i can't rly say,Win32:malware gen could be whatever,i can think from trojan horse to other pieces of malware.If you are afraid you can log in safe mode,the virus won't affect your network
How to boot into safe mode:
http://antivirus.about.com/od/securitytips/ht/safemode.htm

[jp516x]

Okay, so Malwarebytes won't let me run a full scan without freezing. The quick scans don't pick anything up anymore because I removed 5 files when I did the first quick scan. The full scan freezes with 3 infected objects found.

I did the OTL scan and it only saved the OTL file, not the other file "Extra".

I attached the one log I did get.

[chabbo]

a tips are do a fullscan with malwarebytes and wait untill its find the first infection than u stop and deleted it and then do untill it stop freze, i did have same problem and its resolved for me!

[jp516x]

Thank you. I just did a scan and it came up with 2 objects infected. I stopped the scan, removed them and restarted the computer. I am running another full scan and I will reply with the result.

[Pondus]

can you post a Malwarebytes scan log ?

[jp516x]

Here's 3 scan logs, but I still can't do a complete full scan.

Hope these help solve the problem.

[Left123]

Can i have a look at your taskmngr and msconfig?Maybe the malicious applications eats ram that's why your pc freeze.

[Pondus]

If you are connected you should update Malwarebytes as you are scanning with database 5363 and latest is 5391
have you tried doing a scan in safe mode ?



you may also try these

Norman Malware Cleaner  http://www.norman.com/support/support_tools/malware_cleaner/
DrWeb CureIt  http://www.freedrweb.com/cureit/?lng=en
How to use it  http://www.freedrweb.com/cureit/how_it_works/?lng=en

They are fully updated when you download. Save to desktop and run from there
They are not installed so no uninstall just drag them to the resycle bin when done

[jp516x]

I thought I had updated.. but now I did.
It picked up 4 things that I removed. Here's the log:

[Left123]

Any other problems?
I was surfing at malwarebytes forum an found out this http://www.virustotal.com/file-scan/report.html?id=6100dcbbd246612f449e4109d768b75c504dbd41d53e7d39cb046e1434ead0fe-1293224748

If you read the comment below it says:
Rogue - "Scanner"
My analysis of this file using ThreatExpert brings me to the undeniable conclusion that this rogue is called, "Scanner." It is a clone of all of the other fake defragmenters.

and yes you are/were infected with a rogue AV

Also check this out http://siri-urz.blogspot.com/2010/12/scan.html

[Pondus]

Read it all before you start

How to remove Scanner (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-scanner

[jp516x]

Thank you both very much, I really hope the problem is solved.

I ran the RKill program and then Malwarebytes. Hopefully the last of it has been deleted but I'm still having problems finishing the full scan. Thankfully, nothing seems to be coming up in the search anymore though.

I ran another Spybot scan and deleted another trojan (Win32.autorun.tmp). It also picked up "FastBrowserSearchToolbar" but it said it wasn't able to delete it because it might have been in use or something.