Win32:Malware-gen popping up

[ReubenElPopo]

Hey all! New to the forums, havn't ever needed assistance until now. I too am getting these alerts (Minneapolis MN). Quite a relief that im not the only one with this problem.
Ran a full scan with MBAM with no results except a tracking cookie (arg)

Unrelated question: Is Essexboy the resident malware guru?

[Pondus]

Unrelated question: Is Essexboy the resident malware guru?

He is a trained and certified malware remover, and does most of his malware cleaning over at geeks to go

http://forum.avast.com/index.php?topic=53253.0

[ReubenElPopo]

Unrelated question: Is Essexboy the resident malware guru?

He is a trained and certified malware remover, and does most of his malware cleaning over at geeks to go

http://forum.avast.com/index.php?topic=53253.0

Coolness 

[Icepick]

Pretty much same situation here (in Finland) - Avast reports at every computer wake up or start up Win32:Malware-gen, it is always some oddly named .dll file in temp. Process is always C:\Windows\Microsoft.NET\Framework\v2.0...\csc.exe. It also pops up during the usage every now and then - maybe every 3 hours, have to check. The problem started to present itself less than 24 hours ago I think, cannot figure out what has happened at that period.

Full scan reveals nothing, at least yesterday. same with latest MBAM yesterday, haven't tried today. Same with Spybot but Ad-aware found suddenly 3 files associated with Dropper, and quarantined them. They were deleted - at the startup the same Avast warning still.

Went to sleep: today, the same warning. Currently doing startup scan with Avast, with maximum sensitivity. Next running Adaware, Spybot and MBAM fullscans again and then if none of it helps I will also use OTL and post log here. Unless of course during my time-taking scans the answer appears here magically  

EDIT: Nothing in MBAM fullscan, and nothing in Adaware fullscan so far. And by the look of it the yesterday's Adaware scan may also been false alarm on Dropper, as it seems to mistake one game controller's downloaded firmware update as Dropper (the update has been untouched  for at least a year, and used controller all the time - no reason for it to activate now- just that I downloaded Adaware so it saw it now):

Description: c:\users\xxx\downloads\n52te_win_firmware_v1.04_eng(2).exe Family Name: Win32.TrojanDropper.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 1037 MD5: 736be7da6f623a4676c252273392ba18
Description: c:\users\xxx\downloads\n52te_win_firmware_v1.04_eng(3).exe Family Name: Win32.TrojanDropper.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 1037 MD5: 736be7da6f623a4676c252273392ba18
Description: c:\users\xxx\downloads\n52te_win_firmware_v1.04_eng.exe Family Name: Win32.TrojanDropper.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 1037 MD5: 736be7da6f623a4676c252273392ba18

[TheLoneTerran]

Hello. Posting my results from most recent, updated scan.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5552

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/19/2011 3:54:55 AM
mbam-log-2011-01-19 (03-54-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 634201
Time elapsed: 1 hour(s), 28 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Detected nothing bad. =/

[HolyCrusader]

I too have just had this problem start for me, on two different computers, starting at almost the exact same time.  They show-up roughly once every three hours (avast finding them every 3 hours).  So far, Malware Bytes and Avast scans have come up negative.  This started happening on January 18th, shortly after updating Avast! to the newest version.

A few things I've observed so far with whatever this is:

• Initial "infection" happened early AM for me, at a time when neither computer was being used (they were turned-on, but idle).  Also, I've done nothing even remotely hazardous on either computer that could have caused it to be picked-up.
  
• The date stamp on the .dll's are several hours ahead of my system clock when detected (suggesting they're not files being created by my computer, but being transferred from some other application).
• My home computer has been unable to move the files the Chest as they are apparently being deleted before Avast can move them.

I've sent a couple of the .DLL's in for checking.  I'll post more information if/when I discover it.

[Vulture]

Hi all,

I had the same thing start happening to me about 24 hours ago (in Singapore).  I've scanned with the latest version of Avast (including boot time scan)and the latest MalwareBytes with no success (all scans return clean).  Any advice would be greatly appreciated.

Thank you,
 - Ted

[Pondus]

Try this.  Save to desktop and run from there. No install so when done you just dropp the program in the resycle bin

Dr.Web Cureit  http://www.freedrweb.com/cureit/?lng=en
how to use it http://www.freedrweb.com/cureit/how_it_works/?lng=en
Norman Malware cleaner  http://www.norman.com/support/support_tools/malware_cleaner/




Essexboy is notified an will pop in when he arrives later today

[arquebus]

Thanks, I've gotta get some sleep but I'll try those first thing in the morning

[Vulture]

Trying now.  Will report success/failure.  So far Norman thinks that the boot sectors and running processes/process memory is clean.

[Jattenalle]

Same issue as the original poster. Every few hours a Win32:Malware-gen identical to the topic starter:
Randomly named .dll file in AppData/Temp, created by csc.exe

It might be related to this: http://blogs.msdn.com/b/asiatech/archive/2010/08/02/could-not-find-the-file-c-windows-temp-lt-xml-serializer-random-generated-file-name-gt-dll.aspx

All scans I've run, from various programs, come up with no virus, worm or malware hits.

[Icepick]

Same issue as the original poster. Every few hours a Win32:Malware-gen identical to the topic starter:
Randomly named .dll file in AppData/Temp, created by csc.exe

It might be related to this: http://blogs.msdn.com/b/asiatech/archive/2010/08/02/could-not-find-the-file-c-windows-temp-lt-xml-serializer-random-generated-file-name-gt-dll.aspx

All scans I've run, from various programs, come up with no virus, worm or malware hits.

Starting to believe this to be somehow a false positive as nothing was found by any deep scans by Avast itself, AdAware or MBAM with newest files - only symptom is this strange, every 3 hour interval (or startup) appearing alarm.

[WillowH]

Hi everyone, I'm new to the forum.  Haven't had any issues until today.  I don't know if this issue is related to the Windows updates I've done today, but it seems that Avast started throwing up these alerts for me not long after rebooting after downloading the updates.



I doubt that my issues is any different to everyone else's, I will stay logged in and watch proceedings.  I just wanted to add that another user is experiencing the same issues.  I'm in Australia.

Cheers, Willow

[Adzinger]

Hey guys,
Also new to the forum. Since yesterday, every time I power on my pc, avast pops up telling me the same thing, that it has detected a random .dll Win32:Malware-Gen in my TEMP folder. I have ran SAS and MBAM with nothing found, tried a bootscan with no success, glad to know there are others looking for the same help I am!

[Icepick]

Interesting... Avast made a small automatic update a couple of hours ago, and now it is over 5 hours from previous Win32:Malware-gen quarantine alert. During the last day or so it has been generating these alerts about every 3 hours.

Maybe it was nthing then after all.