Win32:Malware-Gen can not delete after Malwarebytes

[stanley.l]

Hello,

Avast detected the win32 malware gen worm. I followed the forums and downloaded Malwarebytes but it is still being detected.

I still can't seem to remove the malware. Here is the message I get from avast:

c:\program files\common files\akamai\controlpanel_installer.exe
win32:Malware-Gen
VPS Version 100331-2, 03/03/2010

Thanks

[Pondus]

can you upload  controlpanel_installer.exe  to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see


also post malwarebytes scan log

[polonus]

More about this:
Product:   (Empty Value)
Company:   (Empty Value)
Description:   (Empty Value)
Version:   (Empty Value)
MD5:   B2EBCA91B17D67D87B0432BAE0D9A22A
Size:   6046131
Directory:   %COMMONFILES%\Akamai\ControlPanel_Installer.exe
Operating System:   Windows 7
It sounds like the Akamai control Panel is executing Visual C++ Package, maybe to update it to the latest version (or check the latest is installed). Check if vcredist_86.exe is signed by Microsoft and scan against VT. It's Akamai's; is there anything such in your Add/Remove Programs?  If so, uninstall this,

polonus

[stanley.l]

Thanks for your reply guys! I am actually using Vista.
polonus- How do i check if the exe file is signed by microsoft?

[stanley.l]

I can't seem to locate controlpanel_installer.exe either. Where do I go find this? THanks.

[polonus]

You right click the excecutable file for properties and then click details and you find the info there if available. If you cannot find it. Did you look in the avast chest? Was it quarantined?

polonus

[stanley.l]

Thanks for your fast reply.

I found the controlpanel_installer.exe file, it was not in chest or quarantined. I just overlooked it the first time. When i try to upload file into virus total. I get a msg saying I do not have permission to open the file contact owner or adminstrator.

I then tried to right click and run as admin but get this msg:
Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access them.

I was unable to locate credist_86.exe. Which folder is that in? Thanks again

[stanley.l]

problem is still not resolved any help would be greatly appreciated. Thanks.

[essexboy]

Hi lets have a quick look at your system

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 



On completion of the scan click save log, save it to your desktop and post in your next reply

[stanley.l]

Hi thanks for your fast reply and helping me out ont his. Please see attachment for OTL Logs

[essexboy]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  SRV - [2011/08/16 10:51:06 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
  IE - HKU\S-1-5-21-2330244226-887321551-1427558123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
  O33 - MountPoints2\{3bafb107-dea6-11de-b164-00188b6aae16}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL FoIler.EXe
  [2011/08/18 14:05:02 | 000,072,080 | ---- | M] () -- C:\Users\Stanley\g2mdlhlpx.exe
  
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files\Common Files\Akamai
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.