Author Topic: Win32:Malware-gen: avast! Cannot Remove  (Read 14048 times)

0 Members and 1 Guest are viewing this topic.

IvoryOnyx

  • Guest
Win32:Malware-gen: avast! Cannot Remove
« on: January 24, 2012, 11:35:48 PM »
Hi there everyone, nice to meet you all. I'm IvoryOnyx. I've been using avast! for about three years now. It is hands-down the best free antivirus program I've ever used. Up until this point, it's kept me protected from all the nasty viruses and malware peppered throughout the internet since that time.

But a few days ago, I ran into a problem was when avast! apparently detected some viruses/malware on my computer while it was scanning (which I have it set to do when the screensaver starts up - I'm sure some of you are familiar with it and I must say, it's a great idea I haven't seen implemented by any other software). This led me to agree to do a boot-time scan, which took a little over three hours to accomplish. It found a ton of Java Agent exploitations, which I was able to move to the chest and delete. There was one virus, however, that I could not remove, and that was the Win32 Malware-gen.

I've done research and have only found three to four different cases of it, all of which did not really help me in figuring out how to oust the virus from my computer. One person said that they were able to delete the virus by going into some other user's account on the computer, since the security/user permissions on the account prevented the individual from deleting the virus. Another person's problem was resolved after he was told to clean out his temp files. The problem I'm running into is the fact that this does not apply to my particular case.

These are the pieces of information saved on my log from the boot-time scan.

File Name: C:\Windows\Downloaded Installations\3E547985-AA94-4B1B-8ADD-21E060E5E31F}\Adobe Photoshop Album 3.2 SE.msi|>Data1.cab|>ADB2.EXE|>[UPX]

Severity: High

Status: Threat: Win32:Malware-gen

Action: Move to Chest

Result: Error: The system cannot find the file specified. (2)

I did some more research as to exactly what this virus was, and learned that it is basically a virus that is capable of downloading files without my knowledge, either to get more viruses and malware on my system or to supplement an existing one. This alone frightens me. Anyway, I'd appreciate any and all help from the community.

Thank you,
IvoryOnyx

« Last Edit: January 24, 2012, 11:37:41 PM by IvoryOnyx »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Win32:Malware-gen: avast! Cannot Remove
« Reply #1 on: January 24, 2012, 11:43:35 PM »
Quote
Result: Error: The system cannot find the file specified. (2)
have you tried to reboot and scan again ?.....is it still found ?

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Win32:Malware-gen: avast! Cannot Remove
« Reply #2 on: January 24, 2012, 11:46:57 PM »
Hi IvoryOnix,

File Name: C:\Windows\Downloaded Installations\3E547985-AA94-4B1B-8ADD-21E060E5E31F}\Adobe Photoshop Album 3.2 SE.msi|>Data1.cab|>ADB2.EXE|>[UPX]

Severity: High

Status: Threat: Win32:Malware-gen

Action: Move to Chest

Result: Error: The system cannot find the file specified. (2)
Looks like a false positive on avast's case as it is legit.

Mcafee Reports:
ADD   c:\WINDOWS\Downloaded Installations\{3E547985-AA94-4B1B-8ADD-21E060E5E31F}\Adobe Photoshop Album 3.2 SE.msi

Furthermore, the error you received states that 'the system cannot find the file specified'. The "Downloaded Installations" folder is a temp folder, so the chance was high that this file couldn't be found. However, it is strange that it was found during the boot-time scan but couldn't be found upon completion and selected for removal.

If your still not sure, you can check out here for some information about the download, if legit:
http://www.siteadvisor.com/sites/adobe.com/downloads/17567350/

And then you can follow the instructions and attach the logs to this post from here:
http://forum.avast.com/index.php?topic=53253.0
If you want a malware removal specialist to check your system for any malware remainings.
« Last Edit: January 24, 2012, 11:55:43 PM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

IvoryOnyx

  • Guest
Re: Win32:Malware-gen: avast! Cannot Remove
« Reply #3 on: January 25, 2012, 03:02:11 AM »
Quote
Result: Error: The system cannot find the file specified. (2)
have you tried to reboot and scan again ?.....is it still found ?

Hey there, yeah, I scanned again (this time it was a system scan) and it didn't find it. I just thought that a boot-time was perhaps more thorough (because it definitely took longer). The normal scan took around 2 hours; the boot-time took 3+ hours.

Hi IvoryOnix,

File Name: C:\Windows\Downloaded Installations\3E547985-AA94-4B1B-8ADD-21E060E5E31F}\Adobe Photoshop Album 3.2 SE.msi|>Data1.cab|>ADB2.EXE|>[UPX]

Severity: High

Status: Threat: Win32:Malware-gen

Action: Move to Chest

Result: Error: The system cannot find the file specified. (2)
Looks like a false positive on avast's case as it is legit.

Mcafee Reports:
ADD   c:\WINDOWS\Downloaded Installations\{3E547985-AA94-4B1B-8ADD-21E060E5E31F}\Adobe Photoshop Album 3.2 SE.msi

Furthermore, the error you received states that 'the system cannot find the file specified'. The "Downloaded Installations" folder is a temp folder, so the chance was high that this file couldn't be found. However, it is strange that it was found during the boot-time scan but couldn't be found upon completion and selected for removal.

If your still not sure, you can check out here for some information about the download, if legit:
http://www.siteadvisor.com/sites/adobe.com/downloads/17567350/

And then you can follow the instructions and attach the logs to this post from here:
http://forum.avast.com/index.php?topic=53253.0
If you want a malware removal specialist to check your system for any malware remainings.

I'm kind of a paranoid person, so even though the second scan (normal scan) didn't find it again, the fact that it was found during the first one (boot-time scan) and couldn't be removed still bothers me.

I'll check out those two links and get back to you as soon as I can. I really appreciate both of your swift replies! Thank you, it means a lot!

IvoryOnyx

  • Guest
Re: Win32:Malware-gen: avast! Cannot Remove
« Reply #4 on: February 04, 2012, 05:57:16 PM »
Thank you for your help, Donovansrb10 and Pondus! My computer's clear of the Maleware-gen. I'm so relieved now. Thank you again!

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Win32:Malware-gen: avast! Cannot Remove
« Reply #5 on: February 04, 2012, 06:02:56 PM »
Glad we could help. ;)

Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

GB110

  • Guest
Re: Win32:Malware-gen: avast! Cannot Remove
« Reply #6 on: February 05, 2012, 10:56:38 PM »
I have the same problem - Malware-gen shows up on a boot scan but no where else.  The location is Program Files\Earthlink Setup\Windows\access\spywareblocker.msi|>Datal.cab|>Elshowspyabout.exe|>[UPX] Win32:Malware-gen

Any help would be appreciated

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Win32:Malware-gen: avast! Cannot Remove
« Reply #7 on: February 05, 2012, 11:18:47 PM »
Pondus has dealt with this issue before.

********************************************************************************

see reply #119 +....... here is one with the same problem..only detected with boot scan...

http://spywarehammer.com/simplemachinesforum/index.php?PHPSESSID=guss4j14fo5s93qqd9o96k4mc0&topic=10709.105

********************************************************************************

Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."