Author Topic: I have problem with win32:malware-gen  (Read 57680 times)

0 Members and 1 Guest are viewing this topic.

QNtas

  • Guest
I have problem with win32:malware-gen
« on: March 06, 2012, 03:55:38 PM »
My avast found 50 thousand virus and they all are Trojan. They located c:/users/public and C:\windows\explorer.exe, c/windows/win32/. And now that virus split up to recyclebin  Then i am trying to put them to chest avast write that there are no free space and avast crashes. i try to clean up with malwarebyte' anti-malware and with OTS but it don't works. help me some one. ps. sory for not good english

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: I have problem with win32:malware-gen
« Reply #1 on: March 06, 2012, 04:20:56 PM »
Quote
My avast found 50 thousand virus and they all are Trojan.
holy cow.....and what malware name is avast giving ?
is it win32:malware-gen  on all files detected ?
« Last Edit: March 06, 2012, 05:34:14 PM by Pondus »

jeffce

  • Guest
Re: I have problem with win32:malware-gen
« Reply #2 on: March 06, 2012, 04:23:21 PM »
Hi,

I think we should give this a quick run and see what it shows.  :)

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

QNtas

  • Guest
Re: I have problem with win32:malware-gen
« Reply #3 on: March 06, 2012, 04:58:25 PM »
CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\admin\desktop\torrentai\rise of nations rise of legends crack only.zip.torrent
c:\users\admin\downloads\rise of nations rise of legends crack only.zip
c:\users\admin\downloads\rise.of.nations.rise.of.legends-nocd crack\rise.of.nations.rise.of.legends cd3.daa
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
scanner sequence 3.EM.11.QVNAHR
 ----- EOF -----

jeffce

  • Guest
Re: I have problem with win32:malware-gen
« Reply #4 on: March 06, 2012, 08:04:46 PM »
    Hi,

    Were you able to find out what label that avast was giving those 50K infections?
    -------------

    Please run the
MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
---------

Then, run the following:


Please download and run WVCheck.
  • Double-click WVCheck.exe.
  • As indicated by the prompt, this program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the Notepad file as a reply.

QNtas

  • Guest
Re: I have problem with win32:malware-gen
« Reply #5 on: March 06, 2012, 08:41:41 PM »
i want to clean my computer, and i dont know how i can delete that win32:malware-gen virus

jeffce

  • Guest
Re: I have problem with win32:malware-gen
« Reply #6 on: March 06, 2012, 08:47:17 PM »
Hi,

Have you run the tools I posted for in post #4?

QNtas

  • Guest
Re: I have problem with win32:malware-gen
« Reply #7 on: March 06, 2012, 08:57:02 PM »
I cant find WVCheck.exe and dou you need that i post all what MGADiag show?

QNtas

  • Guest
Re: I have problem with win32:malware-gen
« Reply #8 on: March 06, 2012, 09:09:45 PM »
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-J8D7P-XQJJ2-GPDD4
Windows Product Key Hash: xgsndMkYdJsYmUng0qIJ/thx+HI=
Windows Product ID: 00371-868-0000007-85759
Windows Product ID Type: 1
Windows License Type: KMS Client
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {CD8501CE-5651-4D06-8E5D-94A04213B30A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.110622-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CD8501CE-5651-4D06-8E5D-94A04213B30A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-GPDD4</PKey><PID>00371-868-0000007-85759</PID><PIDType>1</PIDType><SID>S-1-5-21-107350918-4025844359-37358633</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron N5110</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A07</Version><SMBIOSVersion major="2" minor="6"/><Date>20110718000000.000000+000</Date></BIOS><HWID>5D073607018400FE</HWID><UserLCID>0427</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>FLE Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

Spsys.log Content: 0x80070002

Licensing Data-->
Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070005
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OgAAAAMAAgABAAIAAQABAAAABAABAAEAonZi0RUndxYkUQaGKK0U0QqnnMbPDbzEGOpIPf5PaOsucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
  ACPI Table Name   OEMID Value   OEMTableID Value
  APIC         DELL      WN09
  FACP         DELL      WN09
  HPET         DELL      WN09
  MCFG         DELL      WN09
  SSDT         TrmRef      PtidDevc
  SSDT         TrmRef      PtidDevc
  SSDT         TrmRef      PtidDevc
  SSDT         TrmRef      PtidDevc
  SSDT         TrmRef      PtidDevc
  OSFR         DELL        M08   



jeffce

  • Guest
Re: I have problem with win32:malware-gen
« Reply #9 on: March 06, 2012, 09:18:12 PM »
Hi,

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans section put the following:
netsvcs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

QNtas

  • Guest
Re: I have problem with win32:malware-gen
« Reply #10 on: March 06, 2012, 11:45:18 PM »
OTL logfile created on: 2012.03.06 22:24:47 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\Admin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd
 
5,91 Gb Total Physical Memory | 3,52 Gb Available Physical Memory | 59,52% Memory free
11,82 Gb Paging File | 9,46 Gb Available in Paging File | 80,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 28,56 Gb Free Space | 29,28% Space Free | Partition Type: NTFS
Drive D: | 498,51 Gb Total Space | 202,97 Gb Free Space | 40,71% Space Free | Partition Type: NTFS
Drive I: | 95,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - D:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avformat-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Hamachi2Svc) -- D:\hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have problem with win32:malware-gen
« Reply #11 on: March 06, 2012, 11:46:58 PM »
QNtas you can attach the log to save doing multiple posts  ;D

QNtas

  • Guest
Re: I have problem with win32:malware-gen
« Reply #12 on: March 06, 2012, 11:48:46 PM »
Hey in that notepad file there is to many characters. and i need 4-5 posts to post one of them, so post it or do something else?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have problem with win32:malware-gen
« Reply #13 on: March 06, 2012, 11:51:21 PM »
There are instructions on how to attach the log file about a quarter of the way down in this thread http://forum.avast.com/index.php?topic=53253.0

QNtas

  • Guest
Re: I have problem with win32:malware-gen
« Reply #14 on: March 07, 2012, 12:11:29 AM »
And there is function how to fix my problem or just how to attach log?