As Usual Win32 maleware.gen ~.~

Well its happen on my first computer… Its involved some axiti.sys which is a Trojan Mebatrix…
Well basically that computer cannot be help anymore and so i need to format the hard disk back…
And i use my second computer put the first computer hard disk to this because i need to save some important files to my second computer…
Well when all of it is done… i take out the first computer’s hard disk and start the computer…
Well after 10 minutes of surfing…
My computer getting weird… all those files change to chinese writing… and i scan one of the file with avast and i saw win32 maleware.gen…
well and basically i delete the virus which is inside the file… but the virus and file is dissapeartoo…
all the files… is infected… and after that my computer freeze… and i restart my computer and the screen goes black…and i ctrl+alt+delete click new task and write explorer.exe and the screen is turn normal…

WeLL. from here can you tell me my first step to clean the virus… i need to uninstall my avast due to expired date…
Well i will get ready MBMA, OTL, and AVAST… pls help me. okay… this computer has a lot of important files…! my Partition at D:// is full but when i click it… it show just couple of songs and files… that not even reach 1gb… help T_T

Follow this guide from Essexboy and post the log`s here. Then he will help you when he enters the forum
http://forum.avast.com/index.php?topic=53253.0

if the log`s are big, see down left corner: additional options > attach

oh the thing is… about the log…
the infected computer is out of connection because of host Windows 7 - Host Process for Windows Tasks has stopped working…
i search about it…
im using wireless…
im using my laptop to online…and there gonna be some trouble copying those log…
i scared that my usb storaged is infected and transfer to my laptop while copying the log…

can u guys give me step by step… which program to use first and second please… and after that i will do what u guys ask me to do…

PLews…guys i cant copy the log to my laptop because avast detecteed win32 malware gen… i dont want my laptop to get infected it too… if so i dont have anything to refer…
plEAse guys help this poor being…

Start with DrWeb

Dr.Web® LiveCD http://www.freedrweb.com/livecd/
How does it work? http://www.freedrweb.com/livecd/how_it_works/

If you wish we can work outside windows, therefore negating the risk of cross infection - There are two versions of this programme one with network drivers and one without, your choice

Please print these instruction out so that you know what you are doing

File details OTLPEStd.exe
Bytes=97,702,766
MB=93.1
MD5=FC1A07D156DE710955032B1CF7891671

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

[*]Download OTLPEStd.exe to your desktop
[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD

[*]Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :slight_smile:

[*]Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start.
[*]Drag and drop this attached scan.txt into the Custom scans and fixes box
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.

Guys rite now i jsut got repaired my wireless driver… it seem i can online from the infected computer… okey… let see
i give u my attachment of the otl.exe okey and the malware log…

Here…

and the MBMA log

Hi you have some malware on there - however, you saved the OTL log as Unicode instead of ANSI so it is a bit of a job to normalise so that OTL will understand it.

So

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

im sorry for troubling u… i will be back for the result

This is the log… (btw nice logo)

Win32:Malware-gen

Most likely this is a false positive ???, but I think you should know

(Not a complaint, but hops to help you out with your excellent software)

AntiVirus Report: using AntiVirus sofware free Version 5. Unregistered trial (www.avast.com/ )

HIGH warning

IdleBackup_Del_AutoStart.exe Win32:Malware-gen

IdleBackup Version 1.8b (Freeware) ( www.idlebackup.nl )

Virus Notice: IdleBackup_Del_AutoStart.exe

http://www.acomputerportal.com/reports/Avast%20virus%20report%20idle%20backup.jpg

@TrafficProducer Could you start your own thread for that please as it confuses the issue

@imman

  1. Please open Notepad
    [*] Click Start , then Run[*]Type notepad .exe in the Run Box.

  2. Now copy/paste the entire content of the codebox below into the Notepad window:


DirLook:: 
c:\windows\window
c:\windows\myhost
c:\windows\hii

File::
c:\program files\Docmentc\csres.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AENGFU3AB-A707-11d2-9CBD-0000F87A369E}]
Renv::


  1. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

  2. Save the above as CFScript.txt

  3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

  1. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    [*]Combofix.txt [*]A new OTListit log.

Sorry essexboy for the late reply… i been busy lately… but thank you for helping out my problem…
well this the logs…

and the new otl log

OK once this is done can you let me know if any problems remain

  1. Please open Notepad
    [*] Click Start , then Run[*]Type notepad .exe in the Run Box.

  2. Now copy/paste the entire content of the codebox below into the Notepad window:



Folder::
c:\windows\hii
c:\windows\myhost
c:\windows\window

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37D82CC2-7D3E-47EC-956A-C8AC91E8613F}]


  1. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

  2. Save the above as CFScript.txt

  3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

  1. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    [*]Combofix.txt .

This is the combofix log…
by the way… essexboy its occur about two times when u ask me to copy those code and drag into the combofix…
and after the scanning is over… it say that “ur recycle bin on C:/ is corrupted do u want to remove for this drive” yeah something like that…

That looks clean now - what problems are you experiencing ?

Did you remove the recycle bin ?