Avast is detecting files that are infected with “Win32:Malware-gen” in every full system scan I perform. I currently have 5 files that were moved to the Virus Chest. They are:
A0178454.exe
A0178461.EXE
AVManagerUnified.dll
HPZipm12.exe
HPZIPM12.EXE
and are found in each of the following locations respectively:
#3 was actually detected and moved to the virus chest while I was not at my computer yesterday, so I didn’t know about it until I rebooted my computer today, and Avast detected #4 immediately after the reboot. #1 and #5 were detected during a full system scan with Avast, while #2 was detected in a second full system scan.
I have also scanned with OTL and have attached the logs.
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click the remove selected button to quarantine anything found
you may post the scan log here
Hello,
try to rescan that files, IIRC “HPZipm12.exe”, “AVManagerUnified.dll” was false positive and is fixed now. Others fileNames looks like from system restore.
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) → Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) → Bad: (0) Good: (1) → Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe (Trojan.Agent) → Quarantined and deleted successfully.
It says that these 3 files have been deleted, but what if they were important files (especially the one in the registry? Should I be concerned?
Is there anything else I should be doing? How can I tell if I am still infected or not? I am currently scanning with MBAM again, but no infections so far.
Also, what should I do with the 3 files quarantined by MBAM, and the 5 files in the Avast Virus Chest (from reading other posts, the HPZipm12.exe file seems to be a false positive, and is used for my HP printer, but I seem to have two of those files in different locations…)? Permanently delete them…?
Your logs looked clean - I believe the two HP files are false positives, as for the system restore detections just reset your restore points Or I can do it for you
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
I ran the OTL fix to delete my system restore points. I also notice a new folder in my C:\ directory after running the fix. There are two files in the folder; a log file, and a file called “hosts”, which doesn’t seem to have a file extension. This file is located in:
I have also restored the two HP files, along with AVManagerUnified.dll from the Avast Virus Chest. I also deleted the other two files from the Virus Chest, so my Virus Chest is empty now.
I rescanned using Avast and then MBAM, with no detections.
I still have the three infections quarantined in MBAM, and I want to delete them permanently. Two of them are registry files though, so I’m not too sure I want to delete those. I don’t like keeping things in quarantine; I’d rather just restore them if they’re safe, or delete them, so would deleting these three files be a bad idea?
Yes you can delete the MBAM quarantine files - I will remove all the OTL stuff
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so…The following will implement some cleanup procedures:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.