Infected with Win32:malware.gen .... Please help !!!

Hakimati · August 11, 2013, 6:09am

Hello … Despite all of your good effort am still getting the alert !! … Please help …
sometime till remains …

essexboy · August 11, 2013, 3:20pm

Do you get the same alert when you use IE ?

Could you run a fresh OTL scan please

Hakimati · August 11, 2013, 4:13pm

Hello,

there is the new OTL scan log + avast warning when i visited a tech site for a review on sony walkman … Just thought to include it also if it connected …

essexboy · August 11, 2013, 4:46pm

That indicates that free download manager is trying to download something, do you have anything in the download queue ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
[2011-12-17 02:44:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hakimati · August 11, 2013, 5:09pm

Run the fix uploading with the reply … No i do not have any thing in FDM download list waiting for download … I can use IE to see if this is just firefox for a weeks for soo … Please also included whats going on my system …

essexboy · August 11, 2013, 5:46pm

Are you still getting the alerts, does it happen on a specific website

Hakimati · August 11, 2013, 5:53pm

Not specific time & interval but it happens … after i run the custom otl fix restarted & lunched firefox avast has not alerted me for now … but i am not certain about it … as if you can see the avast virus chest snap shot i attached earlier although i use fire fox every day but there have been gaps for the alert … Not specific website it come just when i lunch firefox & the only website set as homepage is google.co.in

Hakimati · August 12, 2013, 6:33am

Till getting it … . I have cleared very thing in firefox from history to caches to very thing … I think will use IE for a week to see what happens …

essexboy · August 12, 2013, 11:06am

OK that shows me exactly what it is Mcommon a hard bit of stuff to remove

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a3uvy1lf)
[2013-03-20 03:19:10 | 000,000,871 | ---- | M] () -- C:\Users\KING JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\klc9xlvr.default\searchplugins\freemake.xml
[2013-07-30 18:56:15 | 000,001,135 | ---- | M] () -- C:\Users\KING JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\klc9xlvr.default\searchplugins\webwebweb.xml
[2011-12-17 02:44:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2011-04-01 10:37:00 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2013-03-20 03:19:10 | 000,000,871 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\freemake.xml
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hakimati · August 12, 2013, 12:09pm

Thanks for the extra effect … I will run the fix & put the log file in reply as soon as i get home… Just wanted to know what it is Mcommon I tried to google it but did not find any thing. Please Enlighten me what is this malware & possible sources of infect so that i may avoid it in future.

essexboy · August 12, 2013, 1:40pm

Here is one I did earlier http://forum.avast.com/index.php?topic=125321.msg949304#msg949304

Hakimati · August 13, 2013, 3:42am

Thanks for the link … going though it … Here is OTL log after runing costume Fix …

essexboy · August 13, 2013, 10:45am

Have the alerts ceased ?

Hakimati · August 13, 2013, 8:08pm

Just started system … on alerts yet … will update accordingly …

Hakimati · August 14, 2013, 8:09pm

Just got it again … & firefox did crushed 2 times yesterday … I have the crush log of firefox if this helps … Am stating to think If there is some thing else in my system that’s infecting again n again or avast is declaring a false Alert … I thought to include the firefox crush report b/c if someone or thing is tempering with it this may revival

Fire Fox Crush Report

AdapterDeviceID: 0x683f
AdapterVendorID: 0x1002
Add-ons: testpilot%40labs.mozilla.com:1.2.2,%7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68,%7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119,autofillForms%40blueimp.net:0.9.9.0,%7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515,fdm_ffext%40freedownloadmanager.org:1.5.8,vdpure%40link64:1.97.5,wrc%40avast.com:8.0.1489,hotfix%40mozilla.org:2.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.3.2
AvailablePageFile: 4093247488
AvailablePhysicalMemory: 1617731584
AvailableVirtualMemory: 1218826240
BuildID: 20130618035212
CrashTime: 1376452151
EMCheckCompatibility: true
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1372887549
Notes: AdapterVendorID: 0x1002, AdapterDeviceID: 0x683f, AdapterSubsysID: 25511458, AdapterDriverVersion: 12.104.0.0
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 939053
StartupTime: 1376451566
SystemMemoryUsePercentage: 49
Theme: classic/1.0
Throttleable: 1
TotalVirtualMemory: 2147352576
URL: http://freemusicarchive.org/
Vendor: Mozilla
Version: 22.0
Winsock_LSP: MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] : 2 : 2 :
MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [TCP/IPv6] : 2 : 1 :
MSAFD Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [RAW/IPv6] : 2 : 3 :
RSVP TCPv6 Service Provider : 2 : 1 : %SystemRoot%\system32\mswsock.dll
RSVP TCP Service Provider : 2 : 1 :
RSVP UDPv6 Service Provider : 2 : 2 : %SystemRoot%\system32\mswsock.dll
RSVP UDP Service Provider : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0124C05-A27B-4713-91B5-4FF4696B2FCE}] SEQPACKET 4 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0124C05-A27B-4713-91B5-4FF4696B2FCE}] DATAGRAM 4 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF477438-4DD9-458B-A2D4-2639BDE009AF}] SEQPACKET 6 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF477438-4DD9-458B-A2D4-2639BDE009AF}] DATAGRAM 6 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5565AD11-9EB5-426B-A5F7-630B509ACEDD}] SEQPACKET 1 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5565AD11-9EB5-426B-A5F7-630B509ACEDD}] DATAGRAM 1 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B0124C05-A27B-4713-91B5-4FF4696B2FCE}] SEQPACKET 5 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B0124C05-A27B-4713-91B5-4FF4696B2FCE}] DATAGRAM 5 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF477438-4DD9-458B-A2D4-2639BDE009AF}] SEQPACKET 7 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AF477438-4DD9-458B-A2D4-2639BDE009AF}] DATAGRAM 7 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CFA7D5E0-5B1E-46F5-BCD2-9AE97C43E4F7}] SEQPACKET 3 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CFA7D5E0-5B1E-46F5-BCD2-9AE97C43E4F7}] DATAGRAM 3 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AD848BFC-163B-47FC-A91F-AA34873887DA}] SEQPACKET 0 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AD848BFC-163B-47FC-A91F-AA34873887DA}] DATAGRAM 0 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5565AD11-9EB5-426B-A5F7-630B509ACEDD}] SEQPACKET 2 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5565AD11-9EB5-426B-A5F7-630B509ACEDD}] DATAGRAM 2 : 2 : 2 :

This report also contains technical information about the state of the application when it crashed.

essexboy · August 14, 2013, 9:28pm

It is either a site you are visiting with Firefox or a programme you have recently downloaded
Lets remove those folders

Please download OTM

[*] Save it to your desktop.
[*] Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 
:Files 
c:\users\kingjohn\appdata\roaming\mcommon
c:\users\kingjohn\appdata\local\mozilla\firefox\profiles\klc9xlvr.default\cache\9
 
:Commands 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[Reboot]

[*]Return to OTM, right click in the “Paste Instructions for Items to be Moved” window (under the yellow bar) and choose Paste.

[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start

Hakimati · August 14, 2013, 10:25pm

What is this OTM Avast is warning about rear file type & saying to avoid

Hakimati · August 14, 2013, 10:47pm

O.k the alert always pop’s up when i lunch firefox & the home page is set to google.co.in … So now i have changed it to www.yahoo.co.in … if the previous was fake site & i was getting redirected … …

Anyway there is the OTM report

essexboy · August 15, 2013, 5:28pm

Do you get the same alert when you launch Internet explorer

Hakimati · August 16, 2013, 4:04am

Just got the alert again … I was at https://www.slimwareutilities.com/slimdrivers.php trying to download slim drivers free version …I have not worked with IE for a long time Firefox i have only used . It like 3-4 years now . If you want i can switch to IE n see what happens … Which version should i use Also should i use it without any plugin … Please give directions

Infected with Win32:malware.gen .... Please help !!!

Announcements