Malware-Gen infection

Hi,

I was infected with Malware-Gen yesterday after clicking an exe I shouldn’t have. Machine is Windows 8. After realizing what I did, within 20 seconds or so, I hard shutoff the machine + disconnected it from the internet before turning it back on.

I briefly reconnected internet to download AVAST and scanned the drive, which identified Malware-Gen in an Application Data/ folder. I then followed some of the online guides off my iPad: TDSSKILLER (didn’t find anything), Combofix (found a couple registry entries and a C:\Install.exe), Malwarebytes Anti-Malware (didn’t find anything), RogueKiller (a couple registry and tcp/ip entries), HitmanPro (didn’t find anything), Emsioft Emergeny Kit (nothing), Eset Online Scanner (nothing), AdwCleaner (nothing). I’ve also rerun Avast, Malwarebyes, and Windows Defender through full scans without finding anything, so I don’t think the trojan got too far.

I did generate an OTL log (attached). Greatly appreciated if someone could see if it looks clean.

Side note: CREATERESTOREPOINT was run in OTL, but I didn’t see the restore point in the windows system restore points. Is this a different restore point and, if so, how do I delete it?

Thanks!

[Edit: Removing log file attachment since issues resolved]

Nothing apparent there, how is the computer behaving ?

Nothing out-of-the-ordinary that I can tell, even right after double clicking the exe yesterday. Hopefully I caught it early enough before it fully rooted… I did not notice any .dll affected in the earlier tool logs either. Admittedly, I’m a little surprised Windows Defender or UAC didn’t complain at any point. For reference, I mostly followed http://malwaretips.com/blogs/remove-win32malware-gen/.

Should I be running “Cleanup” in OTL before deleting otl.exe?

Thanks again! I was reading through some of your earlier posts for others while I was cleaning things yesterday, and they were very helpful.

That link is a bit of an overkill for what is usually a bundled software problem. However, it does confirm a squeaky clean system :slight_smile:

To remove OTL and its associated folders run it and press the cleanup button. This should also remove combofix

Maybe I spoke too soon- Hitman Pro detected something today (Gen.Trojan.Heur!IK). Log attached. Though, maybe a false positive? Time coincides with when I ran AdwCleaner.

Yep that has locked onto AdwCleaner and is a false positive

Cool, thanks again!