Need help removing win32:malware-gen

Avast free detected this after running a quick scan. It asked to do a boot scan upon restart so I restarted the system. After very long process and many infected files and errors listed, my system is now up and running but I’m not sure what to do next? Do I go back to a prior restore point, get rid of prior restore points? I have been reading many of the threads on here which require a lot of steps to clean the system properly. I would need someone patient enough to walk me through this process. I have done a lot of fixes in the past with help from google and Microsoft including some registry fixes but this seems to be a whole new level that is beyond what I feel comfortable attempting. I don’t understand all the jargon you professionals use, so please be patient with me…thanks!

Hi and welcome to the forum,

follow this guide and attach the logs from OTL, Malwarebytes and aswMBR(Not under Win 8, 8.1):

http://forum.avast.com/index.php?topic=53253.0

A Malware expert will take you step by step through the cleanup. :slight_smile:

Attach logs…not copy and paste

Sorry, thanks for letting me know there was an easier way! Can I delete the pastes?

Already done :slight_smile:

Now attach OTL log…

OTL Logs…

Should I download MCShield to check my external backup hard drive?

If you wish, MCShield is a useful tool

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCzzzz0ByB0BtD0AyCyDyD0DyD0FtN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1484080129
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCzzzz0ByB0BtD0AyCyDyD0DyD0FtN0D0Tzu0CtBtAtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1484080129
IE - HKU\S-1-5-21-2000478354-1715567821-725345543-1011\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-1715567821-725345543-1011\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012/08/20 10:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Funmoods

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

OTL scan results

Adwcleaner results…

Looks good now, are you experiencing any problems ?

It seems okay, but it also seemed okay before I knew there was a problem. Do you really think it’s clean? What do you recommend I do for scans from now on?? I normally do the Avast free version and occasionally run superantispyware, not sure if those cover malware. The avast has been blocking some emails lately, saying “threat detected.” I did not know there was an issue until my email got blocked by our internet provider, that’s when I ran a scan and found the malware.
Do I keep the programs you had me install and run them ocassionally? If not, which ones should I remove?
Lastly, not sure what to do about my external hard drive for back-ups, I would like to make sure it’s not infected and will not reinfect my computer when I do my next back-up.

What do you recommend I do for scans from now on??
Hmm difficult to say as it depends on whether you download free programmes frequently. For myself I just have Avast set to screensaver scan and that is it, but I am careful when I download programmes. What might be useful for you is this small programme, it runs in the background and is very light

A small tool that may help when you download programmes

http://unchecky.com/

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder

Right click on the Unchecky_setup
http://i1059.photobucket.com/albums/t432/cinjo23/uncheckysetupicon.png
or folder and choose to Run as Administrator

Once open click the Install button.

http://i1059.photobucket.com/albums/t432/cinjo23/uncheckysetupwindow.png

Then click on Finish

http://i1059.photobucket.com/albums/t432/cinjo23/uncheckyfinishsetupwindow.png

Unchecky is now installed and will help you keep unwanted check boxes unchecked :wink:

Lastly, not sure what to do about my external hard drive for back-ups, I would like to make sure it's not infected and will not reinfect my computer when I do my next back-up.
Run a full scan with Avast on the backup drive, or delete your current backup and do a fresh one now

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

Thank you guys so much!!! I really appreciate all your help, could not have done it without you… :slight_smile:

okay, I did not know how to scan my external drive with avast so I messed up some scan settings. I went into quick scan, clicked on settings and then went under scan areas and changed whatever the default areas were to “all hard drives” but that only scanned my C drive. Also tried “all removable media” and that did nothing. But now that I changed the settings it is not going back to the default settings, and I don’t know what they were. Could you tell me how to reset it to scan the right areas?
I then “explored” “my computer” and right clicked on the “Y” External Drive and chose to scan with Avast but it gave me an error message. So I went over to the list of folders on left side of screen and right clicked on the “Y” hard drive and did same thing, this time it appears to be scanning, so I think its working now.
Update: It was scanning but has been stuck at 88% for a long time…

What file/folder has it been stuck on ?

its a home video (backup copy of one from my C drive

Right that is probably due to either the size or they may be a corruption on it

okay. I’m trying to just an smaller areas of that drive at a time now.

But could you tell me how to reset my avast quick scan settings. Under “scan areas” there are a lot of choices and I don’t remember what it was originally set to before I tried changing it. I thought it would go back to default after the scan. Right now I only have “all harddisks” chosen.

Attached are the standard quick scan settings