hello, i want to remove the win32:malware-gen, here are the aswMBR log file
a full scan with avast show that i have this malware, and cannot connect to www.google.com
please help
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
hello, file are A0063462.dll on c:\systen volume information_restore… thanks
Well avast should have been able to deal with this infected restore point, did you not send it to the avast chest ?
-
Infected Restore Points:
There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore. -
Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
-
So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
####
The google issues is likely to be unrelated to this as the restore point should be inert unless you use system restore to restore it.
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
-
- MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware (SAS). On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
PLEASE HELP i have this for a week i try spyboot, avg, avast, avira, all programs found this win32 malware-gen they remove the file i delete the file from chests etc but the problem are
i cannot connect to google.com to google account to google gmail or more internet sites…
PLEASE HELP
give me real programs that work or tell me the step in regedit to remove this malware…
hello again
i download the malwarebytes anti-malware
i provide with log file after scan
thanks a lot
hello again,
here are the log from malwarebytes anti-malware
please help
hello again
also another log from malwarebytes anti-malware
an ip 95.64.61.159 (probably from romania) try to access my computer
PLEASE ADVICE SOLUTION
THANKS A LOT
Hi I will need some further data to find this
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U*.* /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
hello again,
thanks a lot here are the logs
You appear to have a lot of keygens on your system - not only is this illegal but it is a surefire way of getting some very nasty infections which will take all your confidential data - be warned
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL:Reg
:Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
hello,
i do as you said
here are the log from the “run fix”
also the log from the final OTL fun
please tell me if i am ok but
now i can access google.com
thanks in advance
It was a simple host file hijack… Any further problems ?
hello,
no, now the computer runs faster
and i can access google.com google account and gmail
i am ok
thanks again
Run OTL and press the cleanup button to remove it ;D
hello,
must run again the OTL and select CLEANUP ?
Yes just start the programme and press the cleanup button only