Win:32Malware-gen

system · August 20, 2010, 7:35pm

Hello. First preview of the possible errors of interpretation but it will turn the text.

Operating system: Windows XP

Avast! 5 Anti-Virus Win32: Malware-gen found in the following location:

Important files:

C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ dllcache \ lsass.exe

Less important:

C: ** Username ** \ Temp \ avast_4 (so avast4 Avast5 before because it was above, but it also detected the virus avast4)

C: \ Systemvolumeinformation \ a pair of exe file

Search, detect the infected file is C: \ WINDOWS \ system32 \ lsass.exe improved but I do not know trouble code 32

C: \ WINDOWS \ system32 \ dllcache \ lsass.exe this file into quarantine, but I think I can put the necessary files
The other files are placed in quarantine.

virustotal.com checked the file C: \ WINDOWS \ system32 \ lsass.exe but Avast4 Avast5 and it has an anti-virus as infected.

But if this is C: \ WINDOWS \ system32 \ lsass.exe file in the right-mouse button click is slow to come into the other options are also well.

Boot-time search, I can not repair the file system.

All right how could I be on my system. ???

Any help appreciated.

Pondus · August 20, 2010, 7:43pm

Have you tried?

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click on the remove selected button to quarantine anything found
you may post the scan log here

system · August 20, 2010, 9:33pm

All right, but this anti malware programs can improve the picture?? Just because you do not want to delete system files.

system · August 20, 2010, 10:08pm

Do you have Windows XP SP3 ???

system · August 20, 2010, 10:13pm

No, this is a 5-year system is full of family values is not much I would like to re-install.

system · August 20, 2010, 10:21pm

Best you learn about Backup:
http://en.wikipedia.org/wiki/Backup

If you don’t have XP SP3 then the system is totally vulnerable to MANY infections!

system · August 20, 2010, 10:27pm

And I know that it is not blind to this alarm, I saw you asked about the board that this is true or false, because only virusotal.com avast! antivirus it still continued to indicate that the virus.

system · August 21, 2010, 7:24pm

Here is the malwarebytes log you requested:

Malwarebytes’ Anti-Malware 1:46
www.malwarebytes.org

Database Version: 4457

Windows 05/01/2600
Internet Explorer 6.0.2600.0000

21/08/2010. 21:07:58
mbam-log-2010-08-21 (21-07-58). txt

Scan type: Quick Scan
Objects scanned: 131854
Elapsed time: 11 minutes, 6 seconds

Memory Processes Infected: 0
Memory Modules Infected: 0
Infected registry keys: 0
Registry Values Infected: 0
Infected registry data elements: 0
Folders Infected: 0
Infected files: 0

Memory Processes Infected:
(No malicious items found)

Memory Modules Infected:
(No malicious items found)

Infected registry keys:
(No malicious items found)

Infected Registry Values:
(No malicious items found)

Infected registry data elements:
(No malicious items found)

Folders Infected:
(No malicious items found)

Infected files:
(No malicious items found)

In addition, he did have a full investigation into the watched folder where systemvoluminformation but avast did not find anything alarming.

Where avast alerts systemvolumeinformationba also tested the exe VirusTotal but the 3 is the same as the alarm anti-virus lsass.exe file.

In short, malwarebytes found nothing, only 2 log file is an older virus which has left behind.

This was the 2 files:

Infected files:

C: \ Documents and Settings \ user \ Application Data \ avdrn.dat (Malware.Trace) → Quarantine and deleted successfully.
C: \ Documents and Settings \ user \ Application Data \ wiaserva.log (Malware.Trace) → Quarantine and deleted successfully.

So then this false alarm??

Here is the VirusTotal log file lsass.exe from:

Update Antivirus Version Last Result

AhnLab-V3 2010.08.22.00 08/21/2010 -

AntiVir 8.2.4.38 20.08.2010 -

Antiy AVL 2.0.3.7 08.16.2010 -

Authentium 5.2.0.5 08.21.2010 -

08/21/2010 Avast 4.8.1351.0 Win32: Malware-gen

Avast5 5.0.332.0 08.21.2010 Win32: Malware-gen

AVG 9.0.0.851 08.21.2010 -

BitDefender 7.2 08.21.2010 -

CAT-QuickHeal 08/21/2010 11:00 -

ClamAV git-0.96.2.0 21.08.2010 -

Comodo 5805 08/21/2010 -

DrWeb 5.0.2.03300 21.08.2010 -

Emsisoft 5.0.0.37 21.08.2010 -

eSafe 7.0.17.0 19.08.2010 -

eTrust-Vet 36.1.7804 21.08.2010 -

F-Prot 4.6.1.107 08.21.2010 -

F-Secure 9.0.15370.0 21.08.2010 -

Fortinet 4.1.143.0 08.21.2010 -

GData 21 08.21.2010 Win32: Malware-gen

Ikarus T3.1.1.88.0 08/21/2010 -

Jiangmin 13.0.900 08/21/2010 -

Kaspersky 7.0.0.125 08.21.2010 -

McAfee 5.400.0.1158 08/21/2010 -

McAfee, GW 2010.1B Edition 08/21/2010 -

Microsoft 1.6103 08.21.2010 -

NOD32 5384 08/21/2010 -

8/21/2010 6:05:11 Norman -

nProtect 2010-08-21.01 08/21/2010 -

Panda 10.0.2.7 08/21/2010 -

PCTools 7.0.3.5 08.21.2010 -

Prevx 3.0 08/21/2010 -

Rising 22.61.04.04 20/08/2010 -

Sophos 4.56.0 08.21.2010 -

Sunbelt 6771 21/08/2010 -

SUPERAntiSpyware 4.40.0.1006 08/21/2010 -

Symantec 20101.1.1.7 21/08/2010 -

TheHacker 6.5.2.1.352 08/20/2010 -

TrendMicro 9.120.0.1004 21/08/2010 -

TrendMicro HouseCall-9.120.0.1004 08/21/2010 -

VBA32 3.12.14.0 08/20/2010 -

ViRobot 2010.8.18.3995 08/21/2010 -

VirusBuster 5.0.27.0 08.21.2010 -

MD5: 9aad6a77cdbe6daa9758a28b9145e580

SHA1: caef3e2a2b899d90a8d2be6b5d49af5980603926

SHA256: 2218bb5f7354819b4f363954adba17ec800ae1d8443821e9ce822255f8f133eb

File size: 11.776 bytes

Scan date: 2010-08-21 17:28:13 (UTC)

This is the systemvolumeinformation in the exe file:

Antivirus Version Last Update Result