Win32.Malware-gen

Avast free version found the above threat and suggested I run a scan during boot up which is almost complete. Before doing so, I ran malwarebytes and it found 2 things which did not mention malware-gen. Sorry I did not make note of them, but I had it take care of them. I am now waiting for the long Avast scan to complete while I type this on my phone.
It has found some things which I’ll have to shorten since I can’t copy. They all begin with File C:\users\Dee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2fc1f1cd-318afb4l->been
Here’s the endings:
nforce.class is infected by Java:Malware-gen [Trj]
piro.class is infected by Java:Agent
Scan completed and I didn’t get to copy all. Went to Avast for results of 6 high severity threats! I’m not sure if Avast was able to fix but when I applied “fix automatically” it says "error the system cannot find the file specified. Here are the threats:
Java:cve-2010-0842-L Exp
" " " " 0842-E Exp
Java:Malware-gen Trj
Java Agent DU Exp
Java Malware-gen Trj
" " " "
Please help me and instruct in very simple terms since I am a novice. Should I restore to an earlier date since my laptop is running really slow lately. Also is it safe for me to sign on to your forum on my infected computer? I greatly appreciate your help. I’m really worried about this.

Follow the instructions:
https://forum.avast.com/index.php?topic=53253.0

The CVE is not malware, but a exploit, hence the EXP.
There is already a patch for it since 2010(!)
You really should keep your software up-to-date.
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Exploit%3AJava%2FCVE-2010-0842.A

You are so sweet to help. For some reason I cannot find the export button after running malwarebytes. Btw there was nothing detected. I hate to go to the next step til I find it.

open malwarebytes > (top right) History > (left side) Application Logs > Double click the one you want to open > (Lower left) Export to text file (txt)

Malwarebytes User Guide https://www.malwarebytes.org/support/guides/mbam/

C:\users\Dee\AppData\LocalLow\Sun\Java\Deployment\[b]cache[/b]\6.0\13\2fc1f1cd-318afb4l->been\

empty/clear java cache …

first run CCleaner free https://www.piriform.com/ccleaner/download

then run TFC cleaner http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

make sure you have latest java, and if you see more then one listed in ad/remove programs, remove the old one(s)

continue with the logs from the guide Eddy gave you, then a malware expert will check when online … it will take some hours

On malwarebytes history log page, the export button is covered by my icons at bottom so not sure how to get to it. Also don’t know how to clear java cache. Sorry I’m like a first grader when it comes to this stuff. Is it safe for me to log in here on my infected computer? It’s hard to communicate on my phone.

After Mbam finished scanning, you can chose to view details and there will be a button to export the log as well.

To clear the java cache, use the tools Pondus mentioned.

Please run Farbar (First) and attach the logs to your next post.
We really need those log files (FRST.txt and addition.txt)

Thanks again! I ran Farbar…is it safe to sign on here using my infected computer and post results?

Yes, attach the logs and I will create a script for you

Thanks, Essexboy! You are so kind to help!
I ran the MBAM scan, but am having trouble getting to the buttons at the bottom of the page since they are covered by my icons. Btw, there was nothing found on the scan. Please instruct me on how to uncover the buttons so that I may post the results.

I’m trying to attach Farbar FRST you requested. Will try again if it doesn’t work.

Here is farbar addition hopefully attached.

If MBAM is clean then I have no need to see it

Could you let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-3631994560-431200245-383745115-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File 2015-02-13 14:18 - 2014-05-13 09:15 - 00010240 _____ () C:\Users\Dee\AppData\Local\Z@!-3bc42c48-12ad-4c7a-925c-188160370819.tmp 2015-02-13 14:18 - 2014-05-13 09:15 - 00009216 _____ () C:\Users\Dee\AppData\Local\Z@S!-a8409c65-1805-4541-9ec1-792047ff7241.tmp 2012-01-19 00:29 - 2012-01-20 12:19 - 0001883 _____ () C:\Users\Dee\AppData\Roaming\1e931802 2012-01-19 00:29 - 2012-01-20 12:19 - 0001960 _____ () C:\Users\Dee\AppData\Local\dd2c39f8 2015-02-13 14:18 - 2014-05-13 09:15 - 0010240 _____ () C:\Users\Dee\AppData\Local\Z@!-3bc42c48-12ad-4c7a-925c-188160370819.tmp 2015-02-13 14:18 - 2014-05-13 09:15 - 0009216 _____ () C:\Users\Dee\AppData\Local\Z@S!-a8409c65-1805-4541-9ec1-792047ff7241.tmp 2012-01-19 00:29 - 2012-01-20 12:19 - 0001838 _____ () C:\ProgramData\4b67dbe8 CustomCLSID: HKU\S-1-5-21-3631994560-431200245-383745115-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dee\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3631994560-431200245-383745115-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dee\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3631994560-431200245-383745115-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3631994560-431200245-383745115-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dee\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3631994560-431200245-383745115-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dee\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Essexboy, Sorry to bother you again, but wanted to make sure I do this right.

NOTE. It’s important that both FRST and fixlist.txt are in the same location or the fix will not work.

How do I make sure where this was saved?
Is it the list like I sent you or something that was automatically saved?
The reason I ask is earlier after running Farbar I went to save the results that it printed out and it said I already had saved something with the same name. Anyway, I named the one I was saving with a different name to make sure I had it since I wasn’t sure if it was the results that were already saved or part of the program. I believe all of them are saved in the same place with different names will that be a problem?
Hope you understand what I’m asking.

Hi slow learner,

Probably you’d have to wait until to-morrow for an answer.
essexboy might have turned in and will be fast asleep.
He is facing another working day to-morrow and will be on duty later.
The clock is ticking well after midnight here in CET.
Just the night owls are still fumbling through some malcode descriptions,
like little old me,

polonus

Essexboy,
I realize I have 2 downloads of FRST64
One is titled FRST64, the other FRST64 (1)
They are both 1.99 MB
One is file version: 29.2.2015.0 created 3/2/2015 12.29 AM
The other is file version 2.3.2015.0 created 3/2/2015 12:33 PM

Should I delete one of them before running it?
Which one should I run and which one should I delete?
Do I delete by right clicking?
Thanks again for your help.

Ensure that the FRST programme, any one of the two you have, is on your desktop

Then ensure that Fixlist.txt is on the desktop as well

Start FRST and then press Fix

Adwcleaner ran and now says:
Waiting for action. Please uncheck elements you want to keep.
Don’t know what to do.

click clean button … it will ask for a reboot …post the log that pops up after reboot

Essexboy,
Here is the fix log and also the Adwcleaner results. There should be 2 files attached.
Please check them. My computer is running better. Not sure if it’s all fixed yet or not.
For example, I have to use the up and down arrows to scroll the page.
Please advise on weather it is safe for me to sign on in my email accounts, etc.
I need to be sure there is no spyware left before doing so, although I’m anxious to
do so.
Thank you for your help and your patience with me.

Here’s the fixlog… looks like it didn’t copy before.