Hello,
Avast detected the win32 malware gen worm. I followed the forums and downloaded Malwarebytes but it is still being detected.
I still can’t seem to remove the malware. Here is the message I get from avast:
c:\program files\common files\akamai\controlpanel_installer.exe
win32:Malware-Gen
VPS Version 100331-2, 03/03/2010
Thanks
can you upload controlpanel_installer.exe to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
also post malwarebytes scan log
More about this:
Product: (Empty Value)
Company: (Empty Value)
Description: (Empty Value)
Version: (Empty Value)
MD5: B2EBCA91B17D67D87B0432BAE0D9A22A
Size: 6046131
Directory: %COMMONFILES%\Akamai\ControlPanel_Installer.exe
Operating System: Windows 7
It sounds like the Akamai control Panel is executing Visual C++ Package, maybe to update it to the latest version (or check the latest is installed). Check if vcredist_86.exe is signed by Microsoft and scan against VT. It’s Akamai’s; is there anything such in your Add/Remove Programs? If so, uninstall this,
polonus
Thanks for your reply guys! I am actually using Vista.
polonus- How do i check if the exe file is signed by microsoft?
I can’t seem to locate controlpanel_installer.exe either. Where do I go find this? THanks.
You right click the excecutable file for properties and then click details and you find the info there if available. If you cannot find it. Did you look in the avast chest? Was it quarantined?
polonus
Thanks for your fast reply.
I found the controlpanel_installer.exe file, it was not in chest or quarantined. I just overlooked it the first time. When i try to upload file into virus total. I get a msg saying I do not have permission to open the file contact owner or adminstrator.
I then tried to right click and run as admin but get this msg:
Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access them.
I was unable to locate credist_86.exe. Which folder is that in? Thanks again
problem is still not resolved any help would be greatly appreciated. Thanks.
Hi lets have a quick look at your system
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
THEN
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
Hi thanks for your fast reply and helping me out ont his. Please see attachment for OTL Logs
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL SRV - [2011/08/16 10:51:06 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai) IE - HKU\S-1-5-21-2330244226-887321551-1427558123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] O33 - MountPoints2\{3bafb107-dea6-11de-b164-00188b6aae16}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL FoIler.EXe [2011/08/18 14:05:02 | 000,072,080 | ---- | M] () -- C:\Users\Stanley\g2mdlhlpx.exe:Files
ipconfig /flushdns /c
C:\Program Files\Common Files\Akamai:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]