Win32-Malware-gen help

Viruses and worms
1

Hi Support Team,

I am using Avast Home Edition , My Virus database has been updated till date, but am keep getting the message that avast has detected a “Win32-Malware-gen”
the message are when i us window 7 . when i us cirom it didnt gave me a messeg …
the virus acordind to avest cest is on windowsliveupdate.exe at users/c:/mcommon/roaming/appdata

i try to oparait aswmbr.exe after a few second it saw in yeloow " service sptd c: "
and then a window “antiootkite cased a problem and avast stopd responding” .

i oparait ots as recomended the loge is very long …what do you need from it ?

can you help ?

2

loges

3

sceern photo

4

one more photo of resent virus found . did not find in in the last scan

5

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

6

OTS is no longer supported by the author and has not been updated now for a few years, OTL will cover all the areas and more. SPTD.sys is OK it is part of Daemon tools

7

the aswMBR will not work ind gives a mistak notice “antiootkite cased a problem and avast stopd responding”
so i cant give loge for it .

ty

8

Try it in safe mode.

9

ok will try safe mode
and alsow otl

10

OK. :slight_smile:

11

no wont work all the way in safe mode
and otl opend in some kind of burning disk way .
i save the loge not sure if it is what we need

12

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

13

here ty

14

help…

15

You will need to reinsert your name exactly as it appears in the computer, otherwise this fix will not work

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm007YYil&ptnrS=HJxdm007YYil&si=CIil0bCavLECFcQNfAodUVQALg&ptb=61C38098-16FB-431A-86C1-127A9D98DBAC&ind=2012072806&n=77edcb66&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-18\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKU\S-1-5-21-1990190135-69616888-3307009411-1000\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm007YYil&ptnrS=HJxdm007YYil&si=CIil0bCavLECFcQNfAodUVQALg&ptb=61C38098-16FB-431A-86C1-127A9D98DBAC&ind=2012072806&n=77edcb66&psa=&st=sb&searchfor={searchTerms}
[2012/10/29 21:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\??? ????\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/12/22 16:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\??? ????\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AGFormHelperObj Class) - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files (x86)\agat\AGForm\AGFormsHelper.dll (Agat software solutions)
O3 - HKLM\..\Toolbar: (AGForms Toolbar) - {8fe28f46-37ad-47b2-8258-34c128636ace} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1990190135-69616888-3307009411-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

16

where it is writen ??? to write my user name?
and where it is writen no nam to give my computer name?

17

There are a series of question marks where the name should be

C:\Users??? ???\AppData

18

is it ok now ?

19

it is steal there

Infection Details
URL: http://93.190.44.14/MUpdate/VersionReque
Process: C:\Program Files (x86)\Internet Explorer…
Infection: Win32:Malware-gen

help

20

Goggel translate…try it http://translate.google.com/

it is steal there = הוא גונב שם

i think you mean … it is still there = הוא עדיין שם