Hey people i need help…my avast scans has been showing me Win32:Malware-gen is a severe threat in my computer yet avast does not have the removal button (repair/move to virus chest etc…) so i dont know how am i going to remove it =(. Anyone would like to enlighten me?
yet avast does not have the removal button (repair/move to virus chest etc..)do you mean the button is gone? or grey and dont work ?....if so i have a pretty good idea of what is happening ;)
can you attach a screenshot ?..or write down what avast say
you have to give more info on what file is detected?
where is it located?
Sorry i meant there is the “Apply” button for repair/move to chest/do nothing etc…but i cant click on the “Apply” button. The appearance of the button is sort of translucent.
Im not sure which file it is located in, but the file name is Process 240 [explorer.exe], memory block 0x0000000001000000, block size 1044480 [explorer.exe]
Detections in Memory (which this is) -
My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory. Since they aren’t physical files they can’t be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.
The detections in memory are frequently other security applications loading unencrypted virus signatures into memory (but not in this instance). Having set off a scan of memory, don’t be too surprised if it finds some weird results in memory.
So are you saying that there’s no problem with my computer?
the problem is using “Scan memory” setting… you are not the only one if you search the forum
i recomend using the default quick/full scan with default settings. Do not change the settings if you do not know the result
The avast guys have played with malware 24/7 in more the 20years so they know what works best…
So there shouldnt be anything wrong with my computer? because i wonder if the infected memory has got to do with my msn account being hacked
If You think You are infected, then follow this guide and attach all logs
http://forum.avast.com/index.php?topic=53253.0
I’ve just had Avast tell me I have it too. Coincidence or a false positive? Anyway I was able to put it into the chest and do a boot scan, when it found it somewhere else as well. Both now safely in the chest.
Bill.
Well with no information in your post on the file name and location, we can’t even hazard a guess.
Also your issue can’t possible be the same as this one as you have moved them to the chest and that isn’t possible with memory detections as it isn’t a physical file.
So hopefully you can see the need for more detailed information on the detection.
I meant the same infection - win32:Malware-gen. I don’t need any help, as my post indicates.
The problem being that the win32:Malware-gen is a generic signature and will cover many different malware instances (variants).
The major thing in this topic is that it is a detection in memory (no physical file but a memory block) not a regular scan detection on a file so there really can be no comparison (for it to be coincidence). That is why I commented as it only clouds/confuses this particular topic.
Sorry, I didn’t realise that. Forget I spoke.
Thank you to ngteckchin for starting this thread. I was tearing my hair out trying to get rid of the same beastie. Mine was here: C:\WINDOWS\assembly\GAC_MISL\trz10.tmp. The APPLY button wasn’t working when I tried to delete the little bugger.
I could only locate the file because I am lucky enough to have Xyplorer on my system and, unlike Windows Explorer, it shows the contents of C:\WINDOWS\assembly. However, I couldn’t delete it or upload it to VirusTotal or send it to AVAST.
I gave it one more try, just now, and AVAST ate it. I’m very pleased. HOWEVER, I hope it really is a virus, unlike these: NMSACESS.EXE and PSPSERVICE.EXE and mrxsmb.sys that were placed in the virus chest.
I believe yours is somewhat different to the Original Poster, given the location isn’t in memory, unless this is the process responsible for loading (which I doubt).
So we are going to need more information and this may well need more investigation by a malware removal specialist as the C:\WINDOWS\assembly\GAC location has been associated with other malware.
It would probably be better that you create your own new topic (in the viruses and worms forum) and give the outline of the detections, if avast is also alerting on other attempts to connect to malicious sites.
Hi, I have the same problem avas detected Win32:Malware-gen and it locate c:/users/public/downloads. I tryed to scan with my avast then the scan ends it show me a lot of trojan files. And if I try to delete i won’t works. i try to fix useing malwarebites’ anti-malware, and useing OTS. ps. sory for not good english i hope you understand me
create a new topic in the virus and worms section…
then follow this guide and attch the logs requested
http://forum.avast.com/index.php?topic=53253.0
Exactly the same problem here, same memory block, same
Win32.Malware.Gen infecting Explorer.exe.
Just yesterday, when I did a full scan of all files. Repeating a
custom scan to scan memory turned up the same result, but
a different Process each time, currently Process 1400.
I was wondering if it was a false alarm or a bug.
Is Win32.Malware.Gen a worm now embedded into memory and
acting a some keylogger ?
This guy reports exactly the same problem just a week ago.