Win32:Malware-gen on brand new laptop

Hi Everyone,

I started getting these outdated Java pop ups after a couple hours of using the laptop so I ran a boot time scan and now have the above in the chest.

My old laptop completely stopped working soon after a reinstall having become infected with a few viruses, including iirc this one. I’m really worried that the same thing might happen this one which I just bought to replace it. The new laptop is acting odd, although i’m not getting the pop ups anymore I’m not sure if this is due to me installing adblocker plus and I’m actually still infected? I keep getting page cannot be displayed with sites/pages which is unusual for me…

I also ran a linux live cd on a different laptop while I was waiting for new laptop to arrive and starting getting the same constant Java outdated pop ups on certain websites followed by download attempts. I never save session on live cds and thought a restart would solve it which it didn’t. Then I tried a few other live cds and had the same problem with these pop ups on certain sites. Finally I tried a Kubuntu live cd and didn’t get the pop ups but did get odd behaviour, like I could log into my hotmail account but couldn’t open anything and had certain webpages refusing to open.

I don’t know how it got infected? I wasn’t doing anything risky, the only thing I can think of is if the flash drive I used to back up on the infected computer somehow then infected the rest? But even then I didn’t really open anything on it apart from a few works files.

When the Java thing popped up and tried to download on the new laptop Avast warned me and appeared to block it from downloading so why am I still infected with it?

Thanks in advance,

What file was detected?
Where was it located, full file path?

Follow instructions https://forum.avast.com/index.php?topic=53253.0
Attach Malwarebytes / Farbar Recovery Scan tool / aswMBR logs

Since it is a brand new laptop, is there or was there any other anti-malware software installed?
If so which one (and how did you removed it)?
What os/sp is on it?

“What file was detected?
Where was it located, full file path?”

I have this listed for it in the virus chest:

Original file name: Unconfirmed 170105.crdownload
Original file name: Unconfirmed 929304.crdownload

They’re both located in the download section of my user account on my C drive.

“Since it is a brand new laptop, is there or was there any other anti-malware software installed?
If so which one (and how did you removed it)?
What os/sp is on it?”

Only McAfee which was under listed programs and I uninstalled it through control panel. It has Windows 8 64bit.

*Every time I try to quote a message by clicking insert quote the screen moves up but nothing happens, am I doing something wrong?

Removing McAcrap through control panel is not enough.
http://www.ache.nl > Malware? > remove (old) av

I also see you have Windows Defender running, disable it.

I’ve also got the log from the MCShield scan which I also ran on the suspect flash drive. It looks like the scan brought up nothing but while it was scanning the program popped up with “Don’t stop the scan the drive is infected”?

Also does it matter that I moved most of these logs to a folder on my documents and then attached them (with the exception of the Malwarebytes one) directly from there rather than desktop?

*Every time I try to quote a message by clicking insert quote the screen moves up but nothing happens, am I doing something wrong?
to quote it all .... use quote button at top right in post to quote some parts .... like i did now.... use the quote icon (13 from left) copy and paste in the txt you will quote

MCShield log is not readable … seems to be saved in Unicode, must be saved as ANSI

I don’t know to save it in that format, can I copy and paste the log here? It’s pretty short.

“to quote some parts … like i did now… use the quote icon (13 from left) copy and paste in the txt you will quote”

Sorry, 13 from left where? I don’t have any icons coming up on my post reply page.

Thanks

When you have the log open, choose “save as” and select ansi.

I already tried doing that, ANSI wasn’t there as an option.

Sorry, 13 from left where? I don't have any icons coming up on my post reply page.
strange, when i hit reply i have lots of icons, smileys and other options above the box i write in

I think I’ve managed to save the McShield log in ANSI…

170105.crdownload these are partial downloads and as such are inactive. There is no sign of malware on the other logs, but Avast is still finding the partial download

Delete them from your downloads folder and the alerts should go

The problem isn’t Avast alerts, I’m not getting those but I want to know if having the Java outdated alerts which stopped me being able to use certain websites were a sign of an infection? By that I mean can you have that problem and not actually be infected unless it fully downloads? I disabled adblocker plus and still don’t seem to be getting the pop up anymore but I find it odd that within a very short time frame I got this problem on 3 different laptops and even on different operating systems?

And I’m concerned about McShield initially saying the flash drive was infected even though the scan came out clear. This is same drive I had in the old infected laptop which I then used on the other 2.

If there is still some sort of issue with it should restoring to factory settings get rid of anything else that might be hiding somewhere?

If you are getting it on three different systems then I would suspect the router, could you reset that

Yeah I will but it happened with two different routers, I mean the new laptop has only been used on someone else’s router and they’re not having any malware issues. I’m not sure that’s it…

Could you post a screenshot of the alert please

I’m not getting the alert anymore so I can’t but there are screen shots of it online under “Outdated Java Plugin detected”. It wasn’t really like a regular pop up, it took over the whole screen and would start to download by itself. If I tried to go back the website the same thing would happen again and again.

Pondus here’s the McShield scan log:

MCShield AllScans.txt <<<


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.9.1 / Windows 8 <<<

18/08/2014 06:55:32 > Drive C: - scan started (OS ~186 GB, NTFS HDD )…

=> The drive is clean.

18/08/2014 06:55:32 > Drive D: - scan started (Data ~258 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.9.1 / Windows 8 <<<

18/08/2014 06:57:05 > Drive F: - scan started (no label ~3827 MB, FAT32 flash drive )…

F:\autorun.inf > Legitimate file.

=> The drive is clean.

Thanks