Win32:Malware-gen Please help

Viruses and worms
1

Hi!
I have problem with malware. As I read in some other topics, I downloaded Malwarebytes’ Anti-Malware but the problem is still there
Here is the report:

Malwarebytes’ Anti-Malware 1.44
Različica baze: 3510
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.1.2010 13:16:04
mbam-log-2010-01-26 (13-16-04).txt

Tip pregleda: Hitri pregled
Preverjenih objektov: 112495
Pretečen čas: 8 minute(s), 37 second(s)

Okuženih spominskih procesov: 0
Okuženih spominskih modulov: 0
Okuženih ključev registra: 0
Okuženih vrednosti registra: 2
Okuženih vnosov v register: 1
Okuženih map: 0
Okuženih datotek: 3

Okuženih spominskih procesov:
(Ni bilo najdenih zlonamernih objektov)

Okuženih spominskih modulov:
(Ni bilo najdenih zlonamernih objektov)

Okuženih ključev registra:
(Ni bilo najdenih zlonamernih objektov)

Okuženih vrednosti registra:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssysfs (Trojan.FakeAlert.H) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) → Quarantined and deleted successfully.

Okuženih vnosov v register:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) → Bad: (C:\Windows\system32\userinit.exe,C:\Users\Solman\loa.exe \s) Good: (Userinit.exe) → Quarantined and deleted successfully.

Okuženih map:
(Ni bilo najdenih zlonamernih objektov)

Okuženih datotek:
C:\Windows\System32\znxzzwtq.exe (Trojan.FakeAlert.H) → Delete on reboot.
C:\Users\Solman\downloads\SetupPoker_ea101c.exe (Adware.Casino) → Quarantined and deleted successfully.
C:\Windows\System32\kr_done1 (Malware.Trace) → Quarantined and deleted successfully.

Any help will be very appreciated

2

Always update MBAM before you scan, latest Database is 3640, you have 3510…(Različica baze: 3510)

3

Sorry, my bad. Now it’s updated but didn’t find anything and the problem is still here… any further help, please?

4

you dont say what the problem is? is something detected? What? ......is it Win32:Malware-gen ? What program is detecting it? is it avast? Where is it found? cant it be removed? …have you tried boot scan?

follow essexboy guide here and post the logs in your next reply
http://forum.avast.com/index.php?topic=53253.0

5

My avast is constantly detecting Win32:Malware-gen. I moved it to the chest but it doesn’t help, avast’s caution is still popping up
C:\Windows\System32\162432.exe - that’s the name of the file, just the numbers are changing.

The logs from OTL are also attached

6

essexboy will look at your logs when he arrives … :wink:

7

On completion of this can you let me know if you still get the alerts

Run OTL.exe

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\Run: [lihcptn] C:\Windows\System32\lihcptn.exe ()
[2010.01.25 23:22:09 | 00,004,985 | ---- | M] () -- C:\ProgramData\ojvzdisj.xda
[2010.01.25 23:25:34 | 00,057,344 | -H-- | M] () -- C:\Users\Solman\loa.exe

:Commands
[purity]
[emptytemp]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

8

essexboy thanks a lot!! it’s working fine now.
Thanks once again! :slight_smile:
Cheers

9

Run OTL and hit the cleanup button and the tools will disappear