My friend has a virus on his computer.

Avast picks up this virus and moves to chest but the virus remains. I’ve ran a boot scan a few times. I’ve ran MalwareBytes and SuperAntiSpyware. Unfortunately the virus continues to exist.

Here is the message. Seems to be 2 different areas:

“Original File: 000000002.@
Original Folder: c:\windows\assembly\tmp\u
Virus Description: Win32:Malware-gen”

And Another…
“Original File: kwrd.dll
Original Folder: c:\windows\assembly\tmp
Virus Description: Win32:Malware-gen”

Attached are the logs.

Most grateful for your assistance.

welcome to the forum.

someone will check thoose logs for you.

did malwrebytes or superantispywre pick anything up?

Hi, Thank you.

Yes MalwareBytes and SuperAntiSpyware did pick up and quarantine about 5 things together.

The only thing left that is manifesting is Avast catching this windows/assembly message. Usually happens when I click to open IE. But some programs when trying to run them, it will give the same message and the program won’t open.

I did try using Kaspersky Removal tool but it didn’t detect. Only Avast Pro is detecting now.

Unfortunately essexboy, who normally covers these analysis and specialist malware removal tasks is on holiday. There a couple of others who have experience of the analysis of the OTL logs, but they aren’t a frequently on-line as essexboy is/was.

Essexboy is on holiday and will be away from his system 28th September to 6th October. It may take him a little while after that to aclimatise ;D

In the meantime, you could go to Geekstogo forum. Before posting read this topic, http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide/, include in the first post a description of the problem, the OTL scan logs and the aswMBR log. That should get a quick response.