Win32-Malware-gen --> Unable to remove this malware

Hi Support Team,

I am using Avast Home Edition , My Virus database has been updated till date, but am keep getting the message that avast has detected a “Win32-Malware-gen” Virus/worm , it says recommended option to " Move to Chest " ,i tried to move it, but i keep getting this message various number of times , which is frustrating, And i tried with " delete " and " repair " option as well, which results the same.

Is that mean that avast is unable to delete that virus ? or please advise .

I would be happy if you guys can help me out to resolve this problem permanently.

Anyone who would like to help me can email me @ sethuaug08@gmail.com

Thanks for all your help in advance.

Regards,
Sethu

Is your problem resolved by email?

What is the file name and location ?

I’ve just found exactly the same problem, and would love to know what to do about it! Don’t want to hijack the thread, but my file is C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\01b6201019.exe - there’s also a dll with the same name there.

Cheers.

@richdebc

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[
]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Does it seem like a similar problem I have been having here:

http://forum.avast.com/index.php?topic=51859.0

Thanks Essexboy. MBAM kept crashing, including after I reinstalled it, but once I got as far as telling it to remove the 17 problems it found before it crashed.

After that I ran a Boot-time scan using Avast! which found a whole host of infected files. I moved them all to the chest except explorer.exe which it wouldn’t move. Now there’s no sign of the virus - I can’t figure out if it’s actually gone though, since explorer wasn’t dealt with? A jotti scan of explorer.exe found nothing, and the computer seems to be working fine.

@richdebc Explorer was probably hooked by the malware but not infected

Do you have the MBAM log to see what was there and whether it needs a deeper look

@BradJ Looking now

This is the log… It missed the exe Avast found as I think it was moved to the chest at the time, but found the dll with the same file name (01b620101).

Cheers.

msqpdxserv.sys This is a member of the TDSS family so it may be worth doing a deeper scan if you want

If you want a deeper scan

To ensure that I get all the information this log will need to uploaded to Mediafire and post the sharing link.

Download OTS to your Desktop

[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[]Under Additional Scans check the following:
[
]Reg - Shell Spawning
[]File - Lop Check
[
]File - Purity Scan
[]Evnt - EvtViewer (last 10)
[
]Under custom scans copy and paste the following

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
%systemroot%*. /mp /s
c:$recycle.bin*.* /s
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

OTS seems very thorough! Here’s the log: http://www.mediafire.com/?woxiinhztte

Aye 'tis a thorough log - so far I can see one downloader plus a few of its mates

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.


[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1004336348-879983540-725345543-500\] > -> 
YN -> HKEY_USERS\S-1-5-21-1004336348-879983540-725345543-500\: SearchURL\\"provider" -> gogl
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "rundll32.exe" -> []
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "rundll32.exe" -> []
[Files/Folders - Modified Within 30 Days]
NY ->  leocfucb.job -> C:\WINDOWS.0\tasks\leocfucb.job
NY ->  sdfinacs.dll -> C:\WINDOWS.0\sdfinacs.dll
[File - Lop Check]
NY ->  com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1 -> C:\Documents and Settings\Administrator\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[Custom Scans]
YY ->  setuplog.exe -> C:\setuplog.exe
YY ->  WHAT.EXE -> C:\WHAT.EXE
NY ->  1 C:\*.tmp files -> C:\*.tmp
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Fix log: http://www.mediafire.com/?zm41mowzgod
OTS log after fix: http://www.mediafire.com/?tcizyjinvb2

Not seen any problems since running the avast boot scan…

That looks good

Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.

Brilliant! Thanks so much for your help!

aah i av a virus on my computer, tried avast, avg, spybot S&D, malwarebytes n now microsoft security essentials. it’s a win32. malware-gen virus/worm. so bloody annoying! anyone know how to get rid of it??? keeps popn up every 10 mins from avast saying caution virus detected, tried deleting file, moving to virus vault n even repairing it n nothing works, even googled it n followed all advice I could find… please HELP me. i tried looking up that OTS thing but can’t find it anywhere, can I please have a link to it please? >:( ???

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.

So are you saying that avast can’t move it to the chest ?
If so what errors are given (for deletion also) ?

Have you tried an avast boot-time scan - If you have Win2k, XP, vista or Win7 (all 32bit), you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php. Don’t opt for deletion (you have no options left), always send to the chest and investigate.

Look in the C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt file, check this file using notepad and copy and past the info on the detection.

I hope you haven’t got AVG and avast installed at the same time, not advised.
Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.

I have this same problem. I ran malwarebytes, avast, OTS, and my avast full system scan still detects it. When I try to move it to the chest with avast, it says “Error: The system cannot find the file specified (2)”
I’m running windows 7 64-bit so i can’t do a boot scan. Can anyone help?

Help us out with the file name and location.

under File name it says
‘C:\System Volume Information_restore{615D86ED-B9C8-A1EC-A6CFCAD89AF3}\RP27\A0004670.rbf’

says severity is high =/ at one point my computer said my video driver crashed but was back on and I don’t know what else it might do (if that was from it) so I don’t know if I should stop everything I’m doing to get rid of it now or not. thanks