I’ve done some searching on the forums and I think I’ve found similar cases, but none quite like mine: the problem I am having is that every time I start up Firefox after the computer has turned on (either from starting up normally, waking up from sleep, etc), avast! notifies me of a threat 3 times in a row. If I try starting up Firefox again without turning off the computer in some way, I don’t get the notifications any more. Also, the second and third notifications both have the added option of “reporting it as a false-positive.” I am doubtful that it is a false-positive considering the fact that every single virus avast! has identified in association with Firefox (since this started happening about a week ago) is a Win32:Malware-gen.
My Software Updater had been in a critical state (38%) for a while and I hadn’t noticed until yesterday, so I went in and updated everything that needed updating, which brought me up to 98%. I thought that perhaps this was the issue since Firefox was one of the programs that needed updating, but since rebooting and then putting the computer on sleep several times after that, I am still having the same problem.
Here is the path of the infection: C:\Users\AppData\Local\Mozilla\Firefox\Profiles\z365md9y.default\Cache\5\4A
I have checked this particular folder and it comes up as empty. I’ve also had avast! scan Firefox itself and it has not found anything. Anyway, I would appreciate any and all help to shed some light on this matter. I will start a full scan on the computer with MBAM and post the log as soon as possible. What other logs do I need for this case? Please let me know and I will get those posted as soon as possible as well.
EDIT: Attached AdwCleaner log, MBAM log, and OTL/Extras logs. aswMBR will be attached in a second reply as I can only have 4 attachments.
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva356.sys -- (XDva356)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva332.sys -- (XDva332)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva295.sys -- (XDva295)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva288.sys -- (XDva288)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva279.sys -- (XDva279)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva275.sys -- (XDva275)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva190.sys -- (XDva190)
IE - HKU\S-1-5-21-3039263285-874054487-4266135133-1001\..\URLSearchHook: *{2558d83c-097c-4cf1-9163-ce5ecc36ace2} - No CLSID value found
IE - HKU\S-1-5-21-3039263285-874054487-4266135133-1001\..\URLSearchHook: *{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3039263285-874054487-4266135133-1001\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - No CLSID value found.
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3039263285-874054487-4266135133-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3039263285-874054487-4266135133-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
[2013/05/29 10:38:24 | 000,000,000 | ---D | M] -- C:\Users\BRANDON\AppData\Roaming\MCommon
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Thank you for pointing out AVG, I didn’t realize that. I think I’ve gotten rid of it now. So what is this big block of code for? Is it to make sure that AVG is gone or is it checking into what’s causing the Win32:Malware-gen to pop up? I’ll do it, I’m just curious.
Also, I am not sure if I can reproduce those notifications. When I got up today I started up by computer and upon Firefox startup, I got the notifications. Then I came here and did the AVG fix, after which my computer had to be rebooted twice. On the third reboot, after starting up Firefox, I got no notifications (when I should have)… so either the problem is fixed or it’s just acting weird. Anyway, I’ll post the next log as soon as I can.
Yeah, I thought I’d gotten rid of AVG a long time ago… I’m glad you pointed it out. And thanks for the tidying up, I appreciate that :)!
The scan finished, so here’s the log. Upon reboot I started up Firefox again, no “Threat Detected” notification… I hope it’s gone, but something tells me it might not be that simple. Just call it a gut feeling.
I see, thank you very much for your help! Feeling a lot better now, phew. So, if you don’t mind me asking, what exactly is it that a Win32:Malware-gen does to one’s system? I had gotten one before and read up on it a little bit, but that was a while ago - I mean, it’s malware so obviously it can’t be good, but if I remember correctly the severity of it isn’t very high either.
Also, I’m guessing it’s safe for me to “Delete” all of the Win32:Malware-gens that have accrued in my vault? Haha. I always get a little paranoid about “deleting” viruses. I question the ease of it I guess! avast! is just so dependable.
Also, I'm guessing it's safe for me to "Delete" all of the Win32:Malware-gens that have accrued in my vault? Haha. I always get a little paranoid about "deleting" viruses. I question the ease of it I guess! avast! is just so dependable.
there is no rush to delete anything from virus chest....
that why there is a quarantine, you then have the option to restore if something goes wrong.
so let it stay there for a couple of weeks, if all is ok, then delete