Win32:malware-gen Windows 7

Viruses and worms
1

Hi hope this is the right place to ask this question
I’m running windows 7 ultimate with avast home. keep getting warning from avast that win32:malware-gen is present but it keeps changing location last instance was C:\Windows\Temp\0428aeda96ec81e77c99b55092c7cff1.exe. I have done a scan in safe mode to no avail. downloaded antimalwarebytes made sure it was up to date but it found nothing. I have run ots and generated a report but unfortunately this means nothing to me. could someone have alook at it and advise me please
thanks
Chris

2

Try this

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.


[Unregister Dlls]
[Win32 Services - Safe List]
YY -> (cffdddaab) fe6ce85c26887f9ae87b2404bb8c175c [Auto | Stopped] -> C:\Windows\cffdddaab.exe
[Files/Folders - Modified Within 30 Days]
NY ->  cffdddaab.dll -> C:\Windows\System32\cffdddaab.dll
NY ->  cffdddaab.exe -> C:\Windows\cffdddaab.exe
NY ->  9 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
[Files - No Company Name]
NY ->  cffdddaab.dll -> C:\Windows\System32\cffdddaab.dll
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

3

That was Quick Cheers heres the new report

4

ots2

5

OK the service has died - so lets check for orphans

Malwarebytes’ Anti-Malware
Please download Malwarebytes’ Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

6

Malwarebytes’ Anti-Malware 1.44
Database version: 3565
Windows 6.1.7127
Internet Explorer 8.0.7127.0

14/01/2010 22:41:05
mbam-log-2010-01-14 (22-41-05).txt

Scan type: Quick Scan
Objects scanned: 102426
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

All seems ok Thankyou. Are there any topics i can read to see what you actually did and what to look for?

Thanks very much again

Chris

7

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove. But that may be a useful tool to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

SPRING CLEAN

Download TFC to your desktop

[*]Open the file and close any other windows.
[*]It will close all programs itself when run, make sure to let it run uninterrupted.
[*]Click the Start button to begin the process. The program should not take long to finish its job
[*]Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[]SpywareBlaster to help prevent spyware from installing in the first place.
[]SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave:

8

All done advice heeded thanks again Chris

9

Keep safe