Win32-Malware-gen

Hi, I’m getting a virus warning everyday when i on my computer with Win32-Malware-gen infected in C:\WINDOWS.0\system32\WINABC.HLP . i clicked the repair button, but the warning keep popping up also. any ways to cure this ?thx… :-* Here, i attached a HJT file. hope someone can help me…

HI there,

Please aware with :

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Kind

Safe
Safe
Unknown application.
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
Visitor’s assessment Analyzerdetails
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - D:\Eread\eREAD\WebHook.dll (file missing)

Kind

Unnecessary (deactivated) entry that can be fixed. WebHook.dll - eREAD6.0 Chinese text-to speech software

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

Kind

Neutral

Those is missing file that you need to fixed.

Anyway, please do a boot time scan with your pc. For infected file, sometimes you can’t repair but neeed to delete it.

thx…i will try to fix it…but deleting it wouldn’t affect the system?coz the system file is infected.

Repair isn’t an option as the WINABC.HLP wouldn’t be covered by the VRDB which would try to effect the repair, it is also a strange location (system32) for a supposed help file.

See http://www.prevx.com/filenames/X2738540452281116921-X1/WINABC.HLP.html.

I would suggest sending it to the chest where it can do no harm NOT Delete, whilst we investigate.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

http://www.virustotal.com/reanalisis.html?78bb65fe894fa2ed9d3dcba6ec679ff66c702b100e948ccf12489f7601400b8f-1258995712 is this what u want?

It is actually this one, you had to click on re-analyse…

http://www.virustotal.com/analisis/78bb65fe894fa2ed9d3dcba6ec679ff66c702b100e948ccf12489f7601400b8f-1258995712

Result: 29/41 (70.74%)

I’d say it is infected…

Yes, the VT results are pretty conclusive a good detection, so I would say you should ensure that it is no longer in the original location. If it is, you can scan it again and when avast alerts send it to the chest.

It shouldn’t come back once it is secure in the chest, however if it does:
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

After running a scan a Win32.:Malware-gen was found in C:\System Volume Information_restpre(46DE8921-1D39-44D@-A9E9-641. The rcommended action was move to chest. When I do this I get a message that says Virus chest server is not running. RPC communication failed and it says it cannot process the above file. What should I do?

E:\Images\CapturedScreenPrint\forum-new-topic.gif - Please start a New Topic of your own as this seems unrelated to the original subject and will just confuse the topic and we will try to help.

  • Go to this link, http://forum.avast.com/index.php, scroll down to the Viruses and Worms forum and click it, click the New Topic button at the top of the list and post there.

thx for everyone’s help… i already move everything to chest.hope the virus warning doesnt appear again…^^

You’re welcome, but you should still download, install, run and report the findings of the two applications I suggested.

this is what i got from Malwarebyte.

Run MBAM again and quarantine.

hi try dr.web cure it and get rid of headache :wink:

Yes it conformed the need tr run it, as has been said you should run it again and remove them, see image.

You should now run SAS, though it probably won’t find anything but cookies, not an issue and report its findings.