Win32:Malware-gen

Hi there,

On Wednesday last week all search engines stopped working for me (I’d click on a link, wait ages and then be taken to site which is nothing to do with the link I clicked)

Then, yesterday I got a Virus warning from my Avast (ver 4.8) saying I had Win32:Malware-gen in C:\Userts\My Name\AppData\Local\Windows\winhelp.exe. Everything I tried from the available actions didn’t work, the warning would return a few seconds later. I tried MBAM which told I had 3 files infected with 2 Malwares and a Trogan horse but not Win32:Malware-gen. That worked for a day (and search engines worked again) but this morning I got the same warning and MBAM again but now it keeps coming back. Please help me.
Thanks in advance, Wibbers.

Here is a copy of the latest log from MBAM:

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4410

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/08/2010 12:22:49
mbam-log-2010-08-10 (12-22-49).txt

Scan type: Quick scan
Objects scanned: 217156
Time elapsed: 36 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) → Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Tom Wiblin\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) → Quarantined and deleted successfully.
C:\Users\Tom Wiblin\Templates\memory.tmp (Trojan.Agent) → Quarantined and deleted successfully.

run malwarebytes again if it detect the infected files delete them restart your pc and a run “full scan” with ccleaner,it may help

Lolwut?

I second this.

I scanned it again with MBAM and got the same result. I should point out that search engines still work, they just take me to my site slower that they would virus/malware-free.

Two lolwuts at suggesting that I do a full scan with CCleaner. What would happen if I do and what action should I reall take?

It’s just that there is no such thing as “Full scan” in CCLeaner. Just start it and click “Clean” - that’s it.

eee yes i meant clean,lol come on

wibbers,

Please give me your OS, RAM, 32 or 64-bit?

I noticed you are using some outdated software: your IE browser needs to be updated from 7 to 8 (soon to be 9), which puts you at risk for malware. In addition, you are still using the old version of Avast 4.0 instead of 5.0.594, which has been out for over six months.

What version of Avast are you using - Free, Pro, AIS?

Are you up to date with your MS Updates?

What other security software do you have on this machine - both current and previously (including Antivirus (AV), Firewall (FW), other security software either resident or on-demand? I know you have MBAM, and as you know you need to do an update of it prior to running a scan.

Have you done an Avast Boot-time scan yet (you can’t do it if you have a 64-bit machine)? Clean? If not, please list what is in your log.

You asked what CCleaner does:
CCleaner http://www.piriform.com/ccleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files (cache, temporary Internet files, etc.) from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner and does registry backups (recommended prior to cleaning registry unless you know what you are doing). Remember when installing, to uncheck the Yahoo toolbar.

Once we get your system cleaned up of malware, we’ll make sure your software is up to date and machine cleaned up. But first I’ll need the answers above. Thanks.