Win32:Malware-gen

Hi there,

During an Avast boot scan, Win32:Malware-gen was found in
C:\Users\Lina\Documents\To Be Deleted\800score.com GMAT Sample Tests\GMATV1f.exe
C:\Users\Lina\Documents\To Be Deleted\800score.com GMAT Sample Tests\GMATV2f.exe
C:\Users\Lina\Documents\To Be Deleted\800score.com GMAT Sample Tests\GMATV5f.exe

I deleted the files and did an Avast full scan afterward and found two files with Error: The file is a decompression bomb. (42110)
C:\Users\Lina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JHTD5NE\SkypeSetupFull[1].exe|>[Emul]
C:\Users\Lina\AppData\Local\Temp\SkypeSetup.exe|>[Emul]

I couldn’t delete the files from the scan results window so I went to the folders manually and deleted the files. Then I installed Malwarebytes’ Anti-Malware and and followed the instructions I found on the stickied thread and the results came back clean.

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org

Database version: 4713

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/28/2010 6:49:07 PM
mbam-log-2010-09-28 (18-49-07).txt

Scan type: Quick scan
Objects scanned: 140715
Time elapsed: 21 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I also installed OTL and tried to run it using the instructions in the stickied thread, but during the scan, it gave me the error “Cannot create file C:\Users\Lina\desktop\cmd.bat”. Should I be worried that it couldn’t finish scanning?

Also, to give some background, my laptop started running slower a few days ago. The transition from the starting windows screen to the welcome log in screen (Windows 7) went from less than a second to about 10 or 15 seconds. Ejecting my USB flash drives started taking 30 seconds - a minute or so. I also installed some font files as shortcuts, but after rebooting my computer, they disappeared from the fonts folder. Strangely, I can still use them in programs, like Adobe Illustrator. I was also prompted to back up a certificate (I think it was for the folder holding the original font files and the folder was also named in green text).

After I deleted the infected files and scanned with Malwarebytes, I ran a boot scan and full scan again, and everything showed up clean. I just want to make sure my laptop is virus/malware free and that this doesn’t come back to haunt me later on. Would it help if I tried to get a log from an OTL scan again? Are there certain things I can do to make sure my laptop is clean like cleaning out my temporary files? (I don’t know how to do this.)

Thanks a whole lot.

For cleaning temp>>
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

And, yes try to get an OTL log if possible, make sure to post it as an attachment.

Yay, I tried to do the OTL scan again, and it completed this time. Attached are the two text files.

Hi your logs look clean are you experiencing any further problems ?

Hi there,

Sorry for the slow replies. I haven’t been able to get to my laptop as often as I like. Yes, I am experiencing a few new problems, and some older problems reappeared.

  1. The OTL text file which was saved to my desktop after the scan didn’t appear. I had to open a folder and go to the desktop from the folder to see the file. My Extras text file, however, did appear. Even after rebooting, the OTL text file didn’t show on the desktop without going through a folder. Mysteriously, today, both of them are appearing on the desktop.

  2. My font files are still disappearing. At first, they didn’t appear in the font folder, but still worked in programs. Then after the virus scans and all, the programs could not use the fonts anymore. I tried to reinstall and apparently, I had to overwrite files since they were there in the fonts folder. After that, the fonts properly worked again, and the fonts showed in the fonts folder. After a reboot or two, they are gone again. None of my other fonts have this problem.

  3. My slow start up and USB problems disappeared after all the scans. However, they are now back and my laptop is experiencing performance problems again. I don’t know if this is related to the reinstalling of the font files.

I’m going to try to scan my laptop again to see if anything shows up :(. Thank you for helping me with this problem.

It may be that it just needs a little TLC. However, I would like to rule out further malware problems first

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

I ran some scans (boot scan, full scan, Malwarebytes’ scan, defender scan, online HouseCall scan from TrendMicro) and all returned negative results for infections.

I also followed your instructions for ComboFix. The log is attached.

I’m getting quite nervous because strange things are happening to my laptop that I’ve never seen happen before. For one, scanning with HouseCall the first time was all okay. The second time, however (I was trying to do a full scan instead of a quick scan), I kept getting the error that my settings were blocking ActiveX that was needed to run the scan/webpage, but I didn’t change anything between the first and second scan.

Icons are randomly disappearing and appearing, specifically, my Avast icon on right side of the task bar.

Also, after running ComboFix, I couldn’t open any programs on my task bar, my start menu, or even from program files. It gave me an error message that said something along the lines that this program has been marked to be deleted from the registry and I cannot use it. I apologize for not having the word-for-word error messages for these problems. I tried to screenshot the ActiveX error, but then realized I couldn’t open any programs, and didn’t think to write it down before I restarted my laptop.

After I restarted my laptop in safe mode and then again, restarted it regularly, I could open my programs again.

My internet is also irregularly sluggish after restarting my laptop :(.

Time for TLC I feel

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [purity] [emptytemp] [EMPTYFLASH] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

To manually create a new Restore Point

[*]Go to Control Panel and select System and Maintenance
[*]Select System
[*]On the left select Advance System Settings and accept the warning if you get one
[*]Select System Protection Tab
[*]Select Create at the bottom
[*]Type in a name i.e. Clean
[*]Select Create
Now we can purge the infected ones

[*]Go back to the System and Maintenance page
[*]Select Performance Information and Tools
[*]On the left select Open Disk Cleanup
[*]Select Files from all users and accept the warning if you get one
[*]In the drop down box select your main drive i.e. C
[*]For a few moments the system will make some calculations
[*]Select the More Options tab
[*]In the System Restore and Shadow Backups select Clean up
[*]Select Delete on the pop up
[]Select OK
[
]Select Delete
You are now done

Download and run Puran Disc Defragmenter once installed select a boot time defragmentation