Win32:Malware-gen

My friend told me to get avast for an antivisus as that is what he uses… I downloaded it and did a quick scan and got rid of most of the infected files that where there… later I got a thing saying “Severity High” “Threat: Win32:Malware-gen” I have no idea of what to do and pretty much feel hopeless as I downloaded this to stop this type of shit from happening… What am I suppose to do?

Could you attach a screenshot of the Avast alert

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

here… I may or may not have posted it more than once because something isn’t working…

I would like to apologize for my lack of understnading of this… I did what you said… and only one notepad popped up… I hope I did this right

Not a problem, there are still some adware remnants

On completion of this let me know if the alerts cease

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-259030303-1543767891-3204333296-1001\..\SearchScopes\{26F10751-E5BB-40BB-92FA-4571BE20787A}: "URL" = http://www.mysearchresults.com/search?c=3254&t=15&q={searchTerms}
IE - HKU\S-1-5-21-259030303-1543767891-3204333296-1001\..\SearchScopes\{5EE3E145-2BBB-47FA-881D-7D1D2A889471}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN39938949212792126&UM=2
O2 - BHO: (CostMin) - {4CB07BB9-E1CA-E434-4524-1C6DA885A4B8} - C:\ProgramData\CostMin\bl.dll ()
O2 - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O2 - BHO: (GetSavin 5.0) - {CC9C9B00-26A0-4E79-BEFA-617F7169CBA0} - C:\Users\Trevor\AppData\Local\getsavin\ie\getsavin_1375386601.dll File not foundC:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\alohidmgbcbmihbeifnnadoogmpfehjd
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-259030303-1543767891-3204333296-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-259030303-1543767891-3204333296-1001..\Run: [TBHostSupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Trevor\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin File not found
[2014/01/03 01:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup

:Files
C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
C:\Users\Trevor\AppData\Local\getsavin
C:\ProgramData\CostMin

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

Well I may just wait until I can contact my uncle… Last time I had a virus he fixed it with ease… Once he does arrive I will show him this and have him help with this as in I don’t trust my self to do this… As long as not worrying about the problem isn’t harmful I’ll probably just stay to what I said…

It is only adware that I can see and when they call home Avast will alert you to a potential issue

But no problem whichever way makes you happy :slight_smile:

So theres nothing big wrong? I wish I could say I have proof but I decided to make the screenshot low quality and delete the original one so now I can’t make it better… I was thinking I may have downloaded the Avast! off the wrong site maybe? Should I un-install it and maybe reinstall it or something… only reason I think that of being a case is because why would something pop up saying a high severity?

Again we need to determine what the actual alert was, if it was whilst you were on a website and you received a MalURL warning then that would indicate an infection on that website, and as some lead direct to zero access malware then that would be severe. But as I could not read what it said I am just assuming at the moment

Like it wasn’t a website pop up type thing… I believe… It was saying something was located in someplace related to nvida… and it was just random… I wasn’t on any sites that would have maleware unless twitch and pandora got taken over…

OK were you updating your NVIDIA drivers around this time ?

No I believe the last time I had done the was 2 days ago…

Have you done a scan with Avast since the alert ? Did it detect anything

I was thinking of doing that but I didn’t want to mess with it and make anything worse… But I’ll do a scan really quick

Did a quick scan and it picked up nothing…

OK as it was NVIDIA some of there drivers will for a period be set as hidden, Avast does not like hidden files as they can be dangerous so it will alert on them