Win32:Malware-gen

Hi All,

My parents bought an HP All-in-one desktop brand new on the 30/12/14. The first thing we did was install Avast anti-virus. Then we went and installed Microsoft Office 2013. They are on Windows 8.1 OS.

Within a couple of hours of turning on this brand new computer, they started having a ‘THREAT DETECTED’ pop up message approximately three times an hour since they opened up their new computer. The file that avast is detecting is called “Win32:Malware-gen”.

I have scanned the computer 3 times with Avast and it showed no infected files. I have also scanned the computer twice with Malwarebytes Anti-Malware software and it found no infected files. I am now doing a full system scan with Avast rather than a Quickscan.

I have even uninstalled Microsoft Office 2013. Turned off Avast antivirus and re-installed the software then turned Avast on again and this did not stop the threat detected message.

I have absolutely no idea why they are getting this message and I’ve spent hours trying to solve it with no luck. I don’t understand why a new computer would have this problem. They did absolutely nothing but install MS Office and Avast Antivirus and they started getting this Threat Detected message immediately.

Does anyone know what else can be done? I don’t understand why there’s no infected files on the computer through scanning in Avast and Malwarebytes yet the threat detected message keeps popping up three times an hour?

Thanks in advance for any help offered.

hey and welcome

start with following this guide

https://forum.avast.com/index.php?topic=53253.0

a malware expert will help you from there. :slight_smile:

Hi,

Thanks for your reply however I already went there as a first port of call and it says right at the top of that page:
"This is an information only topic ~ Do not post logs or ask for help here
To get assistance create a topic in the Virus and Worms forum "

That’s why I came here and would appreciate help from someone.

Some more information - all the files in quarantine are like this:
gcapi_14199273081400.dll.635555710203561946

with “gcapi_14199273081400.dll.” always the first part of every quarantined file (I have about three dozen now) and the last numbers in the file changing for every file.

Does anyone know what these gcapi files are? Is this a mistake by Avast??

The file origination was always:

C:\Users<USERNAME>\AppData\Local\Temp\sptemp

Thanks

My parents bought an HP All-in-one desktop brand new on the 30/12/14. The first thing we did was install Avast anti-virus.
HP computers usually comes preinstalled with Norton antivirus, did you remove it before installing avast?

General: Uninstalling a third-party antivirus software https://www.avast.com/faq.php?article=AVKB11#artTitle

Thanks for your reply however I already went there as a first port of call and it says right at the top of that page: "This is an information only topic ~ Do not post logs or ask for help here To get assistance create a topic in the Virus and Worms forum "
Did you only read the headline?........ you should follow instructions and attach requested logs

No the HP desktop did not come with Norton. I have a HP laptop and it never came with any pre-installed antivirus software either. I am trying to research what gcapi_14199273081400.dll.635555710203561946 is… it’s starting to look like something that’s google chrome related.

I was hoping someone here would be technical enough to know what gcapi might be?

C:\Users\\AppData\Local\[b]Temp[/b]\sptemp
Since located in a temp folder, try this

Clear your temp folders with this. TFC cleaner http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Did that work?.. if not follow instructions in the guide and attach requested logs