Win32:Malware-Gen

Hello, I am aware that there are other people with this issue on the forum but I have been downloading and using a lot of the recommended software to deal with this problem (perhaps not all) but nothing seems to be killing it.

Every time I load up firefox, Avast tells me it has stopped a threat called Win32:Malware-Gen. Something seems to be creating and trying to execute files in C:/Users/“MyUsername”/AppData/Local/Temp with names made of random letters. The processes involved where firefox and something that sounded registry related (I am posting this in safe mode with networking so I can not recreate it at the moment to give you the name.) Avast Boot Scan does not stop it. TDSSKiller does not stop it (but whatever is causing this tried to stop me downloading TDSSKiller. I had to download and run it in safe mode with networking). Malware Bytes anti Malware has not stopped it. ADWCleaner has not stopped it. I ran all of these in safemode and normal mode. I have also ran Malwarebyte’s Junk Removal tool in normal mode but when I ran it in safe mode it said it could not create a restore point so I dare not run it.

I stopped using Firefox and started using google chrome but firefox started to notice it happening with that after a few days.

I am worried as I bought something last week on steam and I bought something a couple of days ago using paypal and from what I have gathered this Malware could be doing anything. I think that this started to be a problem this week but my memory is not great.

https://forum.avast.com/index.php?topic=53253.0

Monitoring…

Sorry… got a bit panicky.

I did these in safe mode. If I needed to do them in normal let me know. Before that I went and did a normal boot to recreate the issue. The other process Avast mentioned was at C:\Windows\sysWOW64\regsVR32.exe.

Can you run FRST from Normal mode and attach both reports?

Why is Firefox running from this folder:

C:\Program Files (x86)\Nightly\firefox.exe

The “nightly builds” are for testing of FireFox only, not for daily/consumer use.

There done.

Nightly is a regularly updated experimental build of firefox. I downloaded it ages ago to try but do not really use it.

Let me know if this fix stopped Avast warnings.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Ok

First, when I tried to download the fixlist and ran the fix nothing happened. Then I looked and found that the fixlist was blank. Then I tried to download it again and the same thing happened. I figured that perhaps the virus was fiddling with it so I booted my computer into safe mode and downloaded it and found it to not be blank this time. I rebooted the computer into normal mode and then ran the fix. FRST asked me to reset so I did. I loaded up firefox and did not get any alerts. I then loaded Google Chrome and did not get any results either. To see if the same shenanigans from earlier where still happening I downloaded the fixlist again and found it not to be blank. Firefox was also running than before. Then I was going to post here and give the all clear but then avast started to giving me warnings again.

Can you make a picture of Avast warning?

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Ok here you go.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

https://sites.google.com/site/cannedfixes/malwarebytes-anti-malware/51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes’ Anti-Malware

Please re-run
https://sites.google.com/site/cannedfixes/malwarebytes-anti-malware/51a46ae42d560-malwarebytes_anti_malware.png
Malwarebytes’ Anti-Malware.

[*]First of all, select update.
[*]Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
[*]In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
[*]Click the Scan tab, choose Threat Scan is checked and click Start Scan.
[*]If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
[*]Upon completion of the scan (or after the reboot), click the History tab.
[*]Click Application Logs and double-click the newest Scan Log.
[*]At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Ok

So far no alerts. There was a message part way through the fix about not being able to open VudyOlcor.

I will keep using firefox for a while and reply again if anything comes up.

Yes, that was a part of malware. Keep me updated.