WinLog.exe infected with Win32:Malware-gen

1- full scan with updated “MBAM” and it didn’t detect anything!
2- I installed “Avast” and it detected and added to “Virus Chest” [C:\WINDOWS\sysprep32\WinLog.exe -infected with- win32:malware-gen]

-Is it a Fake Alert? If not how can i clean the infected system file (Avast can’t ??? ) so i can place it back in that system folder?

I’m not even sure what that folder is!!! C:\WINDOWS\sysprep32

Help please :o

You can test it here: https://www.virustotal.com/

PS: Hope your sig is just outdated. :wink:

Sorry what sig means :o
everything is fully updated

Your signature…!! (Avast Free 6.0.1289/FireFox 6.0.2)

ops yea sure ;D

OK, please update it.

I did Thx :slight_smile:

-Is it a Fake Alert? If not how can i clean the infected system file (Avast can't ) so i can place it back in that system folder?
- sysprep32 is [b]NOT[/b] a system folder in Windows XP - Avast can't? Since avast has moved it to the virus chest, it sure can clean it.
full scan with updated "MBAM" and it didn't detect anything!
There is no sofware that can detect ALL malware, therefore you need to use multiple. I suggest avast! and Malwarebytes.

Well, now you removed all version numbers, so it isn’t really helpful at all…

Edit: Seems, you’re still working on it…

Yup Avast moved it to the chest but the file gone from the folder! WinLog.exe I’m just afraid that file is a systm file is a system file. i googled it yesterday but found nothing…
Thanks :slight_smile:

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

I have 3 laptops! do i have to change my sig everytime :-\

Forget about your sig, it’s not that important. :wink:

it’s important! it help hackers hacking me ;D

Not really, but if you’re worried, you can remove it and just report your specs in future help requests.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MyNetbook :: LENOVO-IDEAPAD [administrator]

15.11.2012 22:13:41
mbam-log-2012-11-15 (22-13-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200437
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Waiting… ::slight_smile:

Please be patient, it could take a while… :wink:

Oic… Thanks :o

ops!
The infected file is very old! here’s Avast Chest info;

Original file name: WinLog.exe
Original folder: C:\WINDOWS\sysprep32
Size of file: 65536
Last modification time: 01.11.2006 1:19:26 <<<<<<<<<<<< :o
Time of transfer to Chest: 15.11.2012 22.20.49
Category: Infected files
Virus description: Win32:Malware-gen
File ID: 1

  • the folder C:\WINDOWS\sysprep32 contains this files:

A.TXT
allpass.exe
connNet.cmd
DELTREE.EXE
extend_2.txt
inactivec.txt
mapdrv.exe
PRELOAD.LOG
SLEEP.EXE (IDW tools)
tester.log
TESTSET.INI
vistapre.cmd
vsm.log
W_ENV.bat
WFSTRING.exe
WINIDE.EXE
winini.exe
WinShut.exe
WinWait.exe
Y.TXT