With picture of Avast! Alert - Always regenerates! - Malware-gen - service.exe

The message just reapears over and over, no idea how to fix it…
Here’s the alert i get:

http://imageshack.us/a/img22/4052/g4tr.jpg

http://img46.imageshack.us/img46/2444/ekw3.jpg

Sorry for the french thing… First one is “malware detected” second is “trojan detected”.
“Threat as been detected and blocked before creation or modification of the file”.

Please help!

Hi groscaca. Welcome to the forums

Follow this guide: http://forum.avast.com/index.php?topic=53253.0

and attach ( Do not copy/paste ) logs for AdwCleaner, malwarebytes’, OTL, and aswMBR.exe.

An expert in the removal of malware will help you. Due to Time Zones it may take a while for help to arrive. be patient.

Thx alot, i’ll do it tomorrow (going to sleep).
This thing is pretty annoying! At least avast! blocked it…

Hi for this one I will need a different programme

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach the log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also attach that along with the FRST.txt into your reply.

Sup!
Not sure what to follow now, 2 of your bots sent me to 2 different solutions :S

In hte past i used some of those “cleaner” apps and i ended up wasting my system more than curing it…
If possible id like to be sure to try the good one, if not i’ll have to format i guess…

Follow Essex’s directions. He’s the malware removalist… He needs those specific logs not the other ones. The other directions are standard but Essex has asked for a log specifically.

[Edit] Also, ALL links here are safe. So don’t worry about more malware coming from those tools. If Avast! says something ignore it. I’ve used these tools in the past their won’t be any kind of issue with them

This is the latest ZA variant that uses google desktop as the carrier but it writes the programme name in reverse and so is difficult for some malware tools to catch

FRST has been updated to catch this

So this alert is normal?

http://img812.imageshack.us/img812/9142/kkjs.jpg

Had this alert when i downloaded the file from your link
I tried to “save as” and change the .exe extension to something else but it still won’t let me download, guess its because of the .exe extension :frowning:

Do you have a clean link to a .rar or a .zip maybe?

Disable smart screen filter the file is absolutely safe and so is Bleeping.com. All smartscreen is really saying is that it is not a file normally downloaded

Although I get no alert at all on that link

Had to download it with chrome…

Here it is!

Sorry for double post, dunno how to attach 2 files at sme time… Heres the othe attachement

OK I can see why FRST was reported as a virus, your windows defender has been subverted

Note that the google update service name is reversed U2 *etadpug

Download the attached fixlist.txt to the same location as frst
Run FRST as before and press Fix
A log will be generated on completion please attach that

THEN

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir “%systemdrive%*” /S /A:L /C
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

Hi!

Here’s the new FRST log, after i used the “fixit.txt” you posted and used FRST.exe Fix it command.

I have no more of those Avast! alerts, was it supposed to fix my problem?

Anyway, i did as you said with the OTL software, i’ll post the logs in another post.
Nevermind, i managed to find how to post multiple attachements :stuck_out_tongue:

Aye FRST killed all the bad boys and the OTL scan is to see what services need repairing, and there are a few

Download Windows Repair (all in one) from this site

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

Go to step 3 and allow it to run SFC

https://dl.dropbox.com/u/73555776/waio%20step3.JPG

On the start repairs tab click start

https://dl.dropboxusercontent.com/u/73555776/waio%20startrep.JPG

Select the following items and tick restart system when finished

https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

Hi!

I did everything you told me and the problem seems solved, thanx alot!
Can’t believe i had this antivirus AND the support for free, thats awesome

Only little thing…
After running the windows tweaking i got that “windows is not genuine” thing…
My desktop is black…
I know this is not a windows troubleshooting service but if you know how to fix i’d be greatfull.

Deleted by Alan1998

That is an occasional side effect of this malware

A free phone call will fix that

If you have access to the Start button: Click the Start button, and type slui 4 in the search field and then press the “Enter” key. This will bring up the Activate by Phone dialog window. Follow the steps provided by the window. The phone activation process should only take about 6 minutes.

b) If you do not have access to the Start button: Reboot and login to Vista, a dialog window will come up. In that window, click the option “Access computer with reduced functionality”. Once you do that, Internet Explorer or Firefox browser will open. In the address bar type c:\windows\system32\cmd.exe press enter, a new window will come up, type: slui 4 and hit enter and follow steps to Activate over the Phone.

NOTE: The important thing to this process is that you need to talk to a Live Activation Rep! When you first call, you will be interacting with an Automated Voice, either select the option to talk to a Live Rep or if there is no option, do not enter any numbers. This should force the automated voice to transfer you to a Live Rep.