In the last few days, I’ve run Spybot Search & Destroy and detected win32.download.gen. I couldn’t delete it so I followed the “scan on restart” instructions a few times, but it never actually got removed. I finally got frustrated with SB:S&D so I uninstalled it. Then I found a post about win32.download.gen on this forum and followed the instructions from here:
http://forum.avast.com/index.php?topic=53253.msg451454#msg451454
After going through all of those steps, I ran my Avast Quick Scan with Scan PUP turned on to see if it would detect the win32…, but it didn’t come up. I don’t know if it’s removed or not, because Avast didn’t detect it before. I was wondering if anyone could help me figure out if it’s removed, and if it isn’t, how to remove it.
Attached are the four requested log files.
SpyBot SD is a toy and cant handle todays malware… use Malwarebytes as extra scanner http://www.malwarebytes.org/
Yeah, I just got Malwarebytes to replace S&D, seen it recommended a few times.
Here’s that last log file.
guessing it was a SpyBot false positive!
what was the file detected… full file path?
malware removers are notified…
I think it was a false positive. I just re-downloaded SB to see if I could find the file detected, but my scan turned up no results so I think I’m all set!
There are just two orphaned run keys from old search toolbars
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.