Win32 Malware Gen is a virus

Non-English Zone> German

Win32: malware gen

(1/5) >>>

Blue.Ant:
After discovering unknown activity on my husband's PC (W7), Avast Free Antivirus found the Win32: Malware-gen trojan. I think I remember that the same problem arose almost 2 years ago and that I worked it off according to the help here. Apparently the measures did not work or there was a renewed infection. In one of the logs I discovered that the infections were found in a Lightroom folder. That amazes me. My husband works with a lot of Adobe programs and we thought Adobe was legitimate. In addition, these files are all in the recycle bin. Probably because yesterday I threw all the AllSync backups into the bin. Could that mean the Trojan survived in backups?

How serious is the situation? The PC is in a home network with my PC (W7) and some devices connected to WLAN, such as cell phones and tablets. The LED that shows activity on the hard drive flashes more than once per second, sometimes it flickers, sometimes it glows longer and brighter. The network LED on the router flashes. And of course, when nobody is sitting at the PC. Incidentally, this is still the case after I've run the various tools, according to the thread Help with infections.

Hopefully someone can help me? My husband and I are older generations and did not grow up with PCs. I have no in-depth knowledge.

Many thanks to those who have mercy. :)

I have attached all the requested logs. Except ASWmbr. The program keeps crashing after a little over 4 minutes.

Greeting
Ingrid

Asyn:
An expert is informed.

LG Asyn

essexboy:
Hello, there is a possibility that the fuses have infected.
I am giving a program that you can use to check the backups later, during which I will clear what I can see and perform a deeper scan

Good afternoon, there is a possibility that the backups may have been infected.
I will give a program that you can use to check the backups later, meanwhile I will clear what I can see and run a deeper scan


CAUTION: This fix is ​​only valid for this specific machine, using it on another may break your computer

Open notepad and copy / paste the text in the quotebox below into it:
 

--- Quote --- CreateRestorePoint:
HKLM \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
C: \ $ Recycle.Bin \ S-1-5-21-3366645687-1487830366-2275098547-1001
EmptyTemp:
CMD: bitsadmin / reset / allusers

--- End quote ---

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*] Double click on ComboFix.exe & follow the prompts.
[*] Accept the disclaimer and allow to update if it asks

 



[*] When finished, it shall produce a log for you.
[*] Please include the C: \ ComboFix.txt in your next reply.
[/ list]

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Blue.Ant:
Thanks for the instructions. I did everything (needs patience;))

Unfortunately there seems to be no improvement.
Start of pc need about 8 min. Until I can work with it. (It's been like that for a long time) Then the occupation LED is still on (permanently) for another 15 min. After this time, it continues blinking like before.

I installed procmon.exe to search for unusual activities, but can't find anything. It looks like the print screen sysinternal3 with a filter and like sysinternal4 without filter.

Do you have any other ideas? Sure you have ... 8)

essexboy:
I am glad you understand English as my German is atrocious :)

Sorry for the delay but, the program I am going to use has changed so I had to amend my screenshots and instructions

I will do one further check for malware then we may need to look at the hard drive

Download AVP tool from Here

1. Run the program.
2. Click change parameters and ensure system drive is selected, OK out and then press scan

3. Wait until the scan is complete.
4. If any threats are detected during the scan, a notification with a request for action will be displayed.


5. If the infection is active then you will be offered a delete on reboot


6. To view the scan details, click the details link.
Copy and paste the data in your next post (or attach if too big)

7. To exit Kaspersky Virus Removal Tool 2015, click the Close button or the cross button in the upper-right corner of the utility window.

navigation

[0] Message Index

[#] Next page

Go to full version