Win32.Downloader.gen

Solved
Thread Status:
Not open for further replies.
  1. plation5

    plation5 Member Bronze Member

    Joined:
    Dec 18, 2011
    Posts:
    58
    Likes Received:
    1
    Location:
    New York, Long Island
    Local time:
    08:43
    My System
    Loading...

    Hi guys so today I ran a spybot snd scan and it detected a Win32.Downloader.gen i hit deleted, restarted rescan and it is still there. Shut down ran a Avast boot time scan left it running overnight checked in morning ran spybot, STILL there. I need help an am willing to post any information you guys need. I am currently running Windows 7 64 Bit.

    If you need more detailed specs they can be found here
    http://www.modsrigs.com/detail.aspx?BuildID=32011

    Thank you for your time
  2. samuria

    samuria Network Specialist Staff Member Moderator Elite Member

    Joined:
    Aug 15, 2009
    Posts:
    20,438
    Likes Received:
    1,473
    Location:
    Crewe Uk
    Local time:
    13:43
    My System
    Loading...

    Can you pleased follow the links to our prework in my signature and post the logs and our team will help you
  3. plation5

    plation5 Member Bronze Member

    Joined:
    Dec 18, 2011
    Posts:
    58
    Likes Received:
    1
    Location:
    New York, Long Island
    Local time:
    08:43
    My System
    Loading...

    Running scan right now, thanks for the help will post info when it is done
  4. plation5

    plation5 Member Bronze Member

    Joined:
    Dec 18, 2011
    Posts:
    58
    Likes Received:
    1
    Location:
    New York, Long Island
    Local time:
    08:43
    My System
    Loading...

    OTL Data posted

    Attached Files:

  5. NBK*Twitch

    NBK*Twitch Person Of All Kinds Tech Member Elite Member PCHF $Donator

    Joined:
    Feb 24, 2013
    Posts:
    1,491
    Likes Received:
    293
    Location:
    U.S.A
    Local time:
    07:43
    My System
    Loading...

    There should be one more log called aswMBR.txt .

    Please attach it in your next post :).
  6. plation5

    plation5 Member Bronze Member

    Joined:
    Dec 18, 2011
    Posts:
    58
    Likes Received:
    1
    Location:
    New York, Long Island
    Local time:
    08:43
    My System
    Loading...

    Done, thanks for the help guys :D

    Attached Files:

  7. Malnutrition

    Malnutrition Member

    Joined:
    Nov 14, 2011
    Posts:
    3,780
    Likes Received:
    832
    Local time:
    09:43
    My System
    Loading...

    You will need to remove any torrent software such as BitTorrent.
    http://www.pchelpforum.com/xf/index.php?help/terms

    Then Run the host fix it found here,
    http://support.microsoft.com/kb/972034

    Then Run Adware Cleaner.
    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.
    In your next reply please Attach the following.
    • New OTL log which will prove the removal of bit torrent and the modified hosts files.
    • The Adware Cleaner log.
    Upon confirmation of the changes to the hosts files and removal of the torrent software a PCHF Security team member will gladly assist you further in trouble shooting your issue. :mrgreen:
    NBK*Twitch likes this.
  8. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    22:43
    My System
    Loading...

    Please download OTM by OldTimer. http://oldtimer.geekstogo.com/OTM.exe
    Save it to your desktop.
    Please click OTM and then click >> Run.
    Copy all the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes
    :Files
    :services
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
    
    Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
    Click the red Moveit! button.
    Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C(or, after highlighting, right-click and choose copy), and paste it in your next reply.
    Close OTM
    Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


    ===========================================


    Download Combofix from any of the links below, and save it to your desktop.
    Link 1
    Link 2
    When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

    Refer to this image:
    To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click PCHelpForum.exe to run it.
      You will see the following image:
    [​IMG]

    Click I Agree to start the program.
    ComboFix will then extract the necessary files and you will see this:

    [​IMG]

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
    It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If you did not have it installed, you will see the prompt below. Choose YES.

    [​IMG]

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.
    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
  9. plation5

    plation5 Member Bronze Member

    Joined:
    Dec 18, 2011
    Posts:
    58
    Likes Received:
    1
    Location:
    New York, Long Island
    Local time:
    08:43
    My System
    Loading...

    Ok I'm going to do these ASAP (only have had time to remove bit torrent) as I have been having problems with my 24 pin connector, thanks again guys ;)
  10. plation5

    plation5 Member Bronze Member

    Joined:
    Dec 18, 2011
    Posts:
    58
    Likes Received:
    1
    Location:
    New York, Long Island
    Local time:
    08:43
    My System
    Loading...

    OTM and ComboFix Files Uploaded

    Attached Files:

  11. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    22:43
    My System
    Loading...

    I see no signs of malware.Are you still getting that downloader showing.If so have a look in Add Remove.
  12. plation5

    plation5 Member Bronze Member

    Joined:
    Dec 18, 2011
    Posts:
    58
    Likes Received:
    1
    Location:
    New York, Long Island
    Local time:
    08:43
    My System
    Loading...

    virus.png


    Thats what i get when i scan the downloader is at the bottom.
  13. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    22:43
    My System
    Loading...

    SearchProtection is installed with yahoo toolbar by default (Option "Make Yahoo! my default search engine and enable Yahoo! Search Protection to alert me of any attempts to change it."). Its not malware.
Thread Status:
Not open for further replies.