Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32 Malware-gen pops up continuously even though all scans show clea


  • This topic is locked This topic is locked

#16
Umbe

Umbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
so, a number of things happened.

first time I ran it, the computer didn't reboot, so I restarted it from the Start menu.
upon reopening windows, there were:
two message boxes from the security center asking me to confirm that Kaspersky Virus Tool remover may make changes to my hard drive. I pressed ok on both of them.
two command prompt windows (minimized) that both closed when I opened one of them.
one 'AVPTool installation failed' error message (similar to the one below) saying that the 'error message is'. and ending there. no actual error message was on the end of that sentence.
the AVPTool install screen also flashed up and then closed itself.

a few seconds later Avast popped up three warnings, one from svchost.exe and two from different Apple services (photostream and ubd [?]).

because this felt somewhat sloppy, I reopened the AVPTool, and reran the script. the computer rebooted on its own, and windows opened with:

two message boxes from the security center asking me to confirm that Kaspersky Virus Tool remover may make changes to my hard drive. I pressed ok on both of them.
two command prompt windows (minimized) that both closed before I had a chance to open them.
one avast popup (attached)
and one posse of error messages (also attached)

the analysis will be right along, as soon as I close these errors which are holding up AVPTool.

Attached Thumbnails

  • Avast autoblock.PNG
  • Error Messages.PNG

  • 0

Advertisements


#17
Umbe

Umbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
note that, just now, well after that popup, manually updated the Avast definitions and application version.

anyway, the analysis scan...

Attached Files


  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The popup from Avast was the emergency updater, a new feature that will download any missing or damaged elements for the AV..

Are you getting alerts since the update ?
  • 0

#19
Umbe

Umbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
yes, and more than before that aren't associated with browsers (svchost, apple stuff, and the Avast emupdater again). I'm running a full system scan with Avast, and we'll see how much that turns up. also, the AVPTool is still doing its startup routine of windows and errors, though the one with the error description wasn't there this time.
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL scan for me please

Also is Avast updating ?
  • 0

#21
Umbe

Umbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
avast is updating fine, both automatically and manually. there were some new error messages upon opening (attached), accompanied by two command line windows that closed when I closed the errors.

for OTL, I'm just running a QuickScan, nothing more. do you want me to change some of the settings and run a more thorough scan?

some windows updates just came through and, so far, I haven't had any popups from Avast (!). they may have taken care of it, but I just haven't been on long enough to be certain. the Malicious Software Removal Tool was in the group of downloads. the quick scan didn't find anything.I have to go, and will leave it doing a full scan.

Attached Thumbnails

  • startup errors.PNG

Attached Files

  • Attached File  OTL2.Txt   87.37KB   32 downloads

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know if this stops the warnings

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV:64bit: - [2012/10/09 09:12:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\08530055.sys -- (08530055)
DRV - [2012/10/09 20:44:49 | 000,013,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\vdiynju1.sys -- (vdiynju1)
O2 - BHO: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O4 - Startup: C:\Users\Umberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_08530055.lnk = C:\Users\Umberto\AppData\Local\Temp\_uninst_08530055.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2012/10/09 20:40:11 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\08530055.sys
[2012/10/09 08:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/08 15:20:33 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Umberto\Desktop\tdsskiller.exe
[2012/10/08 10:50:43 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/10/07 01:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/09 20:44:49 | 000,013,312 | ---- | M] () -- C:\Windows\SysWow64\drivers\vdiynju1.sys
[2012/10/09 09:12:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\08530055.sys
[2012/10/08 15:20:24 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Umberto\Desktop\tdsskiller.exe
[2012/10/08 10:53:46 | 000,167,696 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/10/09 20:40:30 | 000,001,012 | ---- | C] () -- C:\Users\Umberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_08530055.lnk

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#23
Umbe

Umbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
so far so good. I'll keep you posted on any more popups from Avast.

Thanks you very very much for all the help! I really would have been at the point of despair without it.

Attached Files


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run it for a while, and if all is good let me know and I will clear my rubbish away :)
  • 0

#25
Umbe

Umbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
just got ten popups D:. three from svchost, which is more than usual, and a few from Avast, and a few more from chrome.

AAAAAAAAAAAARRRRRRRRRRRRRRRRGGGGGGGGGGGGGHHHHHHHHHHHH
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK what am I missing ...

I would like to take a look outside of windows

Download the following three programmes to your desktop :


1. WiNTBootIc
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

Posted Image

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#27
Umbe

Umbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
before I do that I do want to note that I am running a non-genuine version of windows. torrents and such, you know. will that affect anything?
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That will most definitely affect it as I am unable to assist if windows is not a legitimate version
  • 0

#29
Umbe

Umbe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
do you think that doing this would prevent windows from running? what would happen?
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have no idea as the recovery console is genuine, whether that checks or not I could not say
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP