Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32.downloader.gen infection have not been able to remove [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again GatorDawg,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, before you do that though, make sure you copy the logfile to notepad somewhere you can find it again
  • Then click on: Finish
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

Advertisements


#17
GatorDawg

GatorDawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
You weren't kidding about hours, LOL, 12+. It seems to be running much better, but I'm a bit concerned about this first two lines.


C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip Win32/Bagle.gen.zip worm
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Dawn\SAVE\where the wild things are 102509 pdf.exe Win32/InstalleRex.I potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\Conduit04-02-2014_06-27-41\BackgroundContainer\BackgroundContainer.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\Conduit04-02-2014_06-27-41\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Old Laptop HD\OS\Program Downloads\Nero-8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\George\AppData\Local\genienext\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\George\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\George\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\George\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\George\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\George\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\George\AppData\LocalLow\Connect_DLC_5\hk64tbConn.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\George\AppData\LocalLow\Connect_DLC_5\hktbConn.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\Users\George\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\Users\George\AppData\LocalLow\Connect_DLC_5\tbConn.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\Users\George\Documents\testdisk-6.12.win64\testdisk-6.12\recup_dir.263\f294427621.dll a variant of Win32/Kryptik.AQX trojan cleaned by deleting - quarantined
C:\Users\George\Documents\testdisk-6.12.win64\testdisk-6.12\recup_dir.278\f296020229.dll a variant of Win32/Kryptik.AQX trojan cleaned by deleting - quarantined
C:\Users\George\Documents\testdisk-6.12.win64\testdisk-6.12\recup_dir.278\f296187333.dll a variant of Win32/Kryptik.CD trojan cleaned by deleting - quarantined
C:\Users\George\Documents\testdisk-6.12.win64\testdisk-6.12\recup_dir.367\f311180317.exe a variant of Win32/Kryptik.BOG trojan cleaned by deleting - quarantined
C:\Users\George\Documents\testdisk-6.12.win64\testdisk-6.12\recup_dir.405\f318163317.exe probably a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\George\Downloads\ArcadeFrontierGames(1).exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\George\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\George\Downloads\cbsidlm-cbsi145-LANcet_Chat-SEO-10382014.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\George\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\George\Downloads\cnet2_bopupmes_msi.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\George\Downloads\lancetchat-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\George\Downloads\Shockwave_Installer_Slim (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\George\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again GatorDawg,

but I'm a bit concerned about this first two lines.


In what way?

The Spybot one had already been identified by Spybot but had been kept in recovery in case you had wanted to recover it. The recovery folder can be purged by going to Spybot > Recovery and selecting the items you want to delete and using Purge Selected Items.

In this case ESET has seen it there.

For the other one, see this link.

Malware can take a "lift" with a legitmate program so to speak lol.

Both of those files have been dealt with, see later in the ESET scan.

Now

It seems to be running much better


I think you are good to go. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
Next

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

Any remaining tools may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#19
GatorDawg

GatorDawg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you very much for all of your help emeraldnzl. I did as instructed, even took the quiz and believe it or not, got 10 out of 10. I do have one further question, I know you had me delete the restore points, should I establish a new one?

Thanks a ton once again,

GatorDawg
  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

even took the quiz and believe it or not, got 10 out of 10


Well done. :thumbsup:

I know you had me delete the restore points, should I establish a new one?


It should do that at next updates but probably not a bad idea for you to make sure. The reason we delete the old ones is to remove any malware still hiding there.

Thank you very much for all of your help


You are very welcome. :happy:

I will keep this topic open for a day or two in case any issues arise.
  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP