[briandu]

I run Windows  XP 5.1 system 32.

The PC has become infected with "win32:adware-gen" which is causing all sorts of problems.. I am unable to remove it manually as I cannot find where it has buried itself.

Searching for files an folders with any part of the "win32:adware" name comes up with no result.

I have tried resetting the PC to various earlier dates (before the infection) but get a response that nothing has changed since any of those times.

I have tried downloading Spyhunter and Reg Clean Pro but neither download can be completed, so I suspect the virus is preventing this.

Been trying close on two days now with no success.

Any help would be gratefully received as my PC has slowed to a crawl and I am unable to download some programmes, plus the annoyance of being bombarded with unwanted full screen ads!

Brian

 

Here is somebody's take on the virus:

is a troubling thing to get infected with win32:adware-gen [adw]. It is a nasty Trojan created by hackers to make great chaos to the target computer and steal personal data stored on the hard drive. The virus infiltrates into your system when you are installing a program, visiting hacked websites or even just clicking on suspicious links. Once infected, the computer freezes up, stops working as usual for what seems like no good reason. In the background, win32:adware-gen [adw] may delete necessary system files, terminate your processes, block access to programs etc. You may not notice win32:adware-gen [adw] is on your computer until antivirus like Kaspersky, Norton, Avast, Superantivirus detect it as this tiny size of virus has no interface and hides deeply at the bottom of the system. It always performs harmful things secretly. However, the above security software and some paid virus removal tools cannot remove win32:adware-gen [adw] effectively. That’s annoying. Of course, there is still other helpful method to get rid of it completely. That is manual approach. As long as you delete all its malicious files one by one, the virus will not come up again. Read the step by step guide below carefully for useful win32:adware-gen [adw] removal.

Impacts of Win32:adware-gen [adw]

1. Win32:adware-gen [adw] enters your computer without your consent and disguises itself in root of the system once installed.
2. Win32:adware-gen [adw] can compromise your antiviruses and introduce additional infections to your computer.
3. Win32:adware-gen [adw] may help the cyber criminals to track your computer and steal your personal information.
4. Win32:adware-gen [adw] often takes up high resources and strikingly slow down your computer speed.
5. Win32:adware-gen [adw] may force you to visit some unsafe websites and advertisements which are not

[Advertisements]

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

 

 

 

Download OTL from

http://www.geekstogo...timers-list-it/

and Save it to your desktop.

 

Copy the text in the code box:

 

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

 

Run OTL (Vista or Win 7 => right click and Run As Administrator)

 

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

 

Select the All option in the Extra Registry group then Run Scan.

 

You should get two logs.  Please copy and paste both of them.

 

Ron

[RKinner]

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

 

 

 

Download OTL from

http://www.geekstogo...timers-list-it/

and Save it to your desktop.

 

Copy the text in the code box:

 

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

 

Run OTL (Vista or Win 7 => right click and Run As Administrator)

 

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

 

Select the All option in the Extra Registry group then Run Scan.

 

You should get two logs.  Please copy and paste both of them.

 

Ron