Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

APPL/InstallBrain.Gen


  • Please log in to reply
7 replies to this topic

#1 jackob

jackob

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 12 September 2013 - 02:04 AM

What is APPL/InstallBrain.Gen and how do I remove it please


Edited by hamluis, 12 September 2013 - 10:54 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

    Almost Retired


  • Members
  • 9,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:03:39 AM

Posted 12 September 2013 - 03:54 AM

Hello -

What Antivirus program do you use, and have you run a Full Scan with it ??

 

If you are not sure about Antivirus, please run these 3 programs > >

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

How To Temporarily Disable Your Anti-virus

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
*  Do not reboot your computer after running RKill as the malware programs will start again.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Please download Malwarebytes Anti-Malware Free (aka MBAM)
* Double-click MBAM -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be so it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Scan, then click Quick Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
If you are not sure of any items, post the log and ask if it should be removed.

 

 

Scan your machine with ESET OnlineScan
1. Hold down Control Key and click HERE to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the ESET Online Scanner icon on your desktop.

 

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser.
 7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual and may take longer).
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button
Or you can find a report at  C:\Program Files\esetonlinescanner\log.txt.

 

Thank You -



#3 jackob

jackob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 12 September 2013 - 11:38 AM

Thanks Noknojon

 

I will follow your instructions and report back asap

 

jackob



#4 jackob

jackob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 14 September 2013 - 06:57 AM

Hi Noknojon

 

I followed your instructions and report as follows: -

 

The log file Rkill showed: -

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/14/2013 08:08:58 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Neville\Desktop\rkill\rkill-09-14-2013-08-09-02.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 09/14/2013 08:09:35 AM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

 

The Malaware program showed 5 PUPs which I removed.  I don't seem to have a log file!

 

The ESSETScan file is as follows: -

 

C:\Users\Neville\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C\Adobe Flash Player (IE) Packages\uninstaller.exe    a variant of Win32/InstallCore.AZ application    
C:\Users\Neville\Documents\Downloads\driverfetch_setup.exe    multiple threats    
C:\Users\Neville\Documents\Downloads\registrybooster.exe    Win32/RegistryBooster application    
C:\Users\Neville\Downloads\AdobeFlash_setup.exe    a variant of Win32/InstallCore.AZ application    
C:\Users\Neville\Downloads\CuteWriter(1).exe    a variant of Win32/Bundled.Toolbar.Ask.D application    
C:\Users\Neville\Downloads\CuteWriter(2).exe    a variant of Win32/Bundled.Toolbar.Ask.D application    
C:\Users\Neville\Downloads\CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    
C:\Users\Neville\Downloads\KeyFinderInstaller.exe    Win32/OpenCandy application    
C:\AdwCleaner\Quarantine\C\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe.vir    a variant of Win32/bProtector.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Neville\AppData\Local\Bundled software uninstaller\biclient.exe.vir    Win32/Somoto.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\BabMaint.x.vir    a variant of Win32/Toolbar.Babylon.I application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Neville\AppData\Local\Smartbar\Application\0Extension.crx.vir    Win32/Toolbar.Linkury application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Neville\AppData\Local\Smartbar\Application\1Extension.crx.vir    Win32/Toolbar.Linkury application    deleted - quarantined
C:\Documents and Settings\Neville\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C\Adobe Flash Player (IE) Packages\uninstaller.exe    a variant of Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Documents and Settings\Neville\Documents\Downloads\driverfetch_setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Neville\Documents\Downloads\registrybooster.exe    Win32/RegistryBooster application    cleaned by deleting - quarantined
C:\Documents and Settings\Neville\Downloads\AdobeFlash_setup.exe    a variant of Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Documents and Settings\Neville\Downloads\CuteWriter(1).exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Documents and Settings\Neville\Downloads\CuteWriter(2).exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Documents and Settings\Neville\Downloads\CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Documents and Settings\Neville\Downloads\KeyFinderInstaller.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Windows\Installer\c648ab.msi    multiple threats    deleted - quarantined
C:\Windows\Installer\da288.msi    a variant of Win32/HiddenStart.A application    deleted - quarantined

 

How do I remove the win 32 errors shown

 

I am very grateful for your expertise - thank you



#5 noknojon

noknojon

    Almost Retired


  • Members
  • 9,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:03:39 AM

Posted 14 September 2013 - 04:52 PM

How do I remove the win 32 errors shown < < Anything listed in the scan has been removed already.

Note where it says > cleaned by deleting - quarantined < no more action is required for them
 

Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Also post back a report on the computer -

 

Thanks -

 



#6 jackob

jackob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 15 September 2013 - 12:58 AM

Thanks again noknojon - it's all very impressive stuff.

 

checkup.txt shows: -

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Internet Security 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.8.800.168  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1)
 Mozilla Thunderbird (17.0.8)
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Firetrust MailWasher MailWasherPro.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

I am not sure what you mean by "Also post back a report on the computer" but I don't appear to have any problems.

 

I am very grateful for your help and time.



#7 noknojon

noknojon

    Almost Retired


  • Members
  • 9,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:03:39 AM

Posted 15 September 2013 - 03:06 AM

but I don't appear to have any problems. < This was what I meant -

 

The ESETScan seems to have removed any infections that were present.

 

APPL/InstallBrain.Gen is a "Generic" infection name that refers to several versions of "minor" infections

 

Your computer seems to be clear of all problems (from what I currently see)

Keep Malwarebytes Anti-Malware program, and Update then run a Quick scan weekly.

 

Finally -

Download TFC (Temp File Cleaner) to your desktop
• Close any open windows.
• Right click the TFC icon and select "Run as Administrator" to run the program
NOTE :TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it may automatically reboot your machine,
• if it doesn't, please manually reboot to ensure a complete clean

Run this every second day that you use the computer to clean unwanted junk and Temp files
 

I will watch here for a few days if you have any related problems, or post else-where after that -

 

Thank You -



#8 jackob

jackob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 15 September 2013 - 03:48 AM

Hi noknojon

 

Job done!  Thank you so much.  I will do exactly as you suggest.

 

 

 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users