BleepingComputer.com: infected with Win32 pup-gen what to do

alt key did the job! ok I'll go on with the scan and be back!

there are two autokmse files

Upload both.

ssdeep
6144:EkNBK/D2PuXPE5ZPc9TdO9UJUQTFgNZUjQGp5hWpoi6B5EvXHCCnhmC8MX6rdfwN:6/++PMZPSRhWpo16XTkC8Mq5ZtY
TrID
Generic CIL Executable (.NET, Mono, etc.) (61.0%)
Win32 EXE Yoda's Crypter (22.1%)
Win32 Executable Generic (7.1%)
Win32 Dynamic Link Library (generic) (6.3%)
Generic Win/DOS Executable (1.6%)
ExifTool

UninitializedDataSize....: 0
InitializedDataSize......: 374272
ImageVersion.............: 0.0
ProductName..............: AutoKMS
FileVersionNumber........: 2.0.0.0
LanguageCode.............: Neutral
FileFlagsMask............: 0x003f
FileDescription..........: AutoKMS
CharacterSet.............: Unicode
LinkerVersion............: 8.0
FileOS...................: Win32
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 2.0.0.0
TimeStamp................: 2010:12:07 22:13:38+01:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: AutoKMS.exe
ProductVersion...........: 2.0.0.0
SubsystemVersion.........: 4.0
OSVersion................: 4.0
OriginalFilename.........: AutoKMS.exe
LegalCopyright...........: CODYQX4
MachineType..............: Intel 386 or later, and compatibles
CodeSize.................: 272384
FileSubtype..............: 0
ProductVersionNumber.....: 2.0.0.0
EntryPoint...............: 0x447ce
ObjectFileType...........: Executable application
AssemblyVersion..........: 1.0.0.0

Sigcheck

product..................: AutoKMS
internal name............: AutoKMS.exe
copyright................: CODYQX4
original name............: AutoKMS.exe
file version.............: 2.0.0.0
description..............: AutoKMS

Portable Executable structural information

Compilation timedatestamp.....: 2010-12-07 21:13:38
Target machine................: 332
Entry point address...........: 0x000447CE

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 8192 272340 272384 6.47 e5f93ed308cdb2e3c6c0fd30867eaf82
.rsrc 286720 373520 373760 4.47 bf591913a2b6eba90edec10b50906331
.reloc 663552 12 512 0.10 2b32b2bf96caa1f9adcb3db89cccdc49

PE Imports....................:

mscoree.dll
_CorExeMain

First seen by VirusTotal
2010-12-08 06:25:02 UTC ( 1 year, 1 month ago )
Last seen by VirusTotal
2012-02-02 23:38:10 UTC ( 2 minutes ago )
File names (max. 25)

AutoKMS.exe
autokms.exe
AutoKMS.exe
AutoKMS.exe
2330327F5177058D660D8D608CC950DC24A03983597A07D9E5ADA1CDD70B8E88.dat
6FAF21E89147E54D02EB3DAAE1C7149DE7361D94
6faf21e89147e54d02eb3daae1c7149de7361d94
6faf21e89147e54d02eb3daae1c7149de7361d94.bin
AUTOKMS.EXE
AutoKMR2011.exe
AutoKMS 26o43.exe
AutoKMS.exe
AutoKMS.exe.mwt
AutoKMS.vxe
C:\WINDOWS\AutoKMS.exe
autokms.exe
e529a1ba814ab5afa5068db7e487b4ba
file-3064631_exe
smona132555972636635399607
this is what was under the additional information button...

Don't know if you need to see this too...

SHA256: 2330327f5177058d660d8d608cc950dc24a03983597a07d9e5ada1cdd70b8e88
SHA1: 6faf21e89147e54d02eb3daae1c7149de7361d94
MD5: e529a1ba814ab5afa5068db7e487b4ba
File size: 632.0 KB ( 647168 bytes )
File name: AutoKMS.exe
File type: Win32 EXE
Detection ratio: 25 / 43
Analysis date: 2012-02-02 23:38:10 UTC ( 1 minute ago )
0
0
Antivirus Result Update
AhnLab-V3 Win-AppCare/Hacktool.647168.B 20120202
AntiVir SPR/Tool.Keygen.BI.38 20120202
Antiy-AVL - 20120202
Avast Win32:PUP-gen [PUP] 20120202
AVG Generic20.AIOK 20120202
BitDefender - 20120202
ByteHero - 20120128
CAT-QuickHeal - 20120202
ClamAV - 20120202
Commtouch W32/MalwareF.TCON 20120202
Comodo UnclassifiedMalware 20120202
DrWeb - 20120202
Emsisoft possible-Threat.ActivationTool.KMS!IK 20120202
eSafe Win32.Trojan 20120202
eTrust-Vet - 20120202
F-Prot W32/MalwareF.TCON 20120201
F-Secure - 20120202
Fortinet W32/Dropper.DGT!tr 20120202
GData - 20120202
Ikarus possible-Threat.ActivationTool.KMS 20120202
Jiangmin - 20120202
K7AntiVirus Riskware 20120202
Kaspersky - 20120202
McAfee Generic Dropper!dgt 20120202
McAfee-GW-Edition Generic Dropper!dgt 20120202
Microsoft HackTool:Win32/Keygen 20120202
NOD32 a variant of Win32/HackKMS.B 20120203
Norman W32/Suspicious_Gen2.FMSYS 20120202
nProtect - 20120202
Panda Generic Trojan 20120202
PCTools Trojan.Gen 20120201
Prevx - 20120203
Rising - 20120118
Sophos Troj/Keygen-EI 20120202
SUPERAntiSpyware - 20120203
Symantec Trojan.Gen.2 20120202
TheHacker - 20120202
TrendMicro TROJ_SPNR.04CI11 20120202
TrendMicro-HouseCall TROJ_SPNR.04CI11 20120202
VBA32 - 20120202
VIPRE Trojan.Win32.Generic!BT 20120202
ViRobot - 20120202
VirusBuster Trojan.Meredrop!b2VmcmZh45I 20120202

I'm going to scan the second one...

This is it...
SHA256: 527558ef1489517322d526b20a9be71e64e0f703d18e9e0eafe015bad37b03ad
File name: AutoKMS.ini
Detection ratio: 0 / 43
Analysis date: 2012-02-02 23:45:18 UTC ( 0 minutes ago )
0
0
Antivirus Result Update
AhnLab-V3 - 20120202
AntiVir - 20120202
Antiy-AVL - 20120202
Avast - 20120202
AVG - 20120203
BitDefender - 20120202
ByteHero - 20120126
CAT-QuickHeal - 20120202
ClamAV - 20120202
Commtouch - 20120202
Comodo - 20120202
DrWeb - 20120202
Emsisoft - 20120202
eSafe - 20120202
eTrust-Vet - 20120202
F-Prot - 20120201
F-Secure - 20120202
Fortinet - 20120202
GData - 20120203
Ikarus - 20120202
Jiangmin - 20120202
K7AntiVirus - 20120202
Kaspersky - 20120202
McAfee - 20120202
McAfee-GW-Edition - 20120202
Microsoft - 20120202
NOD32 - 20120203
Norman - 20120202
nProtect - 20120202
Panda - 20120202
PCTools - 20120201
Prevx - 20120203
Rising - 20120118
Sophos - 20120202
SUPERAntiSpyware - 20120203
Symantec - 20120202
TheHacker - 20120202
TrendMicro - 20120202
TrendMicro-HouseCall - 20120202
VBA32 - 20120202
VIPRE - 20120202
ViRobot - 20120202
VirusBuster - 20120202

And additional information...

ssdeep
3:lsnYQtnz3RWLovPRhqKgEY8HIYOMjKExmvUCuCBl7c8:lKz3RZphqKBN7OCcMCNPc8
TrID
Generic INI configuration (100.0%)
First seen by VirusTotal
2010-12-11 21:27:22 UTC ( 1 year, 1 month ago )
Last seen by VirusTotal
2012-02-02 23:45:18 UTC ( 2 minutes ago )
File names (max. 25)

AutoKMS.ini
AutoKMS.ini
file-3327984_ini
Hope this tells you something...

As I suspected before those three files are part of some cracking tool.
Not necessary malicious but rather illegal.
I suggest you simply delete them.
You may need to do it in safe mode.

could you specify which files?

and how to delete them?

- C:\windows\KMSEmulator.exe
- C:\windows\AutoKMS.exe

Open Windows Explorer, navigate to those location and delete mentioned files.

and that will be the end of my win32 gen infection and slow pc internet browsing??
Thank you for your help
Cheers
J

Delete those files and let me know how it goes.

Deleted the two KMSE files saw another KMSEmulator file do I need to delete that one too??

You may as well.

Deleted everything and checked it for the last couple of days, pc still taking it's time to load, no win32gen infection after scans so that is solved thank you Broni...
J

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
  
• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• Accept any security warnings from your browser.
  
• Check Scan archives
  
• Click Start
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, click on List of found threats
  
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  NOTE. If Eset doesn't find any threats it'll NOT produce any log.