Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found a solution to WIN32\GEN


  • Please log in to reply
1 reply to this topic

#1 BM260

BM260

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 07 May 2010 - 02:29 PM

I had the Win32\gen worm,that continually dropped Adware,spyware.Brouser Hijackers,etc
It alterd GMER,Hijackthis,Spybot,Avast,It also escaped Norton,
After 7 different OS Re-installations,I finally used COPYWIPE to clean the infected Hard drive, and did not format the HD using another infected Os (XP Pro x64) 2 machines,same OS
I used The Windows Installation disc to format the clean HDD,Then Installed ,on what i thought was a "New HDD",after installing XP on the "Clean HD",i then used my two external HDD's that have various programs and drivers on them
The Two external drives i use to transfer files& programs(,both were formatted with the Infected OS)
On those external drives i had various drivers and programs i use,but the External drives were formatted by the infected OS,which left them with two and (sometimes more) FOLDERS in System Volume Information.
They had "RECYCLE BIN",And "SYSTEM Volume Information"still on them,from the infected OS HDD,sometimes they had 2 "recycle bin folders,sometimes NOT.I used both external HDD's when i reformated and re-install XP ,and the other programs on the External Hard drives
When i Installed windows an a "NEW HDD",it never got rid of the existing files in System volume information
"ChangeLog" and "Mounting Point Remote Manager" and or Tracking Log

After installing XP on the "Clean HDD",i then ran Avast before even activating XP,it came up with nothing,Until i opened up the SYSTEM restore Folder
Avast quickly Grabbed Three files it identified as the WIN32\GEN WORM
They were "Change log","Mount point Remote Manager",and an .exe named "user32.exe.All i had to do was OPEN the File "SYSTEM Volume Information"Folder in C:\
and there they were,Avast could not delete the CHANGELOG,after Putting them in the "Chest"and the other file remover programs i used to try and delete the files(HijackThis,GMER) could not even see ChangeLog,let alone Delete it,I used Malewarebytes for that,The FILE ASSASSIN did the trick,so i did the same thing to ALL my HDD's system Volume Information folders(File ASSASSIN) and i do NOT get Hijacked while browsing the internet, My settings and access to different programs do NOT get changed,I can access my controll panel,my firewall is turned on,My security setting can be enabled,There is No other Account Logged on to my Computer that is invisiable in TASK Manager,My system Monitoring Software now works as it should,and I DO NOT have 2 different short-cuts to FireFox on my QuickLaunch that lead me to a FAKE GOOGLE Page with fake "404" error's when i try and access spyware type downloads

One other thing that did happen was,I found a folder(wasn't there before)that was with the different drives(C,D,E) after i clicked on MY Computer,the file was marked with a long list of Numbers,inside it contained a bunch of program installers like MirCmd,which later i found out was a remote control software,it was hidden all the time i was searching for the problem's,But was easily deleted using windows,no traces of any of the programs were found in the registry,and Avast did not detect any Suspicious Programs
Pretty SINISTER if you ask me,and just lucky to have found it when and how i did
Hope this might help others with the same problems :thumbsup:

BC AdBot (Login to Remove)

 


#2 DSTM

DSTM

    "Bleepin' Aussie Addict"


  • Members
  • 2,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY-AUSTRALIA
  • Local time:05:44 PM

Posted 07 May 2010 - 02:53 PM

It will help others,and thanks for posting your Fix. :thumbsup:


















0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users