Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win.Downloader.Gen


  • Please log in to reply
10 replies to this topic

#1 matt13884

matt13884

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 13 October 2013 - 09:44 PM

Hi All,

 

Firstly, well done on such a useful and informative site.

 

I recently became aware that a program was run on my laptop that may have installed a virus. I ran the Windows recovery back to the initial factory settings. I then ran numerous anti virus programs (Norton, AVG, McAfee) and all came up clear. I ran Malwarebytes which also did not find anything. Finally I ran SpyBot which found Win32.Downloader.Gen. With the help of some threads already posted here I was able to remove it using AdwCleaner and now SpyBot does not find anything suspicious.

 

My question is, are there any other tools or suggestions that you might have that I can run to ensure that my laptop is indeed clean?

 

Thanks very much for your help,

Matt



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 AM

Posted 14 October 2013 - 01:24 AM

Hello Matt and Welcome

Win32.Downloader.Gen is basically a "generic name" for a range of infections.

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.
 

 

Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection software now to avoid potential conflicts.

See this topic How To Temporarily Disable Your Anti-virus
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

Leave your Antivirus program disabled 

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

Please run a free online scan with the ESET Online Scanner
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer.

Please be patient as this will take quite some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE....... If ESET doesn't find any threats it will often NOT produce any log.

 

Reboot and Enable your Antivirus again now -

 

Thank You -



#3 matt13884

matt13884
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 14 October 2013 - 08:13 PM

Thank you for the reply noknojon. You are right, the ESET scan does take some time! It is still running now. I will post the results as soon as its done.

 

Cheers,
Matt



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 AM

Posted 14 October 2013 - 08:22 PM

Hi -

It may take 2 or even 4 hours if an Online Scanner has never been used.

If you can, please let the scan finish and post the report back as per above -

 

Thanks -

EDIT - I had asked you to run ESET last for the reason that it can be slow on some systems, so please remember to do the items as listed, and often you can post their logs back so we know how you are going.


Edited by noknojon, 14 October 2013 - 10:02 PM.


#5 matt13884

matt13884
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 15 October 2013 - 12:56 AM

Got it, thanks. The scan is up to 6 hours 40 mins now and 43% done.

 

Here are the logs for the other tests.

 

Security Check:

 

 Results of screen317's Security Check version 0.99.74 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Reader 10.1.2 Adobe Reader out of Date! 
 Google Chrome 30.0.1599.69 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 McAfee Online Backup MOBKbackup.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by MattLoz on Mon 14/10/2013 at 20:21:19.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

Rkill:

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/14/2013 08:35:43 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\MattLoz\Desktop\rkill\rkill-10-14-2013-08-35-45.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/14/2013 08:36:00 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

 

 

Thanks
 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 AM

Posted 15 October 2013 - 01:14 AM

> The scan is up to 6 hours 40 mins now and 43% done. < That is slow.

If you cancel you may not get the log, but if you need the computer then pull out.

 

Even though you may not get a log, but you can let it run later if you have time ......


Edited by noknojon, 15 October 2013 - 01:15 AM.


#7 matt13884

matt13884
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 15 October 2013 - 10:23 PM

Its finally run! Although it did not find anything, and therefore no log. Any thoughts?

 

Thanks



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 AM

Posted 15 October 2013 - 10:45 PM

My question is, are there any other tools or suggestions that you might have that I can run to ensure that my laptop is indeed clean?

Hi -

Well we have run all of the main basic checks, so I must ask you -

Do you think that you have a problem, or is your system acting "normally" ?

 

Apart from 2 minor things, Update Adobe Reader (just Google Adobe) and last a Temp File clean-up.

Please download TFC, or Temp File Cleaner from Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button. 
  • TFC will terminate the Explorer process and all running applications and then begin the process of cleaning all of your temp folders.
  • When done, press OK and reboot your computer and finish the cleanup.

Reboot even if the program has not requested it just to finish.

 

I can list a Disk Check or a sfc /scannow, but there is no rush at this time -

 

Thanks -



#9 matt13884

matt13884
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 15 October 2013 - 11:12 PM

Not really, apart from a number of programs running in task manager that look unfamiliar, including numerous rundll.32.exe's. I may just be paranoid though..

 

I know you mentioned that win32.downloader.gen could mean a range of things but is it typically something that is caught by running a suspicious program where you have been specifically targeted? e.g. opening an email attachment?

 

Thanks

Matt



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:09 AM

Posted 16 October 2013 - 12:06 AM

OK -

Keep your Antivirus updated, scan with MBAM often, and take care.

I will keep an eye here for a few days if this continues.

 

If you encounter a new problem, post a new topic in Windows 7 or here.

 

Regards -



#11 matt13884

matt13884
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 16 October 2013 - 09:38 PM

Thanks very much for your help :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users