Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.gen Trojan


  • Please log in to reply
8 replies to this topic

#1 Needsomehelp567

Needsomehelp567

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 30 June 2016 - 04:38 PM

Hi there,

 

Unfortunately my computer decided to updrage to windows 10 by itself from windows 7, after upgrading webroot secure flagged up a win32.gen trojan.

 

I may stay with wondows 10 or roll back to 7 but I would like to get this cleared up first so any help would be greatly appreciated, thanks :)



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 AM

Posted 30 June 2016 - 07:45 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 Needsomehelp567

Needsomehelp567
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 01 July 2016 - 04:00 PM

Hi thanks for taking your time to help me, i will do this and reply with the logs
 
Adware log:
 
 
# AdwCleaner v5.201 - Logfile created 01/07/2016 at 21:35:18
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Dan - DAN-LAPTOP2
# Running from : C:\Users\Dan\Desktop\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder Deleted : C:\Users\Dan\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time

***** [ Files ] *****

[-] File Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zvsuhljiha-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zvsuhljiha-a.akamaihd.net_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

***** [ Web browsers ] *****

[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2261 bytes] - [01/07/2016 21:35:18]
C:\AdwCleaner\AdwCleaner[R0].txt - [1048 bytes] - [07/12/2014 12:10:10]
C:\AdwCleaner\AdwCleaner[R1].txt - [916 bytes] - [13/12/2014 14:41:21]
C:\AdwCleaner\AdwCleaner[R2].txt - [1027 bytes] - [22/12/2014 18:06:49]
C:\AdwCleaner\AdwCleaner[R3].txt - [1423 bytes] - [20/01/2015 13:58:06]
C:\AdwCleaner\AdwCleaner[R4].txt - [1816 bytes] - [15/06/2015 08:33:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [1114 bytes] - [07/12/2014 12:12:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [3945 bytes] - [13/12/2014 14:42:34]
C:\AdwCleaner\AdwCleaner[S2].txt - [1089 bytes] - [22/12/2014 18:08:02]
C:\AdwCleaner\AdwCleaner[S3].txt - [1490 bytes] - [20/01/2015 13:59:52]
C:\AdwCleaner\AdwCleaner[S4].txt - [2640 bytes] - [15/06/2015 08:36:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3063 bytes] ##########
 
 
 
 
 
 
 
 
 
 
JRT LOG:
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by Dan (Administrator) on Fri 07/01/2016 at 22:04:08.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\Dan\AppData\Roaming\speedrunnerslog.txt (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/01/2016 at 22:06:19.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 





Adware removal log:

[-] Deleted ->> File ->> C:\Program Files (x86)\SketchUp\SketchUp 2014\Materials\Colors-Named\0129_WhiteSmoke.skm
[-] Repaired ->> File ->> C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7o79mxrc.default\prefs.js
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome

 

 

 

 

 

ZHP has a problem updating so i cant do it

 

 

 

 

Zemana log:

 

Zemana AntiMalware 2.21.2.139 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/7/1
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-4700MQ CPU @ 2.40GHz
BIOS Mode              : Legacy
CUID                   : 12F051516711F7FCF5CBE5
Scan Type              : Deep Scan
Duration               : 74m 17s
Scanned Objects        : 529095
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

cbsidlm-cbsi183-Kingo_Android_Root-ORG-75996768.exe
Status             : Scanned
Object             : %userprofile%\downloads\cbsidlm-cbsi183-kingo_android_root-org-75996768.exe
MD5                : 609B83259466F78EC2014119B22100F8
Publisher          : CBS Interactive
Size               : 930952
Version            : 5.4.0.183
Detection          : Adware:Win32/CNETBundle!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\cbsidlm-cbsi183-kingo_android_root-org-75996768.exe

muht770htc.apk
Status             : Scanned
Object             : %userprofile%\documents\samsung\kies3\backup\sm-g900f\sm-g900f_07985287854\sm-g900f_20160613175347\others\download\muht770htc.apk
MD5                : 6912938E9D85B6B3B99F94088CE8C474
Publisher          : -
Size               : 766150
Version            : -
Detection          : Malicious:Android/Tamaca!Krae
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\documents\samsung\kies3\backup\sm-g900f\sm-g900f_07985287854\sm-g900f_20160613175347\others\download\muht770htc.apk


Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0
 


Edited by Needsomehelp567, 02 July 2016 - 02:34 AM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 AM

Posted 01 July 2016 - 06:12 PM

Skip it.



#5 Needsomehelp567

Needsomehelp567
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 03 July 2016 - 12:15 PM

All steps done, logs above



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 AM

Posted 04 July 2016 - 01:28 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#7 aayanpk

aayanpk

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 07 July 2016 - 05:01 AM

how do i remove it from avast i have windows 10 too



#8 Needsomehelp567

Needsomehelp567
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 07 July 2016 - 01:27 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/7/2016
Scan Time: 6:43 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.03.10
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Dan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398023
Time Elapsed: 54 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 AM

Posted 11 July 2016 - 04:24 AM

Sorry for the delay, you still need help?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users