TR/Downloader.gen found by Avira

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by 6295, Oct 6, 2009.

  1. 6295

    6295 Private E-2

    TR/Downloader.gen was found by Avira which I deleted.

    The computer tends to lag a little more than normla and hangs after I have used it for several hours.

    I ran ComboFix, Antimalwarebytes scan, Avira full scan Norton online scanner full scan. Advanced systemcare + all fixes. And CCleaner.

    I've done all the precautionary actions (updated Java etc) to prevent to get infected but I think I still got infected.

    I am still not sure if my computer is clean. The downloader.gen was found again earlier today even though I ran a full virus scan last week.

    MGlogs attached.
     

    Attached Files:

    6295, Oct 6, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please remove ComboFix.exe from the below location and put it on your Desktop as requested. Otherwise later steps will not work.
    c:\users\Lenovo\Downloads\ComboFix.exe

    Delete the below files:
    c:\programdata\xml229D.tmp
    c:\programdata\xmlD6FE.tmp
    c:\programdata\xmlC17A.tmp
    c:\programdata\xml3601.tmp
    c:\programdata\xml3370.tmp
    c:\programdata\xmlD5E5.tmp


    You did not run all of the READ & RUN ME FIRST. Malware Removal Guide as required. We need the logs from SUPERAntiSpyware, Malwarebytes and RootRepeal.

    Also when you ran MGtools did you notice any error messgaes like stated in the instructions for running MGtools? It did not run properly and the logs are incomplete.

    As far as performance/lag issues are concerned, I suggest that you remove Windows Defender and Sandboxie.
     
    chaslang, Oct 10, 2009
    #2
  3. 6295

    6295 Private E-2

    Thanks for your reply.


    ComboFix ran on desktop: attached log

    Temp files removed.

    I ran SuperAntiSpyware, Malwarebytes and RootRepeal again (about 2 hour each scan). Attached logs for SaS and Malwarebytes. Rootrepeal ran for over an hour and crashed somehow (it disappeared from the desktop and I found no log)

    New mglogtools logs attached + also some errors (screenshots) it produced.
     

    Attached Files:

    Last edited by a moderator: Oct 14, 2009
    6295, Oct 10, 2009
    #3
  4. 6295

    6295 Private E-2

    Here are the errors Mgtools produced
     

    Attached Files:

    6295, Oct 10, 2009
    #4
  5. 6295

    6295 Private E-2

    No crash file or dump found on my HD for the rootrepeal.

    Here's and older root repeal scan log (when it did not crash)

    Scan Start Time: 2009/09/05 23:20 (attached)
     

    Attached Files:

    6295, Oct 10, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not sure why MGtools is not running properly for you but your logs are not really indicating any malware. Just a lot of not recommended gambling programs like below which are dangerous to your security. You seem to be addicted:

    Betfair Poker
    Casino.Net
    Holdem Manager
    Klub8 Casino
    Party EzCASH Free Trial
    PartyCasino
    PartyPoker
    Poker Grapher
    Poker Tracker Omaha Version 1.12.00
    PokerAce Hud (remove only)
    PokerEV
    PokerStars
    Rushmore Casino


    You need to uninstall the below old Sun Java versions and update to the current version as requested in the READ & RUN ME.

    Java(TM) 6 Update 13
    Java(TM) 6 Update 2



    Since you are not having malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link:
     
    chaslang, Oct 15, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds