AVAST 5 FREE SHOWING INFECTION OF WIN 32:malware-gen

[qrius2noall]

I have been using Avast Free for the last four years(with mixed kind of emotions)and recently switched to AVAST 5 FREE.While downloading and installing some app Avast went crazy and gave alarms about WIN 32:malware gen(quite sad because while downloading and prior to install that app ,I had repeatedly scanned it with Avast but nothing was flagged as malware at that time.The trouble started after installation of that downloaded app )As Avast Was unable to delete the infection(file being offline or read only,as informed by Avast)I did reinstall of C drive but the trouble prevails.Dependable utilities (i have been using for years like CCLEANER uTORRENT,Malwre bytes etc) are being flagged troublesome and it is just annoying to say the least.Repeated uninstall and reinstall of AVAST 5 have not resolved the issue and as a last resort,I wanted to scan the PC in safe mode but sadly again,AVAST CANNOT SCAN IN SAFE MODE:ERROR MESSAGE BEING-UNABLE TO START SCAN THERE ARE NO MORE END POINTS AVAILABLE FROM THE END POINT MAPPER

while right click scanning of c drive ,Avast shows signs of WIN32:malware genbut not able to delete these or move to chest.Same is the case with boottime scan also

So You Can imagine ,I am feeling helpless and irritated-doubting whether these are false alarms(PC is working Reasonably Ok,no issues of slow or crashes)because at start of any app,AVAST starts flagging these as malware but unable to do anything about these infection-MILLION DOLLAR QUESTION-WHAT IS THE POINT IN KEEPON USING AVAST IF IT CANNOT PROTECT FROM MALWARE OR DELETE IT IF DETECTED


Meanwhile I have done couple of scans with AVAST 5 FREE and the report is as follows:

avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Friday, March 05, 2010 5:33:53 AM
*

3/5/2010 5:40:45 AM C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
While moving file to chest, error occurred: The specified file is read only
During the file delete, error occurred: The specified file is read only
3/5/2010 5:40:48 AM C:\WINDOWS\system32\core.dll [L] Win32:Malware-gen (0)
File was successfully moved to chest...
*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Friday, March 05, 2010 5:52:23 AM
*

3/5/2010 5:56:35 AM C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
While moving file to chest, error occurred: The specified file is read only
During the file delete, error occurred: The specified file is read only
*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Friday, March 05, 2010 6:25:55 AM
*

As you can see Avast is detecting the infection but is not able to remove it

C:\WINDOWS\winstart.bat
Error:File is offline-it is currently not available(ERROR 42006)

C:\WINDOWS\SYS32\ole32.dll
threat high Win32:Malware-gen
The Specified file is read only(Error 6009)

I hope this new info helps you to help me in this lousy situation

Funny thing is I canot do the scan in SAFE MODE-The error message from AVAST is

UNABLE TO START SCAN.THERE ARE NO MORE END POINTS AVAILABLE FROM THE END POINT MAPPER

Any idea what it implies?


Any suggestions as to how to resolve this issue are most welcome and appreciated

q2na

[kv777]

Scan using MBAM and see what happens.

[Flatlands]

http://forum.avast.com/index.php#2

[leofelix]

Hi
C:\WINDOWS\SYS32\ole32.dll

SYS32 is not a Windows system folder.

more: are you using Windows 3.0?
C:\WINDOWS\winstart.bat

http://support.microsoft.com/kb/69186/

[hellnoire]

Windows 3.0 isn't a 32 bit OS... it's a 16 bit one.

Mind posting a HijackThis log? for us, because it sounds like it's badly infected with something. And on top of that, Avast sounds like it's been corrupted...

[leofelix]

Windows 3.0 isn't a 32 bit OS... it's a 16 bit one.

That's the strange thing

You can create a batch file called WINSTART.BAT to load memory-resident utilities in Windows applications. This gives you more conventional memory to run DOS applications under Microsoft Windows version 3.00. Microsoft LAN Manager and some other network drivers will not load properly using WINSTART.BAT. If the network driver does load, an error message is displayed on exit because there is no way to unload the driver.

apart of hellnoire's legit request of a HJT log.
I suspect a TDS3 rootkit infection and an incompatibility with MS critical update MS10-15 (february).

You may also check if your OS is compatible with MS10-15

http://support.microsoft.com/kb/980966

Then try to remove TDS3 Rootkit and other malware with HitMan Pro 3.5 (30 days free trial)

[Ranjan]

This is surely some sort of serious malware infection which is infecting all other EXE's and also have corrupted Avast. As suggested by members above, dload a fresh copy of MBAM and HijackThis. Update MBAM, do a full scan and post the log back here.

Also post a HJT log.

PS- Before dloading above tools, rename them to any random name.

Alternatively, u can also use rescue discs.

[LizardMan]

Alternatively, u can also use rescue discs.

Try this one.(avira resque cd)

[Ceyfer √]

TDS3 rootkit infection

If your box is rootkited then it requires high level work of disinfection. Time to back-up your files and start the war...

Avast or any AV solution can kill this threat if its detected before execution, but once executed inside the system then it is a very different story.

[safeguy]

If your box is rootkited then it requires high level work of disinfection. Time to back-up your files and start the war...

Avast or any AV solution can kill this threat if its detected before execution, but once executed inside the system then it is a very different story.

Mind telling us what's the different story like? How do we go about removing such deep-level infections?