AVAST 5 FREE SHOWING INFECTION OF WIN 32:malware-gen

Discussion in 'Security and Viruses' started by qrius2noall, Mar 5, 2010.

  1. qrius2noall

    qrius2noall New Member

    Joined:
    Mar 11, 2008
    Messages:
    14
    Trophy Points:
    4
    Ratings:
    +0 / 0 / -0
    I have been using Avast Free for the last four years(with mixed kind of emotions)and recently switched to AVAST 5 FREE.While downloading and installing some app Avast went crazy and gave alarms about WIN 32:malware gen(quite sad because while downloading and prior to install that app ,I had repeatedly scanned it with Avast but nothing was flagged as malware at that time.The trouble started after installation of that downloaded app )As Avast Was unable to delete the infection(file being offline or read only,as informed by Avast)I did reinstall of C drive but the trouble prevails.Dependable utilities (i have been using for years like CCLEANER uTORRENT,Malwre bytes etc) are being flagged troublesome and it is just annoying to say the least.Repeated uninstall and reinstall of AVAST 5 have not resolved the issue and as a last resort,I wanted to scan the PC in safe mode but sadly again,AVAST CANNOT SCAN IN SAFE MODE:ERROR MESSAGE BEING-UNABLE TO START SCAN THERE ARE NO MORE END POINTS AVAILABLE FROM THE END POINT MAPPER

    while right click scanning of c drive ,Avast shows signs of WIN32:malware genbut not able to delete these or move to chest.Same is the case with boottime scan also

    So You Can imagine ,I am feeling helpless and irritated-doubting whether these are false alarms(PC is working Reasonably Ok,no issues of slow or crashes)because at start of any app,AVAST starts flagging these as malware but unable to do anything about these infection-MILLION DOLLAR QUESTION-WHAT IS THE POINT IN KEEPON USING AVAST IF IT CANNOT PROTECT FROM MALWARE OR DELETE IT IF DETECTED


    Meanwhile I have done couple of scans with AVAST 5 FREE and the report is as follows:

    avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Friday, March 05, 2010 5:33:53 AM
    *

    3/5/2010 5:40:45 AM C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    3/5/2010 5:40:48 AM C:\WINDOWS\system32\core.dll [L] Win32:Malware-gen (0)
    File was successfully moved to chest...
    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Friday, March 05, 2010 5:52:23 AM
    *

    3/5/2010 5:56:35 AM C:\WINDOWS\SYSTEM32\OLE32.DLL [L] Win32:Malware-gen (0)
    While moving file to chest, error occurred: The specified file is read only
    During the file delete, error occurred: The specified file is read only
    *
    * avast! Real-time Shield Scan Report
    * This file is generated automatically
    *
    * Started on: Friday, March 05, 2010 6:25:55 AM
    *

    As you can see Avast is detecting the infection but is not able to remove it

    C:\WINDOWS\winstart.bat
    Error:File is offline-it is currently not available(ERROR 42006)

    C:\WINDOWS\SYS32\ole32.dll
    threat high Win32:Malware-gen
    The Specified file is read only(Error 6009)

    I hope this new info helps you to help me in this lousy situation

    Funny thing is I canot do the scan in SAFE MODE-The error message from AVAST is

    UNABLE TO START SCAN.THERE ARE NO MORE END POINTS AVAILABLE FROM THE END POINT MAPPER

    Any idea what it implies?


    Any suggestions as to how to resolve this issue are most welcome and appreciated

    q2na
     
  2. kv777

    kv777 Active Member

    Joined:
    Oct 18, 2009
    Messages:
    472
    Trophy Points:
    41
    Ratings:
    +0 / 0 / -0
    Scan using MBAM and see what happens.
     
  3. Flatlands

    Flatlands Active Member

    Joined:
    Jul 29, 2009
    Messages:
    295
    Trophy Points:
    41
    Ratings:
    +0 / 0 / -0
    http://forum.avast.com/index.php#2
     
  4. leofelix

    leofelix Distinguished Member

    Joined:
    Dec 27, 2008
    Messages:
    5,805
    Trophy Points:
    266
    Ratings:
    +1 / 0 / -0
    Hi
    C:\WINDOWS\SYS32\ole32.dll

    SYS32 is not a Windows system folder.

    more: are you using Windows 3.0?
    C:\WINDOWS\winstart.bat

    http://support.microsoft.com/kb/69186/
     
  5. hellnoire

    hellnoire *nix Technical Support

    Joined:
    Jan 24, 2009
    Messages:
    8,914
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    Windows 3.0 isn't a 32 bit OS... it's a 16 bit one.

    Mind posting a HijackThis log? for us, because it sounds like it's badly infected with something. And on top of that, Avast sounds like it's been corrupted...
     
  6. leofelix

    leofelix Distinguished Member

    Joined:
    Dec 27, 2008
    Messages:
    5,805
    Trophy Points:
    266
    Ratings:
    +1 / 0 / -0
    That's the strange thing



    apart of hellnoire's legit request of a HJT log.
    I suspect a TDS3 rootkit infection and an incompatibility with MS critical update MS10-15 (february).

    You may also check if your OS is compatible with MS10-15

    http://support.microsoft.com/kb/980966

    Then try to remove TDS3 Rootkit and other malware with HitMan Pro 3.5 (30 days free trial)
     
  7. Ranjan

    Ranjan Active Member

    Joined:
    Dec 21, 2009
    Messages:
    300
    Trophy Points:
    41
    Ratings:
    +0 / 0 / -0
    This is surely some sort of serious malware infection which is infecting all other EXE's and also have corrupted Avast. As suggested by members above, dload a fresh copy of MBAM and HijackThis. Update MBAM, do a full scan and post the log back here.

    Also post a HJT log.

    PS- Before dloading above tools, rename them to any random name.

    Alternatively, u can also use rescue discs.
     
  8. LizardMan

    LizardMan Notable Member

    Joined:
    Oct 2, 2009
    Messages:
    732
    Trophy Points:
    66
    Ratings:
    +0 / 0 / -0
    Last edited: Mar 5, 2010
  9. Ceyfer √

    Ceyfer √ Prominent Member

    Joined:
    May 15, 2007
    Messages:
    3,811
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    If your box is rootkited then it requires high level work of disinfection. Time to back-up your files and start the war...

    Avast or any AV solution can kill this threat if its detected before execution, but once executed inside the system then it is a very different story.
     
    Last edited: Mar 5, 2010
  10. safeguy

    safeguy Distinguished Member

    Joined:
    Jul 3, 2009
    Messages:
    5,632
    Trophy Points:
    268
    Ratings:
    +3 / 0 / -0
    Mind telling us what's the different story like? How do we go about removing such deep-level infections?
     

Share This Page...