Jump to content

Recommended Posts

Ok here we go :), i have been a malwarebytes free user for about 6 months, so far so good up till last week when I changed my AV from avg to avast. ok so here is my prob i ran scan with malwarebytes and avast and both came out clean but then as of saturday (5/6/2010) avast started popping up with a warning for Win32:malware-gen the file keeps coming up in C:\Windows\temp so i moved it to the virus chest in avast thinking that would be the last of it but so far i am now getting a warning every 10 - 40 mins of the infection in the same folder, the file name is always HKI#####.exe (# = diff numbers as they change every time) i have googled till my brain has exploded and am now ready to kick my pc till it pops lol. please help.

System OS: XP home sp2

CPU: 3.4GHz P4 (hyperthread Extreme)

RAM: 1.5GB ddr 400

Internet Browser: FireFox 3.6.3

Anti Malware: Malwarebytes

AV Software: Avast 4.8 pro

Thanks for any help anyone can give and sorry if this post is in the wrong place as i'v never posted on a forum b4 and have no idea what i'm doin lol

Link to post
Share on other sites

Hi Man -

Is there any sign of it in Malwarebytes or only in Avast -

First it is time to update to XP SP3 - Update it now while there is still good support for XP and then get M/soft updates for it -

Also the Avast is not updated , it should be V 5.0.545

Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Thank You - :)

EDIT - This is the right place to start this post - :)

Link to post
Share on other sites

yeah it is only avast finding it malwarebytes shows as all clear, i tryed sp 3 a while back and it slowed my pc down so badly it was like using an old 486 lol and i will look into y avast has not updated its self as all the auto update stuff is on. is there any report u want me to generate that might help?

Link to post
Share on other sites

Hello manwithaplan

Just to let you know that Microsoft will stop providing support for Windows XP Service Pack 2 on July 13, 2010. After this date, public support for these products ends and Microsoft will no longer provide any assisted support or security updates.

As you stated the SP3 slowed your pc down, you may consider up grading your ram. Just a thought :)

Link to post
Share on other sites

I am using XP Pro with Malwarebytes and avast! V5.0.545 without a problem.

Did you remove AVG completly before installing avast!?

AVG Remover

http://www.avg.com/us-en/download-tools

Link to post
Share on other sites

Only trying to help :)

Please follow noknojon's instructions

And then try YoKenny1's suggestion as the AVG removal tool also removes "Registry Keys"

And if you decide to update to SP3, use this guide from Microsoft to install the SP3 update

Steps to take before you install Windows XP Service Pack 3-HERE

Link to post
Share on other sites

lol i know ur helping lol sorry if that sounded like i was being rude that was not my intension (hope i spelt that right lol)

I use ieSpell

Introduction

ieSpell is a free Internet Explorer browser extension that spell checks text input boxes on a webpage. It should come in particularly handy for users who do a lot of web-based text entry (e.g. web mails, forums, blogs, diaries). Even if your web application already includes spell checking functionality, you might still want to install this utility because it is definitely much faster than a server-side solution. Plus you get to store and use your personal word list across all your applications, instead of maintaining separate ones on each application.

http://www.iespell.com

This is not Twitter and having more information is good.

post-100-1275931067_thumb.jpg

Link to post
Share on other sites

ok please tell me what info u would like and be as technical as u like just u all know, i know a fair bit about pc's have built many and used them for many year, just to give u an idea my 1st "pc" was an amstrad 1512 word pro lolol (and no i'm not 100 years old YET!) lol and again thanks for all the help ur all givin me, i have never come across some this nasty b4. oh and fast update. i used the avg remover as u said and there was nothing left. i emailed avast about y i am still on 4.8 as i payed for mine they are going to send me a disk as i don't really want to download stuff with the nasty, evil thing on here but they did say as long as i keep the definition file update to date (which it is) then its not to much to worry about.

Link to post
Share on other sites

manwithaplan

You seem to be very young and do not know much yet and need to understand much yet. :)

As your system is infected you need to go to review:

I'm infected - What do I do now?, Please follow these instructions to clean your system

http://forums.malwarebytes.org/index.php?showtopic=9573

post-100-1275938477_thumb.jpg

Link to post
Share on other sites

Hi again Man -

Sorry if the way YoKenny1 put it meant a "young teen" or similar - I think he meant more inexperienced -

The link he has left is to our section that helps to clean infections and problems you may be having -

If you feel that you would like us to check and repair any Operation Faults then the offer is always open (and free) -

Not sure of problems as XP SP3 has not 'slowed' most systems , but adds better results to most systems - I have had it since just after it came out -

Please follow the advice from Wide Glide as to updating to SP3 as you may have problems, and then use this link http://forums.malwarebytes.org/index.php?showtopic=9573 to self check the problem also -

Again our system checks and repairs are free if you want it , as any popups can be an infection -

Win32:malware-gen - This is my concern -

Thank You for your replies - :)

EDIT - Please, always post back if you require more information

Link to post
Share on other sites

inexperienced is a good word when it comes to infections as nearly all the ones i have come across have been removed one way or another but this one will not go, i don't see how SP3 will combat this so pls if anyone would mind explain what it would do to help. i will try and follow the instuctions for the i'm infected what do i do now part :)

Link to post
Share on other sites

ok i have "TRYED" to follow the instructions on that link I ran dds and have the 2 reports i ran the rootkit scanner which took 4 hours only to crash when i tryed to save the report and basiclt halted my machine. so do i still zip up these 2 reports or just try and post them here?

Link to post
Share on other sites

Hello again manwithaplan :)

Please zip up the reports and Start a New Topic Here

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Also, when replying, please use the ADD REPLY button located at the bottom of the page, as this makes the forum easier to read

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.