Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Infected PC- Gencrawler

07 Aug 2012   #1

Windows 7 Ultimate SP1 x64
 
 
Infected PC- Gencrawler

So as of late one of my PCs got infected by a virus.The reason being is because it is a family PC and everyone has access to it, one day one of the household members downloaded something and now its causing issues.

First I did the regular MBAM scan and the following came up:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ion :: ION-PC [administrator]

7/27/2012 7:14:54 PM
mbam-log-2012-07-27 (19-14-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280611
Time elapsed: 1 hour(s), 5 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Ion\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)
But after clearing those I still have issues:
1)unwanted addons to IE9and Chrome
2) automatic tabs to spam sites opening
3) system slows down way too much

I am running MBAM again to make sure it picks anything up but some help would be appreciated.

My System SpecsSystem Spec
.

07 Aug 2012   #2

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 

I'd suggest running some addition scans with the following free utilities:

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Hitman Pro 3 - SurfRight

ESET Online Virus Scanner | ESET

Comodo Cleaning Essentials (newest release is 2.4.225190.192)

Windows Defender Offline

There are move on demand scanners available but these have proven to be pretty good. Problem is, once a computer becomes infected you can never be 100% sure that all traces of the infection have been removed no matter how many scans come back clean. A format and clean install (or restoring to a known clean system image) would be the ideal way to get rid of the malware.
My System SpecsSystem Spec
07 Aug 2012   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Do you have "Mediafinder"? You'll want to get rid of it, if you do.
Adware.Mediafinder Technical Details | Symantec
My System SpecsSystem Spec
.


07 Aug 2012   #4

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal.

MBAM did not manage to remove/take action against two of the files.

C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware.

And as mentioned above, a clean install is the safest option.
My System SpecsSystem Spec
07 Aug 2012   #5

Windows 7 Professional x64
 
 

And when the system is finally cleaned (probably after clean install) I would suggest setting up different user profiles for different family members, perhaps with some parental controls.
My System SpecsSystem Spec
08 Aug 2012   #6

Windows 7 Ultimate SP1 x64
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal.

MBAM did not manage to remove/take action against two of the files.

C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware.

And as mentioned above, a clean install is the safest option.
whoa, didn't even see those during the scan,don't know where they came from.
Also I wasn't able to initially find "C:\Users\Ion\Uploads\" there seems to be permissions issues even though I am loged in as admin.
My System SpecsSystem Spec
08 Aug 2012   #7

Windows 7 Ultimate SP1 x64
 
 

Quote   Quote: Originally Posted by Jacee View Post
Do you have "Mediafinder"? You'll want to get rid of it, if you do.
Adware.Mediafinder Technical Details | Symantec
Well, I cant get rid of it, but will follow the guide.
EDIT, the infected computer is now offline from the internet, as it turns out media finder is acting like proxy for illegal p2p file sharing.

On a side note I may not be able to give fast replies as school starts tomorrow.
My System SpecsSystem Spec
08 Aug 2012   #8

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem.

If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one.

You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus.
My System SpecsSystem Spec
08 Aug 2012   #9

Windows 7 Ultimate SP1 x64
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem.

If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one.

You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus.
yes I still have system restore, didn't even think about that. right now i am trying a previous restore point to check and see if I can resolve the problem.
My System SpecsSystem Spec
Reply

 Infected PC- Gencrawler




Thread Tools



Similar help and support threads for2: Infected PC- Gencrawler
Thread Forum
My Pc is Infected System Security
How often does your PC get infected? General Discussion
Infected? System Security
Does it appear that I am infected? System Security
Am I infected? General Discussion
Have you ever been infected? System Security
Does this look infected? LOL but seriously.. Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:47 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33