 | |
| |
| 07 Aug 2012 | #1 |
| | Infected PC- Gencrawler So as of late one of my PCs got infected by a virus  .The reason being is because it is a family PC and everyone has access to it, one day one of the household members downloaded something and now its causing issues.First I did the regular MBAM scan and the following came up: Code: Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.27.11
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ion :: ION-PC [administrator]
7/27/2012 7:14:54 PM
mbam-log-2012-07-27 (19-14-54).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280611
Time elapsed: 1 hour(s), 5 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Ion\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
(end) 1)unwanted addons to IE9and Chrome 2) automatic tabs to spam sites opening 3) system slows down way too much I am running MBAM again to make sure it picks anything up but some help would be appreciated. |
My System Specs | |
| 07 Aug 2012 | #2 |
| | I'd suggest running some addition scans with the following free utilities: SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Hitman Pro 3 - SurfRight ESET Online Virus Scanner | ESET Comodo Cleaning Essentials (newest release is 2.4.225190.192) Windows Defender Offline There are move on demand scanners available but these have proven to be pretty good. Problem is, once a computer becomes infected you can never be 100% sure that all traces of the infection have been removed no matter how many scans come back clean. A format and clean install (or restoring to a known clean system image) would be the ideal way to get rid of the malware. |
| My System Specs |
| 07 Aug 2012 | #3 |
| | Do you have "Mediafinder"? You'll want to get rid of it, if you do. Adware.Mediafinder Technical Details | Symantec |
| My System Specs |
| . |
| |
| 07 Aug 2012 | #4 |
| | Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal. MBAM did not manage to remove/take action against two of the files. C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken. C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken. If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware. And as mentioned above, a clean install is the safest option. Last edited by Borg 386; 07 Aug 2012 at 04:51 PM.. |
| My System Specs |
| 07 Aug 2012 | #5 |
| | And when the system is finally cleaned (probably after clean install) I would suggest setting up different user profiles for different family members, perhaps with some parental controls. |
| My System Specs |
| 08 Aug 2012 | #6 |
| | 
Quote: Originally Posted by Borg 386  Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal. MBAM did not manage to remove/take action against two of the files. C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken. C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken. If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware. And as mentioned above, a clean install is the safest option.  Also I wasn't able to initially find "C:\Users\Ion\Uploads\" there seems to be permissions issues even though I am loged in as admin.  |
| My System Specs |
| 08 Aug 2012 | #7 |
| |
Quote: Originally Posted by Jacee Do you have "Mediafinder"? You'll want to get rid of it, if you do. Adware.Mediafinder Technical Details | Symantec EDIT, the infected computer is now offline from the internet, as it turns out media finder is acting like proxy for illegal p2p file sharing. On a side note I may not be able to give fast replies as school starts tomorrow. |
| My System Specs |
| 08 Aug 2012 | #8 |
| | Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem. If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one. You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus. |
| My System Specs |
| 08 Aug 2012 | #9 |
| |
Quote: Originally Posted by Borg 386 Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem. If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one. You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus. |
| My System Specs |
 |
Infected PC- Gencrawler problems?
| Thread Tools | |
| Similar help and support threads for: Infected PC- Gencrawler | ||||
| Thread | Forum | |||
| How often does your PC get infected? | General Discussion | |||
| Infected? | System Security | |||
| Does it appear that I am infected? | System Security | |||
| Am I infected? | General Discussion | |||
| Have you ever been infected? | System Security | |||
All times are GMT -5. The time now is 10:51 PM.
