Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Infected PC- Gencrawler

07 Aug 2012   #1
ionbasa

Windows 7 Ultimate SP1 x64
 
 
Infected PC- Gencrawler

So as of late one of my PCs got infected by a virus.The reason being is because it is a family PC and everyone has access to it, one day one of the household members downloaded something and now its causing issues.

First I did the regular MBAM scan and the following came up:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ion :: ION-PC [administrator]

7/27/2012 7:14:54 PM
mbam-log-2012-07-27 (19-14-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280611
Time elapsed: 1 hour(s), 5 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Ion\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)
But after clearing those I still have issues:
1)unwanted addons to IE9and Chrome
2) automatic tabs to spam sites opening
3) system slows down way too much

I am running MBAM again to make sure it picks anything up but some help would be appreciated.


My System SpecsSystem Spec
.

07 Aug 2012   #2
marsmimar

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 

I'd suggest running some addition scans with the following free utilities:

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Hitman Pro 3 - SurfRight

ESET Online Virus Scanner | ESET

Comodo Cleaning Essentials (newest release is 2.4.225190.192)

Windows Defender Offline

There are move on demand scanners available but these have proven to be pretty good. Problem is, once a computer becomes infected you can never be 100% sure that all traces of the infection have been removed no matter how many scans come back clean. A format and clean install (or restoring to a known clean system image) would be the ideal way to get rid of the malware.
My System SpecsSystem Spec
07 Aug 2012   #3
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Do you have "Mediafinder"? You'll want to get rid of it, if you do.
Adware.Mediafinder Technical Details | Symantec
My System SpecsSystem Spec
.


07 Aug 2012   #4
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal.

MBAM did not manage to remove/take action against two of the files.

C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware.

And as mentioned above, a clean install is the safest option.
My System SpecsSystem Spec
07 Aug 2012   #5
PatrickGSR94

Windows 7 Professional x64
 
 

And when the system is finally cleaned (probably after clean install) I would suggest setting up different user profiles for different family members, perhaps with some parental controls.
My System SpecsSystem Spec
08 Aug 2012   #6
ionbasa

Windows 7 Ultimate SP1 x64
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal.

MBAM did not manage to remove/take action against two of the files.

C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware.

And as mentioned above, a clean install is the safest option.
whoa, didn't even see those during the scan,don't know where they came from.
Also I wasn't able to initially find "C:\Users\Ion\Uploads\" there seems to be permissions issues even though I am loged in as admin.
My System SpecsSystem Spec
08 Aug 2012   #7
ionbasa

Windows 7 Ultimate SP1 x64
 
 

Quote   Quote: Originally Posted by Jacee View Post
Do you have "Mediafinder"? You'll want to get rid of it, if you do.
Adware.Mediafinder Technical Details | Symantec
Well, I cant get rid of it, but will follow the guide.
EDIT, the infected computer is now offline from the internet, as it turns out media finder is acting like proxy for illegal p2p file sharing.

On a side note I may not be able to give fast replies as school starts tomorrow.
My System SpecsSystem Spec
08 Aug 2012   #8
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem.

If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one.

You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus.
My System SpecsSystem Spec
08 Aug 2012   #9
ionbasa

Windows 7 Ultimate SP1 x64
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem.

If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one.

You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus.
yes I still have system restore, didn't even think about that. right now i am trying a previous restore point to check and see if I can resolve the problem.
My System SpecsSystem Spec
Reply

 Infected PC- Gencrawler




Thread Tools





Similar help and support threads
Thread Forum
My PC is infected!
:(I've tried to find these things and delete them. But I have at least two I can't get rid of. One of them is a "PC CLeaner" Another is some problem in ITunes saying its not for my new W-7....but it always was good till this other thing came along. The PC is doing something else when I...
System Security
I am infected.
I was looking for info on a new korean game called tree of saviour and i found a webpage siliconera.com which apparently had a good image of the game classes so i tried to go into the page and suddenly a windows want to execute cmd something came up and i went full retard and put yes my laptop...
System Security
I think we have been infected... need some help
Was using this computer today with no issues, all of a sudden I come home tonight and any browser I choose, mozzilla, chrome has all kinds of pop ups occurring. We run two computers in the house, but it seems only this one is having the problem. We run Mcaffe security suite and everything...
Browsers & Mail
Infected?
I'm wondering if I got a virus. I got the death blue screen once, but only once. Things boot fine now. Anyway, later, when I try to run various applications, I get errors for some of them, like this: "The application was unable to start correctly (0x0000005). Click OK to close the application."...
System Security
Does it appear that I am infected?
Hello to all, Thank you for any response. Yesterday while running Malwarebytes Antimalware a scan on Windows 7 Ultimate 64 bit it seemed to freeze up, now to be honest on certain cab or manifest files it can take a long time. But the clock was over 5 minutes slow, cursor immovable, and Task ...
System Security
Have you ever been infected?
Yes. During the years of IE6 we used Norton. It was regularly finding viruses/malware until we switched to Firefox. We switched to AVG. It found at least one threat my dad had downloaded. We tried ESET and I downloaded a program that 1000s had downloaded and a few said it was clean. It seemed to...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:58.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App