Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: I need some info on a Win32:Malware-gen infection

18 May 2018   #1
pretaxemu

Windows 7 Professional x64
 
 
I need some info on a Win32:Malware-gen infection

So, I managed to accidentally install a program that has lead me to some malware on my pc (Yes it's been removed) but I need some help on knowing the maximum damage it could have done to my pc I have the executable files in a RAR archive and they have some bizarre names such as...
  • tmsgsawjzufsdnwlhh.exe
  • hdkvxoclnhnzxbja.exe
But I'm still going to do some testing in a VM just to find out what happened and monitor it.
I also found a startup process in msconfig called 'SYSCHECK' by an unknown manufacturer.
PC Symptoms

IE opening the executable files and leading me to foreign websites.
Seeing my cursor randomly move on its own accord.

Any answer to these questions would be greatly appreciated.
~Kian


My System SpecsSystem Spec
.
18 May 2018   #2
Paul Black

7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
 
 

Hi pretaxemu, welcome to Seven Forums,

Quote   Quote: Originally Posted by pretaxemu View Post
I managed to accidentally install a program that has lead me to some malware on my pc (Yes it's been removed)
What was the program that you downloaded that contained Malware and what did you use to get rid of it?
My System SpecsSystem Spec
18 May 2018   #3
pretaxemu

Windows 7 Professional x64
 
 

I have no clue what software could have got bundled with the malware but if you want I could link a download of the files.
My System SpecsSystem Spec
.

18 May 2018   #4
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

If the exe file is still in startup

you HAVE NOT removed it completly.

suggest you run further malware checks on your system
Eset on line, Malwarebytes and Farbar.

ANY SUSPECT links will be removed by the Moderaters, and should never be posted in the first place on any public forum


Roy
My System SpecsSystem Spec
18 May 2018   #5
samuria

win 8 32 bit
 
 

A lot of these things may not do a lot other than download more and more malware. By being harmless they are not picked up by AV then they download other things often disabling Av. Upoad the file to https://www.virustotal.com/#/home/upload and tell us exactley what it is
My System SpecsSystem Spec
18 May 2018   #6
Alejandro85

Windows 7 Ultimate x64
 
 

Once malware managed to run on your system, you already lost the battle, the virus got control of your computer and, as Microsoft says, "it's not your computer anymore".
Among the things it could do to you, it can:
- Download other pieces of code from anywhere, and run them too.
- Read all the files you have access to
- Write all the files you have access to (that's what ransomware exploit)
- Take screenshots
- Capture all your keypresses
- Send any of this to literally anywhere in the world.
- Use your network connection to spread to other computers in your LAN (that's how companies are attacked/hacked).
- Use your internet connection to spread over internet or to join a botnet to attack websites (and the blame will fall on you).
- Attempt to exploit a vulnerability in the OS to escalate privileges and get a more permanent foothold on the PC.
- Tamper with any software installed (including antiviruses and the OS).
- Use your hardware for their purposes (like cracking passwords or mining cryptocurrencies).
- Infect restore points and backups to prevent removal.
- Install TLS certificates to spy on secure connections.
- Attempt to persist themselves on hardware (BIOS, firmware, etc.) to survive a clean install.

And certainly I'm missing many others. Most important is that all of those effects are mostly invisible to the user and have subtle effects, if any, and require a trained eye to spot. In practice, nowadays it's considered a waste of time to even try to clean systems once viruses run (even though antiviruses claim they can, it's largely untrue).
While your testing in a VM could be a nice learning exercise, it's also incredibly risky because viruses can detect VMs and modify their behavior to hide themselves, and also you're still running the host that was originally infected. The risk of reinfection by the virus escaping the VM is there, and the chance of the host not being really cleaned is much higher. If you really want to do that, use a spare computer you can sacrifice.

At this point, the only advisable step is to immediately stop using the affected computer and perform a complete reinstallation of the operating system as soon as possible, maybe extracting important data by booting an external OS.
My System SpecsSystem Spec
23 May 2018   #7
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

Go to another computer (a known clean computer) and create a Windows Defender Offline (WDO) disk. Go here to make the disk: https://support.microsoft.com/en-us/...-protect-my-pc

Then boot the infected computer with that disk. This will bring you into the WDO program, but without loading Windows on the infected computer. You can then do a full scan and clean on the infected computer.

WDO is not the best anti-virus program available; but this type of scan (a pre-Windows scan) can be very effective in cleaning your computer. I have had good results by using WDO to clean an infected computer.
My System SpecsSystem Spec
25 May 2018   #8
Snick

Win 10 x64, Linux Lite, Win 7 x64, BlackArch, Kali, VMWare Workstation Player, OpenVPN
 
 

My System SpecsSystem Spec
25 May 2018   #9
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

Quote   Quote: Originally Posted by Snick View Post
How to remove Win32:Malware-gen Trojan (Virus Removal Guide)
No link.
My System SpecsSystem Spec
Reply

 I need some info on a Win32:Malware-gen infection




Thread Tools




Similar help and support threads
Thread Forum
Possible malware infection
Sorry if ths is in the wrong section,,i wasn't sure where to put itl. My cother computer wont let me visit any pages at all with any browser and it also wont let me run hardly any programs either. I have cleeaned the system with Malwarebytes Anti Malware and tried to use superantispyware but...
System Security
Malware infection.
Hi, so this all started when I clicked on a Shipment Label.exe that arrived on my email, impersonating FedEx, a minute later, I get hit by a Malware denying me internet. So, I start by running Avira which didn't find anything. So, I go onto my laptop to see what I can do, after that, I restart my...
System Security
Possible malware infection
Hey, I have been having problems with BSODs, and have been redirected to here from the BSOD subforum. https://www.sevenforums.com/bsod-help-support/281276-recent-bsods-happening-random.html I have no idea what I should post or say here furthermore, but I do need help as it is a very big...
System Security
Malware Infection
hello everyone, got a problem here, i use Avast! Free AV and Malwarebytes free, i already scan everything and nothing was detected, but once in a while Avast always detect this malware infection :( Infection Details URL: ...
System Security
Malware Infection?
I'd appreciate any advice on the following Malware problem. My girlfriend's computer was 'hijacked' a couple of days ago by some malware which claimed to have 'locked' the computer and demanded payment for 'unlocking'. It was obviously a scam though looked 'official', stating her IP address and...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:55.
Twitter Facebook Google+