I need some info on a Win32:Malware-gen infection


  1. Posts : 2
    Windows 7 Professional x64
       #1

    I need some info on a Win32:Malware-gen infection


    So, I managed to accidentally install a program that has lead me to some malware on my pc (Yes it's been removed) but I need some help on knowing the maximum damage it could have done to my pc I have the executable files in a RAR archive and they have some bizarre names such as...
    • tmsgsawjzufsdnwlhh.exe
    • hdkvxoclnhnzxbja.exe

    But I'm still going to do some testing in a VM just to find out what happened and monitor it.
    I also found a startup process in msconfig called 'SYSCHECK' by an unknown manufacturer.
    PC Symptoms

    IE opening the executable files and leading me to foreign websites.
    Seeing my cursor randomly move on its own accord.

    Any answer to these questions would be greatly appreciated.
    ~Kian
      My Computer


  2. Posts : 6,021
    Win 7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
       #2

    Hi pretaxemu, welcome to Seven Forums,

    pretaxemu said:
    I managed to accidentally install a program that has lead me to some malware on my pc (Yes it's been removed)
    What was the program that you downloaded that contained Malware and what did you use to get rid of it?
      My Computer


  3. Posts : 2
    Windows 7 Professional x64
    Thread Starter
       #3

    I have no clue what software could have got bundled with the malware but if you want I could link a download of the files.
      My Computer


  4. Posts : 7,101
    W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
       #4

    If the exe file is still in startup

    you HAVE NOT removed it completly.

    suggest you run further malware checks on your system
    Eset on line, Malwarebytes and Farbar.

    ANY SUSPECT links will be removed by the Moderaters, and should never be posted in the first place on any public forum


    Roy
      My Computer


  5. Posts : 3,785
    win 8 32 bit
       #5

    A lot of these things may not do a lot other than download more and more malware. By being harmless they are not picked up by AV then they download other things often disabling Av. Upoad the file to https://www.virustotal.com/#/home/upload and tell us exactley what it is
      My Computer


  6. Posts : 2,465
    Windows 7 Ultimate x64
       #6

    Once malware managed to run on your system, you already lost the battle, the virus got control of your computer and, as Microsoft says, "it's not your computer anymore".
    Among the things it could do to you, it can:
    - Download other pieces of code from anywhere, and run them too.
    - Read all the files you have access to
    - Write all the files you have access to (that's what ransomware exploit)
    - Take screenshots
    - Capture all your keypresses
    - Send any of this to literally anywhere in the world.
    - Use your network connection to spread to other computers in your LAN (that's how companies are attacked/hacked).
    - Use your internet connection to spread over internet or to join a botnet to attack websites (and the blame will fall on you).
    - Attempt to exploit a vulnerability in the OS to escalate privileges and get a more permanent foothold on the PC.
    - Tamper with any software installed (including antiviruses and the OS).
    - Use your hardware for their purposes (like cracking passwords or mining cryptocurrencies).
    - Infect restore points and backups to prevent removal.
    - Install TLS certificates to spy on secure connections.
    - Attempt to persist themselves on hardware (BIOS, firmware, etc.) to survive a clean install.

    And certainly I'm missing many others. Most important is that all of those effects are mostly invisible to the user and have subtle effects, if any, and require a trained eye to spot. In practice, nowadays it's considered a waste of time to even try to clean systems once viruses run (even though antiviruses claim they can, it's largely untrue).
    While your testing in a VM could be a nice learning exercise, it's also incredibly risky because viruses can detect VMs and modify their behavior to hide themselves, and also you're still running the host that was originally infected. The risk of reinfection by the virus escaping the VM is there, and the chance of the host not being really cleaned is much higher. If you really want to do that, use a spare computer you can sacrifice.

    At this point, the only advisable step is to immediately stop using the affected computer and perform a complete reinstallation of the operating system as soon as possible, maybe extracting important data by booting an external OS.
      My Computer


  7. Posts : 1,784
    Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
       #7

    Go to another computer (a known clean computer) and create a Windows Defender Offline (WDO) disk. Go here to make the disk: https://support.microsoft.com/en-us/...-protect-my-pc

    Then boot the infected computer with that disk. This will bring you into the WDO program, but without loading Windows on the infected computer. You can then do a full scan and clean on the infected computer.

    WDO is not the best anti-virus program available; but this type of scan (a pre-Windows scan) can be very effective in cleaning your computer. I have had good results by using WDO to clean an infected computer.
      My Computer


  8. Posts : 3,615
    Win 10 x64, Linux Lite, Win 7 x64, BlackArch, & Kali
       #8
    Last edited by Snick; 25 May 2018 at 15:29. Reason: correct missing Hypertext Link
      My Computer


  9. Posts : 1,784
    Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
       #9

    Snick said:
    How to remove Win32:Malware-gen Trojan (Virus Removal Guide)
    No link.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:41.
Find Us