Infected PC- Gencrawler

[ionbasa]

So as of late one of my PCs got infected by a virus.The reason being is because it is a family PC and everyone has access to it, one day one of the household members downloaded something and now its causing issues.

First I did the regular MBAM scan and the following came up:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ion :: ION-PC [administrator]

7/27/2012 7:14:54 PM
mbam-log-2012-07-27 (19-14-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280611
Time elapsed: 1 hour(s), 5 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Ion\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)

But after clearing those I still have issues:
1)unwanted addons to IE9and Chrome
2) automatic tabs to spam sites opening
3) system slows down way too much

I am running MBAM again to make sure it picks anything up but some help would be appreciated.

 

[marsmimar]

I'd suggest running some addition scans with the following free utilities:

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Hitman Pro 3 - SurfRight

ESET Online Virus Scanner | ESET

Comodo Cleaning Essentials (newest release is 2.4.225190.192)

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

There are move on demand scanners available but these have proven to be pretty good. Problem is, once a computer becomes infected you can never be 100% sure that all traces of the infection have been removed no matter how many scans come back clean. A format and clean install (or restoring to a known clean system image) would be the ideal way to get rid of the malware.

 

[Jacee]

Do you have "Mediafinder"? You'll want to get rid of it, if you do.
Adware.Mediafinder Technical Details | Symantec

 

[Borg 386]

Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal.

MBAM did not manage to remove/take action against two of the files.

C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware.

And as mentioned above, a clean install is the safest option.

 

[PatrickGSR94]

And when the system is finally cleaned (probably after clean install) I would suggest setting up different user profiles for different family members, perhaps with some parental controls.

 

[ionbasa]

Someone in your household is d/l ing questionable files. It would be best to bring them up to speed on the risks that these carry & the damage they can inflict on a PC. Not to mention the personal information they can steal.

MBAM did not manage to remove/take action against two of the files.

C:\Users\Ion\Uploads\Mixcraft\patch\acoustica.mixcraft.5.2.build.151-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ion\Uploads\Sony Acid Pro 7e\keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

If MBAM cannot remove these, you'll have to try one of the scanners marsmimar recommended. Also follow Jacees advice & check to see if you have the mentioned malware.

And as mentioned above, a clean install is the safest option.

whoa, didn't even see those during the scan,don't know where they came from.
Also I wasn't able to initially find "C:\Users\Ion\Uploads\" there seems to be permissions issues even though I am loged in as admin.

 

[ionbasa]

Do you have "Mediafinder"? You'll want to get rid of it, if you do.
Adware.Mediafinder Technical Details | Symantec

Well, I cant get rid of it, but will follow the guide.
EDIT, the infected computer is now offline from the internet, as it turns out media finder is acting like proxy for illegal p2p file sharing.

On a side note I may not be able to give fast replies as school starts tomorrow.

 

[Borg 386]

Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem.

If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one.

You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus.

 

[ionbasa]

Do you still have system restore capabilities? If so, you may wish to try that first. Roll back 2 or 3 points past the initial infection point (Some malware embeds itself in the first restore point). This may fix the problem.

If not, then it might be wise to run Windows Defender Offline as suggested by marsmimar. This is a boot disk, or it can be run from a USB. Make sure you d/l the files on another PC, not the infected one.

You can also try running MBAM in safe mode & see if it can remove the problem files. However, there may be damage to some of your OS files depending on the severity of the virus.

yes I still have system restore, didn't even think about that. right now i am trying a previous restore point to check and see if I can resolve the problem.