Win32Downloader.gen removal help requested.

Hi,



Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.



Please download zoek.zip or zoek.rar by smeenk (
Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:

    Code: 
    gpt.ini;z 
C:\Windows\System32\GroupPolicy;v
emptyalltemp;
autoclean;
  • Click on
    Run%20Script%20by%20zoek.png
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 
Thanks so much for your assistance TwinHeadedEagle!

TDSSKiller did not find any problems. Logs for both scans are attached.

When I rebootted the computer after the zoek scan, I received a Rundll error box: There was a problem starting c:\users\Jeff\AppData\local\Conduit\BackgroundContainer\BackgroundContainer.dll The specified file cannot be found.
 

Attachments

Ok, good :)

Let's try to fix that message:


Re-run Zoek script once more:



Code: 
emptyclsid;
C:\Windows\System32\GroupPolicy\GPT.INI;f
C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
C:\Windows\System32\GroupPolicy\User;fs
C:\Windows\System32\GroupPolicy\Machine;fs
 
I'm sorry, crucial bit of info that....Yes. Rundll error box is still there on reboot. Same message as before.
 
Re-run Zoek once more


Code: 
BackgroundContainer;a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule;e[code][/B]
 
Ok, run this Zoek script


Code: 
[-HKEY_USERS\S-1-5-21-1434600260-3385731672-2420101393-1000\Software\AppDataLow\Software\BackgroundContainer];r
[-HKEY_USERS\S-1-5-21-1434600260-3385731672-2420101393-1000\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager];r
[HKEY_USERS\S-1-5-21-1434600260-3385731672-2420101393-1000\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager];r
"LogicFilePath"=-;r
[HKEY_USERS\S-1-5-21-1434600260-3385731672-2420101393-1000\Software\Microsoft\Windows\CurrentVersion\Run];r
"BackgroundContainer"=-;r
 
Then we're done :)


The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
checkmark.png
Remove disinfection tools
checkmark.png
Create registry backup
checkmark.png
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 
Wow! Merci Mille Fois! I thought there would be more steps involved. In removing the files we just did via Zoek, the anti malware scanner I was using Malwarebytes, no longer functions. I now have to locate a good free scanning tool and to install an up-to-date antivirus protection. I can't thank you enough for your assistance.
 
Me again:
I'm still getting page redirects to software update sites and hollywood gossip sites and pop ups telling me files are out of date to call a phone number immediately. I obviously still have an an infection hiding somewhere. Can you recommend a another scan I can try?
 
Let's make another scan:



Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.




Please download zoek.zip or zoek.rar by smeenk (
Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:

    Code: 
    createsrpoint; 
StandardSearch; 
emptyfolderscheck; 
installer-list; 
installedprogs; 
uninstall-list;
  • Click on
    Run%20Script%20by%20zoek.png
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 
So sorry for the delay. I awoke yesterday to a total crash of my system. I was finally able to get back last night via a system restore in safe mode. I restored to the post infection point. I received TrendMicro Titanium for Christmas and had yet to install it. I attempted it last night. It gets 80% installed and system crashed again. I tried everything I knew to do and could not get past the blue screen. I finally did a 2nd system restore this morning. Hopefully I am back to where I was when your last set of instructions came through. I'll run these scans as I can this weekend and we'll go from there. Thanks for your patience!
 
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.




> Re-run zoek with this script and attach here fresh zoek log results.


Code: 
autoclean;
emptyclsid;
emptyalltemp;
 

Attachments

Downloaded fixlist and it ran and went to restart. Computer "shutting down" has been on screen for well over an hour. Is this normal?

Never mind previous question. Computer shut down and rebooted. Fixlist file generated.
 
Last edited:
Scans complete and attached.

May I ask a non-virus related question? In the last set of logs (installed programs) there are several programs that I do not know. Nero being one of them. I had to look it up and have never tried to install that program and it may be that a previous roomate may have done so. There are no Nero icons or exe files anywhere on my system that I can find. There are two Nero files that show up via the windows uninstall in Control Panel. Neither file will uninstall. A click of the uninstall button sets the status wheel in motion, but nothing happens. There are several other programs in that install list that do not appear in the Control Panel/Programs list. Is there any type of 'fix' to clean up the installed programs?
 

Attachments

You may also like...