Help to remove Win32Downloader.gen greatly appreciated. I hope I haven't waited too long to get this fixed.
Win32Downloader.gen removal help requested.
- Thread starter Dooley Hoed
- Start date
- Mar 8, 2013
- 22,627
Hi,
Download TDSSKiller and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
Download TDSSKiller and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
- Press Start Scan
- If Suspicious object is detected, the default action will be Skip, click on Continue.
- If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Please download zoek.zip or zoek.rar by smeenk (
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code:gpt.ini;z C:\Windows\System32\GroupPolicy;v emptyalltemp; autoclean; - Click on
button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
Thanks so much for your assistance TwinHeadedEagle!
TDSSKiller did not find any problems. Logs for both scans are attached.
When I rebootted the computer after the zoek scan, I received a Rundll error box: There was a problem starting c:\users\Jeff\AppData\local\Conduit\BackgroundContainer\BackgroundContainer.dll The specified file cannot be found.
TDSSKiller did not find any problems. Logs for both scans are attached.
When I rebootted the computer after the zoek scan, I received a Rundll error box: There was a problem starting c:\users\Jeff\AppData\local\Conduit\BackgroundContainer\BackgroundContainer.dll The specified file cannot be found.
- Mar 8, 2013
- 22,627
Ok, good 
Let's try to fix that message:
Re-run Zoek script once more:
Let's try to fix that message:
Re-run Zoek script once more:
Code:
emptyclsid;
C:\Windows\System32\GroupPolicy\GPT.INI;f
C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
C:\Windows\System32\GroupPolicy\User;fs
C:\Windows\System32\GroupPolicy\Machine;fs- Mar 8, 2013
- 22,627
I'm sorry, crucial bit of info that....Yes. Rundll error box is still there on reboot. Same message as before.
- Mar 8, 2013
- 22,627
Re-run Zoek once more
Code:
BackgroundContainer;a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule;e[code][/B]Back from a 4 hour dental appointment.
Zoek ran again with new script.
Rundll error still present.
Zoek ran again with new script.
Rundll error still present.
- Mar 8, 2013
- 22,627
Ok, run this Zoek script
Code:
[-HKEY_USERS\S-1-5-21-1434600260-3385731672-2420101393-1000\Software\AppDataLow\Software\BackgroundContainer];r
[-HKEY_USERS\S-1-5-21-1434600260-3385731672-2420101393-1000\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager];r
[HKEY_USERS\S-1-5-21-1434600260-3385731672-2420101393-1000\Software\AppDataLow\Software\BackgroundContainer\LogicFileManager];r
"LogicFilePath"=-;r
[HKEY_USERS\S-1-5-21-1434600260-3385731672-2420101393-1000\Software\Microsoft\Windows\CurrentVersion\Run];r
"BackgroundContainer"=-;r- Mar 8, 2013
- 22,627
Then we're done
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Wow! Merci Mille Fois! I thought there would be more steps involved. In removing the files we just did via Zoek, the anti malware scanner I was using Malwarebytes, no longer functions. I now have to locate a good free scanning tool and to install an up-to-date antivirus protection. I can't thank you enough for your assistance.
Me again:
I'm still getting page redirects to software update sites and hollywood gossip sites and pop ups telling me files are out of date to call a phone number immediately. I obviously still have an an infection hiding somewhere. Can you recommend a another scan I can try?
I'm still getting page redirects to software update sites and hollywood gossip sites and pop ups telling me files are out of date to call a phone number immediately. I obviously still have an an infection hiding somewhere. Can you recommend a another scan I can try?
- Mar 8, 2013
- 22,627
Let's make another scan:
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Please download zoek.zip or zoek.rar by smeenk (
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code:createsrpoint; StandardSearch; emptyfolderscheck; installer-list; installedprogs; uninstall-list; - Click on
button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
So sorry for the delay. I awoke yesterday to a total crash of my system. I was finally able to get back last night via a system restore in safe mode. I restored to the post infection point. I received TrendMicro Titanium for Christmas and had yet to install it. I attempted it last night. It gets 80% installed and system crashed again. I tried everything I knew to do and could not get past the blue screen. I finally did a 2nd system restore this morning. Hopefully I am back to where I was when your last set of instructions came through. I'll run these scans as I can this weekend and we'll go from there. Thanks for your patience!
- Mar 8, 2013
- 22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
Open FRST, and click Fix. Attach me that report after it is finished.
> Re-run zoek with this script and attach here fresh zoek log results.
Open FRST, and click Fix. Attach me that report after it is finished.
> Re-run zoek with this script and attach here fresh zoek log results.
Code:
autoclean;
emptyclsid;
emptyalltemp;Downloaded fixlist and it ran and went to restart. Computer "shutting down" has been on screen for well over an hour. Is this normal?
Never mind previous question. Computer shut down and rebooted. Fixlist file generated.
Never mind previous question. Computer shut down and rebooted. Fixlist file generated.
Last edited:
Scans complete and attached.
May I ask a non-virus related question? In the last set of logs (installed programs) there are several programs that I do not know. Nero being one of them. I had to look it up and have never tried to install that program and it may be that a previous roomate may have done so. There are no Nero icons or exe files anywhere on my system that I can find. There are two Nero files that show up via the windows uninstall in Control Panel. Neither file will uninstall. A click of the uninstall button sets the status wheel in motion, but nothing happens. There are several other programs in that install list that do not appear in the Control Panel/Programs list. Is there any type of 'fix' to clean up the installed programs?
May I ask a non-virus related question? In the last set of logs (installed programs) there are several programs that I do not know. Nero being one of them. I had to look it up and have never tried to install that program and it may be that a previous roomate may have done so. There are no Nero icons or exe files anywhere on my system that I can find. There are two Nero files that show up via the windows uninstall in Control Panel. Neither file will uninstall. A click of the uninstall button sets the status wheel in motion, but nothing happens. There are several other programs in that install list that do not appear in the Control Panel/Programs list. Is there any type of 'fix' to clean up the installed programs?
Similar threads
- Locked
- Locked