Laptop Infected With W32/Infector.Gen2

D

deadman_uk

[H]ard|Gawd
Joined
Jun 30, 2003
Messages
1,982
A family laptop (which I personally do not use) running Windows 7 is infected with W32/Infector.Gen2 virus/malware. It is making Avira Antivirus go crazy with popups. It keeps saying many dlls and exes have been infected with W32/Infector.Gen2 and asks me to quarantine the files. The odd thing is, these dlls and exes are part of software already installed on the Laptop such as Google Earth, Open Office and Internet Explorer. Of course, when I quarantine these files, the corresponding programs fail to run.

I have ran a full updated scan in safe mode with Avira but this is useless as it says hundreds of files have been infected in programs the laptop has installed (I believe these are false alerts). It also lists many enteries for HMTL/Rce.Gen. I ran Malwarebytes which found several threats but unfortunately the problem is not fixed. I also ran Combofix which found threats too but again, this was not helpful.

Any ideas?
 
nxcess said:
According to the Avira forum, back up and reinstall would be your best options. Those aren't false alearts.
Click to expand...

So 500 or so geniune dlls and exes have been infected? or is the malware just fooling Avira into thinking they are? I found this link which may help, will follow it after I sleep. Threat appears to be called Ramnit
 
Last edited:
open a file view of your windows and system32 folders. view details, add columns date created, date modified. if those files have recent modification dates your system is hosed. if not, a trick I do in the past is to delete every file and every folder created about the time of the infection. lots of stuff you won't be able to delete, but some of those support files, you might cripple the virus, then reboot into safe mode and repeat. something to try before the reformat/reinstall.
 
That's a pretty nasty one, ran across it twice the past month. Required getting the PC booted up in safe mode w/command prompt, at which point I could manually clean out some files, get regedit, and manually launch explorer to get the desktop. I then copied in combofix, SAS, and malwarebytes. Had to rename combofix.exe to combofix.com to run it. SAS has it's own name regenerator to run it, and malwarebytes was able to run after both those scans. The .exe's and .dlls appear to get injected during bootup, but when powered down, and rebooting after cleaning some stuff..they're fine. It's like when it infects them it doesn't save them as infected, only infects running processes. Reformat your USB drive if you use it, as it spreads to attached drives.
 
I will reformat the drive. My mum has a few files that need saving, mainly pictures, are these safe? They are currently on a USB drive. If I reformat the laptop and drag those files back, everything should be ok? Since they aren't dlls or exes.
 
deadman_uk said:
I will reformat the drive. My mum has a few files that need saving, mainly pictures, are these safe? They are currently on a USB drive. If I reformat the laptop and drag those files back, everything should be ok? Since they aren't dlls or exes.
Click to expand...

Scan the USB drive with a few products. Ensure your "rebuilt" machine is fully up to date with Windows and has a quality AV installed that is updated before you insert that USB drive. Scan that USB drive the second it's recognized.
 
YeOldeStonecat said:
Scan the USB drive with a few products. Ensure your "rebuilt" machine is fully up to date with Windows and has a quality AV installed that is updated before you insert that USB drive. Scan that USB drive the second it's recognized.
Click to expand...

Yep, I will do, once I remove this Net Intelligence crap! I use Avira antivirus, I consider this good.
 
Ugh, I have the EXACT same problem as you deadman_uk

One of my relatives laptops (very technologically illiterate), and it has like 520 infections consisting of W32/Infector.Gen2 and HTML/Rce.Gen -_-

I was also wondering what the best thing to do would be since they also want their pictures backed up.. So I guess as long as I reformat, then install an antivirus to scan the USB drive that contains the backup, everything should be fine? :S

Microsoft Essentials should be good enough for this right?

Thanks.
 
leetpyro said:
Ugh, I have the EXACT same problem as you deadman_uk

One of my relatives laptops (very technologically illiterate), and it has like 520 infections consisting of W32/Infector.Gen2 and HTML/Rce.Gen -_-

I was also wondering what the best thing to do would be since they also want their pictures backed up.. So I guess as long as I reformat, then install an antivirus to scan the USB drive that contains the backup, everything should be fine? :S

Microsoft Essentials should be good enough for this right?

Thanks.
Click to expand...

It is my understanding that the threat infects (or pretends to infect) only dll and exe files, so the images should be safe. What I would do in your situation is to reformat the drive, install Windows, download, install and update Malwarebytes and Avira antivirus (or one of your choice). Now transfer the images and scan those files. I don't rate Microsoft Essentials very well.
 
YeOldeStonecat said:
That's a pretty nasty one, ran across it twice the past month. Required getting the PC booted up in safe mode w/command prompt, at which point I could manually clean out some files, get regedit, and manually launch explorer to get the desktop. I then copied in combofix, SAS, and malwarebytes. Had to rename combofix.exe to combofix.com to run it. SAS has it's own name regenerator to run it, and malwarebytes was able to run after both those scans. The .exe's and .dlls appear to get injected during bootup, but when powered down, and rebooting after cleaning some stuff..they're fine. It's like when it infects them it doesn't save them as infected, only infects running processes. Reformat your USB drive if you use it, as it spreads to attached drives.
Click to expand...
You gotta admit, those are the fun ones. I get more joy out of spending a couple hours and having to be creative to beat an infection than being able to start a battery of scans and walk away from something in a few minutes of work.
 
kevinzak said:
You gotta admit, those are the fun ones. I get more joy out of spending a couple hours and having to be creative to beat an infection than being able to start a battery of scans and walk away from something in a few minutes of work.
Click to expand...

Oh I agree with you...yes. Sometimes it gets to be a challenge, I'm like "This won't defeat me....remember, it's all just zeros and ones...I can count higher than that!"

Some of the stubborn machines I've come across, where hours later there's still a few things there, and a voice is telling you "just format it, be done"...but then more voices are "wait, I'll try one more thing!" Pretty soon I'll find I take the computer home from the office..and still be working on it at 10 at night or so. LOL. well, not so much anymore...but once in a while I'll find I'm pouring hours into it because I don't want to throw in the towel and admit defeat. And I'll usually win...I think I've formatted a rig only 2 or 3 times...out of ....wow..a lot.

Being stubborn can eat up so much time though...
 
I usually take the drive out of the laptop, put it into a computer with the updated av software, scan the drive clean it all, then copy over any important data to a folder, then fresh format, not worth cleaning and having lots of headaches afterwards.

j'
 
deadman_uk said:
It is my understanding that the threat infects (or pretends to infect) only dll and exe files, so the images should be safe. What I would do in your situation is to reformat the drive, install Windows, download, install and update Malwarebytes and Avira antivirus (or one of your choice). Now transfer the images and scan those files. I don't rate Microsoft Essentials very well.
Click to expand...

Okay cool, I'll do that.

I was just wondering if Essentials would be better 'cause I have no idea, and Avira was installed on the computer when it got infected :p
 
You must log in or register to reply here.
Back
Top