View Full Version : Needing Help with Win32:Malware-gen
gigglepot
2015-01-26, 03:58
Hello, I was on here before and someone named OCD helped me marvelously! Now I have another problem, my son is trying to play War Thunder and for the first time, it will not load, my antivirus says a threat was detected and won't let him play the game (above in the Title line). If we hit "play" anyway, another error comes up saying "Windows cannot find aces.exe. Make sure you type the name correctly and then try again". We're not typing any name, just clicking on "play". So I thought to run all my anti-everything software, I ran Spybot, Malwarebytes, SuperAntiSpyware and SpyWare Blaster.....still not able to play the game, still the same error message comes up and won't let us play, even though my antivirus says it's been "deleted". Please help me, what do I do? I don't know how to go behind the scenes like OCD was helping me with all the log files. I don't even know what I did wrong, or how this even got into my computer. Should I just delete War Thunder and reinstall (it takes about 16 hours to install). I would greatly appreciate some help when you get some time. Thank you so much :o)
Hi gigglepot,
Did any of the scans you did find any malware?
Have you tried disabling your anti-virus program and see if the program will start?
Is this software a download or does it load from a CD?
gigglepot
2015-01-26, 15:34
Hi OCD! Thank you for taking my post!
When I ran all the software, nothing came up for Spybot, MalwareBytes or the Windows Scan. When I ran the SpyWare Blaster, about 45 items were not protected so I just clicked "enable all protection". When I ran SuperAnti Spyware, I got about 110 items under "Ad cookies" and I just deleted them all. When I ran AdWCleaner, I got a few things under each tab but I didn't delete any of them because I didn't know if I should or not. Although, nothing seemed bad in them and it for sure wasn't the Win32:Malware-gen. So having said all that, of course I shut down the computer and went to bed last night, this morning I start up the computer, try to run War Thunder and it's working fine! I don't get it! It does not run from a CD, it was originally downloaded online and when you play it, you just connect online to the game. Is it possible that it was just a glitch in War Thunder and all it needed was a computer reboot?
Hi gigglepot,
Yes, it's very possible all it needed was a reboot.
I'll leave the thread open a few days in case you have any additional questions.
You can post the AdwCleaner log you generated and I'll have a look and see if there is anything that needs removal.
gigglepot
2015-01-26, 21:54
Here is the AdwCleaner log I ran:
# AdwCleaner v4.109 - Report created 26/01/2015 at 12:51:22
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\ProgramData\e13406c655b61ee0
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC1B0DA3-6867-45AE-80BB-F8666CF8B271}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC1B0DA3-6867-45AE-80BB-F8666CF8B271}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16599
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
-\\ Mozilla Firefox v35.0 (x86 en-US)
[mwu17sic.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://ca.yhs4.search.yahoo.com/yhs/search");
[mwu17sic.default] - Line Found : user_pref("keyword.URL", "hxxp://ca.yhs4.search.yahoo.com/yhs/search");
-\\ Google Chrome v40.0.2214.91
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://ca.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
-\\ Comodo Dragon v
-\\ Chrome Canary v
*************************
AdwCleaner[R0].txt - [25799 octets] - [06/06/2014 10:38:42]
AdwCleaner[R10].txt - [2183 octets] - [04/09/2014 10:30:03]
AdwCleaner[R11].txt - [3059 octets] - [11/09/2014 08:33:09]
AdwCleaner[R12].txt - [3514 octets] - [18/09/2014 12:30:11]
AdwCleaner[R13].txt - [2767 octets] - [23/10/2014 11:36:22]
AdwCleaner[R14].txt - [4049 octets] - [25/01/2015 18:04:39]
AdwCleaner[R15].txt - [3996 octets] - [26/01/2015 06:30:13]
AdwCleaner[R16].txt - [2764 octets] - [26/01/2015 12:51:22]
AdwCleaner[R1].txt - [25860 octets] - [06/06/2014 10:52:12]
AdwCleaner[R2].txt - [25921 octets] - [10/06/2014 12:36:30]
AdwCleaner[R3].txt - [1832 octets] - [26/06/2014 10:55:51]
AdwCleaner[R4].txt - [1298 octets] - [26/06/2014 11:55:33]
AdwCleaner[R5].txt - [1358 octets] - [03/07/2014 08:31:13]
AdwCleaner[R6].txt - [1752 octets] - [18/07/2014 06:01:12]
AdwCleaner[R7].txt - [1668 octets] - [24/07/2014 19:06:18]
AdwCleaner[R8].txt - [2264 octets] - [14/08/2014 18:28:12]
AdwCleaner[R9].txt - [4323 octets] - [28/08/2014 08:36:30]
AdwCleaner[S0].txt - [25242 octets] - [10/06/2014 12:39:26]
AdwCleaner[S1].txt - [1870 octets] - [26/06/2014 10:58:38]
AdwCleaner[S2].txt - [1826 octets] - [18/07/2014 06:09:45]
AdwCleaner[S3].txt - [1736 octets] - [24/07/2014 19:16:56]
AdwCleaner[S4].txt - [2295 octets] - [14/08/2014 18:57:15]
AdwCleaner[S5].txt - [4476 octets] - [28/08/2014 08:54:31]
AdwCleaner[S6].txt - [2251 octets] - [04/09/2014 10:32:52]
AdwCleaner[S7].txt - [3189 octets] - [11/09/2014 08:35:31]
AdwCleaner[S8].txt - [3479 octets] - [18/09/2014 13:05:04]
AdwCleaner[S9].txt - [2804 octets] - [23/10/2014 11:40:20]
########## EOF - C:\AdwCleaner\AdwCleaner[R16].txt - [3968 octets] ##########
Hi gigglepot,
I take it you use some form of Coupon printing software. If that is the case, then don't remove the four (4) entries on the Files/Folders tab related to it. The reason they are flagged is because the coupon printing software sometimes has 3rd party add-on "stuff" attached to it.
You should be fine removing everything else listed on all the other tabs.
Just re-run AdwCleaner in scan mode, view each tab and make sure the entries you want to remove are selected, then choose clean.
Post the log it creates.
In your next post please provide the following:
AdwCleaner.txt log
Any other issues?
Hi gigglepot,
Just checking in to see if you still need help?
This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.
If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.