After win32.downloader.gen removal

[visionblue]

Hi. I just removed win32.downloader.gen with spybot using administrator priveleges (thanks for that sticky).

But I see that others have said they still have to go into registry or other places looking for remnants or it will resurrect. Do you recommend this? Is there a link to step by step instructions for how to clean up further even after spybot removed it? (I have Vista).

Anything else I should do too - like remove last restore point? (this is something I do very frequently since my hard drive keeps filling up, which may well have been this malware though I haven't seen that listed as a symptom), and/or should I reboot computer? (seems sensible- but dont' want to activate the malware if its still lingering)

I found it surprising that this malware was the only thing of any kind find by spybot, even though its been a while since I've run it. I do now set temp files to erase on exit and other precautions so perhaps that's the reason- or perhaps the malware was hiding something. Spybot did say there were 120 files in use that could not be scanned- part of the malware?

A year ago I had some trojan that ate up disk space as soon as I could clear it. I seemed to remove it succesfully (don't remember its name) but now that hard drive fills up again more qujickly than it should, I wonder if same issue has come back.- in any event, makes me want to search and destroy any remnants to make sure its really gone.

thanks much

[visionblue]

I should have also mentioned I recently connected an external hard drive and copied a small amount of data to it (8 gig) - AND that included some program files as well as files in my dropbox directory (as well as ordinary data). Not sure if anything there can reinfect and if I have to get rid of malware from there too.

[tashi]

Hello visionblue,

To request assistance in this forum the FAQ includes guidelines in post #1 and instructions in post #2 on how to provide the preliminary DDS and aswMBR logs used for analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic providing the logs so a volunteer analyst may advise when available.

Best regards.

[visionblue]

Thanks, but too difficult for a newbie. Some general advice would have been helpful.

[tashi]

Hello visionblue,

Thanks, but too difficult for a newbie. Some general advice would have been helpful.

Volunteer analysts have guided countless users with different levels of computer knowledge.

Anything else I should do too - like remove last restore point? (this is something I do very frequently since my hard drive keeps filling up, which may well have been this malware though I haven't seen that listed as a symptom), and/or should I reboot computer? (seems sensible- but dont' want to activate the malware if its still lingering)

I found it surprising that this malware was the only thing of any kind find by spybot, even though its been a while since I've run it. I do now set temp files to erase on exit and other precautions so perhaps that's the reason- or perhaps the malware was hiding something. Spybot did say there were 120 files in use that could not be scanned- part of the malware?

A year ago I had some trojan that ate up disk space as soon as I could clear it. I seemed to remove it succesfully (don't remember its name) but now that hard drive fills up again more qujickly than it should, I wonder if same issue has come back.- in any event, makes me want to search and destroy any remnants to make sure its really gone.

System Restore-please leave it on until advised

Without hands on the machine advice cannot be given without taking a look at the system, especially when speaking of the registry or the possibility of hidden malware.

Best wishes,