Page 1 of 1

Virus: Win32.Downloader.gen

Posted: Tue Mar 05, 2013 7:57 am
by CountryBoy
I have the Virus: Win32.Downloader.gen on my computer.

4 points:

1-I regularly scan with updated MS Esssentials and Malwarebytes but neither one is picking it up.
2-Only Spybot identifys it, but it can not delete.
3-When Googled, this virus does not appear to have any easy solution that I can use.
4-My local PC guy will clean it off for ..........$139.

Please advise.

Thank you.

ps: am running Windows 7 with 64 bytes.

Re: Virus: Win32.Downloader.gen

Posted: Tue Mar 05, 2013 8:08 am
by midareff
Try downloading the AVG 2013 Free version. It is very good and I run it with MS Essentials. Maybe you can get lucky with it.

Re: Virus: Win32.Downloader.gen

Posted: Tue Mar 05, 2013 10:28 am
by CountryBoy
I have heard that running two virus programs on one's machine can cause conflicts and false positives.

I already have one real positive on my hands..............

Re: Virus: Win32.Downloader.gen

Posted: Tue Mar 05, 2013 10:53 am
by soaring
CountryBoy wrote:I have heard that running two virus programs on one's machine can cause conflicts and false positives.

I already have one real positive on my hands..............
you don't actively run two anti-virus programs side by side. But when you download the second program run the search for issues with the new program. If it finds the issue and fixes it then uninstall the program and you will have your original program still there.

It is the same as MS essentials and malwarebytes and spybot. just run the avg search but don't make it your active running antivirus.

edit: by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.

Re: Virus: Win32.Downloader.gen

Posted: Tue Mar 05, 2013 10:58 am
by dpc
You might check out www.emsisoft.com. They sell malware and virus protection software, but also have several products that you can download as 14 or 30 day trial versions. They also have a support forum that provides free help for people with infected computers. They were helpful in getting rid of a particularly nasty bit of malware that had infected on of our PCs.

No affiliation with this company.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 8:15 am
by CountryBoy
Turns out Spybot produced a false positive with that result.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 12:54 pm
by Tom_T
CountryBoy wrote:Turns out Spybot produced a false positive with that result.
Please do not use Spybot. That program stopped being effective years ago. There are plenty of other free programs you can use (AVG, Microsoft Security Essentials to name a couple.)

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 1:08 pm
by Pacific

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 1:36 pm
by CountryBoy
Tom_T: Please do not use Spybot.
Yes I uninstalled it.

Are there other AV pgms that are worthless?

Check out this list for what the different programs do:
http://en.wikipedia.org/wiki/Comparison ... s_software

If you do a quick review, that graphic re the last column and what country owns what company you get something that looks like this:
anti virus companies

Kaspersky - Russia
Symantec- white lists for fbi
avast-czech republic
avg-czech republic
avira-germany
avSoft-india
dr. web-russia
nano-russia
rising-China
panda-spain
trend-japan

Some people could say that the people in the west are paying companies in the east for computer protection. Are they right?

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 2:39 pm
by pheleven
soaring wrote:... by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.
This is absolutely not true. I suggest avoiding them if at all possible. Always download from the source of the program if at all possible.

http://insecure.org/news/download-com-fiasco.html (they are not the only ones who complained... cnet has improved some after much egg on their face but still attempt to install crapware sometimes)

On a side note, we've been getting large numbers of malware infections from people searching for program installers on google (7-zip, safari, firefox, etc) and clicking the first link (a google ad) which claims to be the download source. It's not, it's a malware laden downloader, which may or may not also install the program you wanted. It's actually really peeving me at Google how bad this has been lately.

Do not run 2 active A/V programs at once. Running scans with multiple is fine, but it is not a good plan to run two active scanners at the same time. In fact you need to disable your active scanner when you run the second one-time scan (if you choose to do this).

While you can discuss the merits of any given A/V till you're blue in the face, MS Essentials is fine. It wont catch everything, just like AVG wont (which installs essentially malware search bars itself), and every other option wont either. Other options if you have something showing that the programs don't want to remove, Microsoft Standalone System Sweeper (offline scanner), and ComboFix (don't use unless other options are failing, it can break things pretty bad).

Paying attention to where you go and what you click on is the best defense.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 2:50 pm
by CountryBoy
Re: Virus: Win32.Downloader.gen

Unread postby pheleven » Wed Mar 06, 2013 3:39 pm

soaring wrote:... by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.

This is absolutely not true. I suggest avoiding them if at all possible. Always download from the source of the program if at all possible.
My Virus: Win32.Downloader.gen showed up soon after downloading IE10 from CNET.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 3:00 pm
by pheleven
CountryBoy wrote:My Virus: Win32.Downloader.gen showed up soon after downloading IE10 from CNET.
They usually install things that are simply advertising related and not truely hostile - or at least not trying to steal information or damage your computer/files. With the very generic name, it's possible the detection is against something CNET installed.

I should probaly clarify that I will download things from download.com if I simply can't find it anywhere reputable - by all means get it from download.com if the only other option is a search engine ad link, just make sure you uncheck every box that says I want X crapware you can and uninstall any cool toolbars and whatnot that it comes with.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 3:47 pm
by soaring
pheleven wrote:
soaring wrote:... by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.
This is absolutely not true. I suggest avoiding them if at all possible. Always download from the source of the program if at all possible.

http://insecure.org/news/download-com-fiasco.html (they are not the only ones who complained... cnet has improved some after much egg on their face but still attempt to install crapware sometimes)

On a side note, we've been getting large numbers of malware infections from people searching for program installers on google (7-zip, safari, firefox, etc) and clicking the first link (a google ad) which claims to be the download source. It's not, it's a malware laden downloader, which may or may not also install the program you wanted. It's actually really peeving me at Google how bad this has been lately.

Do not run 2 active A/V programs at once. Running scans with multiple is fine, but it is not a good plan to run two active scanners at the same time. In fact you need to disable your active scanner when you run the second one-time scan (if you choose to do this).

While you can discuss the merits of any given A/V till you're blue in the face, MS Essentials is fine. It wont catch everything, just like AVG wont (which installs essentially malware search bars itself), and every other option wont either. Other options if you have something showing that the programs don't want to remove, Microsoft Standalone System Sweeper (offline scanner), and ComboFix (don't use unless other options are failing, it can break things pretty bad).

Paying attention to where you go and what you click on is the best defense.
WOW! Thank You. I've used them for years. Live and learn.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 4:25 pm
by Toons
I have removed quite a few viruses from computers including my own over the years.Sometimes as a last resort after working with a difficult virus removal I have restored the computer to factory default settings.
Below are a various steps you can try to assist you hope
they are useful. I have never paid someone to remove a virus. I would rather restore computer to original factory settings than pay someone(personal preference)

Reboot computer into Safe Mode with Networking
http://windows.microsoft.com/en-us/wind ... -safe-mode

Run Malwarebytes in Safe Mode.
See it it finds the virus
Run Your Antivirus Program in Safe Mode
Restart computer.
Other useful tools:

Kaspersky -rootkit utility -Download and run
http://support.kaspersky.com/5350

Trend Micro House Call-free online virus scan
http://housecall.trendmicro.com/

:happy

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 4:35 pm
by LadyGeek
CountryBoy wrote:My Virus: Win32.Downloader.gen showed up soon after downloading IE10 from CNET.
Exactly the point of this thread. Only get software direct from the developer: Internet Explorer - Microsoft Windows

This is also a good time to see what's running at start-up. Here's another freeware utility I use: CCleaner, but you need to be tech-savvy to use it.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 4:43 pm
by CountryBoy
LadyGeek..
Here's another freeware utility I use: CCleaner, but you need to be tech-savvy to use it.
Gulp!!! I have just run it and deleted.
Should I be doing something more thoughtfully in the process? I use it as I would the scandisk and defrag utility,etc.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 5:26 pm
by jeffyscott
pheleven wrote:
soaring wrote:... by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.
This is absolutely not true. I suggest avoiding them if at all possible. Always download from the source of the program if at all possible.

http://insecure.org/news/download-com-fiasco.html (they are not the only ones who complained... cnet has improved some after much egg on their face but still attempt to install crapware sometimes)
I have used the cnet site also, because of their supposed screening, then I recently had a program that took over browser with something called "claro search". I had thought this was maybe an isolated problem, I did not realize it and similar crap is, instead, now basically a feature of downloading from there. Thanks for the information.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 5:57 pm
by bru
Toons wrote:Other useful tools:

Kaspersky -rootkit utility -Download and run
http://support.kaspersky.com/5350

Trend Micro House Call-free online virus scan
http://housecall.trendmicro.com/

:happy
Good tutorial. If still infected there are several other One Time On Demand scanners to try as well:

Bit Defender
Eset
Hitman Pro
Microsoft Safety Scanner
Comodo Cleaning essentials

to name a few.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 6:35 pm
by Toons
bru wrote:
Toons wrote:Other useful tools:

Kaspersky -rootkit utility -Download and run
http://support.kaspersky.com/5350

Trend Micro House Call-free online virus scan
http://housecall.trendmicro.com/

:happy
Good tutorial. If still infected there are several other One Time On Demand scanners to try as well:

Bit Defender
Eset
Hitman Pro
Microsoft Safety Scanner
Comodo Cleaning essentials

to name a few.
Good idea,keep working with different scanners to eliminate a stubborn virus,sometimes over and over

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 6:55 pm
by LadyGeek
CountryBoy wrote:
LadyGeek..
Here's another freeware utility I use: CCleaner, but you need to be tech-savvy to use it.
Gulp!!! I have just run it and deleted.
Should I be doing something more thoughtfully in the process? I use it as I would the scandisk and defrag utility,etc.
OK, then don't worry about it. I don't want to make this more complicated than it already is (based on what you are comfortable handling). It doesn't do anything special that you can't do by another way, except clean out the registry, which is probably OK to leave alone.

Let's keep this simple and use what you already have (built into Windows). Before you run scandisk and defrag, clean out the temporary (unused, unneeded) files. See: Delete files using Disk Cleanup. There's no need to use any additional software, it's guaranteed to work, and you have the full support of Microsoft behind it.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 6:59 pm
by NateW
If the virus is active, i.e., if the executable file is running, the AV software and Malwarebytes can't remove it. It must be stopped first. Simply stopping the process in Task Manager usually won't do it. You can run a freeware called "Rkill" to stop the process and then Malwarebytes can remove it.

http://www.bleepingcomputer.com/download/rkill/

Lot's more great stuff here:

http://www.bleepingcomputer.com/virus-removal/

And Autoruns (freeware) can tell you what is running on start-up and you can control what runs and not (don't change anything you are unsure of because you can prevent your computer from booting up):

http://technet.microsoft.com/en-us/sysi ... 63902.aspx

--Nate

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 7:13 pm
by CountryBoy
Just a reminder here:
Postby CountryBoy » Wed Mar 06, 2013 9:15 am
Turns out Spybot produced a false positive with that result.
All is fine now.

The consultant ran Kaspersky and Hitman Pro and neither turned up anything; so, we are calling it a false positive and deleting Spybot.

However, please tell me how I should be using CCleaner! I need to know; please! Please? Usually I just update it and let it delete whatever it wants...who am I to argue with it?

I am currently using MS Essentials and Malwarebytes with diskcan and defrag from time to time.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 7:47 pm
by LadyGeek
OK, I thought you had some problems with CCleaner. Go to CCleaner - Screenshots:

1. In the Cleaner menu, click on the Analyze button then Run Cleaner. That takes care of the temporary files. Don't change any of the checkboxes, the default settings are fine.
2. In the Registry menu, click on Scan for Issues, then Fix selected issues... It will ask if you want the registry backed up first. Say "Yes" (I say "No" - but that's me). The registry is cleaned.
3. In the Tools menu, click on Startup (5th screenshot down from the top). Here is where you find the programs which run on startup. I have everything disabled (or deleted) except for MS security essentials. The hard part is knowing which is bloatware. Usually, you'll find a ton of stuff running that you didn't know existed. Disable with care, which is why I was being cautious on knowing what to do.

The other menus, Uninstall and System Restore, are convenient versions of the built-in Windows utilities. I use the Uninstall menu all the time, haven't tried their System Restore (I use Windows for that).

In the Tools --> Uninstall menu, take a look and see if there's anything that can be removed. This is another area to be careful.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 8:38 pm
by CountryBoy
Ok LadyGeek; I ran it as you suggested.

This is a pic of my Start Menu but I don't see any MS Essentials starting up on it.

I have taken a picture of it...but when I try to post it, the error code I get says:
"It was not possible to determine the dimensions of the image."

CCleaner StartUp Pgms

How do I determine the dimensions for the code so I can post it?

Thanks.

Gulp!!! LadyGeek fixed it; that was fast and appreciated!!! - Sorry, I had to put the link back. See my post below. -- admin LadyGeek

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 8:53 pm
by mike143
This usually knocks out 80% of infected computers: dslreports.com: Security Cleanup FAQ: Help - I'm Infected!: Mandatory Steps Before Requesting Assistance

From there a google search and knowing with forums have competent helpers gets the rest. Never had to request help just read through someone else help thread. There are people that do this all day long, no reason in reinventing the wheel.

The last computer I cleaned up gotten malware that filled the entire hard drive with tiny files it took more than 24 hours to delete all those tiny files. Before I could delete the files I first had to stop the malware from shutting down the machine after one minute, even in safe mode. For me the common theme of infected computers is lack of updates. This is a program I put on peoples personal computers to help with updating: secunia.com: Personal Software Inspector

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 9:05 pm
by LadyGeek
CountryBoy wrote:How do I determine the dimensions for the code so I can post it?
Sorry, I had the image there, but had to remove it. The FAQ for flikr states that direct links to images are not permitted. So, I put the link back.

Here's how to do it, but we need to follow the website policy: Click on the image, which goes into a preview mode. In the upper right corner is "View all sizes" - then you get the links to the images. You also get a message why the photo file links are gone. See: Flickr: Help: Photos
======================

Houston, we have a problem. There are a few things that could probably be removed, but do no harm to keep. Except for the one called "Conduit Search protect" - that's malware, it's hijacking your browser's search toolbar and home page settings. Google for conduit search protect - Google Search and you'll see nothing but suggestions to get rid of it. I don't know if any of the malware programs will take care of this for you, but it could explain a few problems that you've recently had.

Re: Virus: Win32.Downloader.gen

Posted: Wed Mar 06, 2013 9:47 pm
by CountryBoy
LadyGeek,
Many thanks for the always quick and comprehensive answers.
I will work on this tomorrow and report back to everyone re my efforts to delete the problem software.
Again, thanks.
country boy

Re: Virus: Win32.Downloader.gen

Posted: Thu Mar 07, 2013 12:03 pm
by CountryBoy
Ok so I deleted it and all seems fine ..........for the moment.

My sincere thanks to LadyGeek and everyone for the very patient and persistant guidance. Greatly appreciate!

Let this be a lesson to all.............Never down load from CNET...never, never, never; and of course don't use Spybot, ever, ever, ever.

Thank you.