Virus: Win32.Downloader.gen

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Virus: Win32.Downloader.gen

Post by CountryBoy »

I have the Virus: Win32.Downloader.gen on my computer.

4 points:

1-I regularly scan with updated MS Esssentials and Malwarebytes but neither one is picking it up.
2-Only Spybot identifys it, but it can not delete.
3-When Googled, this virus does not appear to have any easy solution that I can use.
4-My local PC guy will clean it off for ..........$139.

Please advise.

Thank you.

ps: am running Windows 7 with 64 bytes.
User avatar
midareff
Posts: 7711
Joined: Mon Nov 29, 2010 9:43 am
Location: Biscayne Bay, South Florida

Re: Virus: Win32.Downloader.gen

Post by midareff »

Try downloading the AVG 2013 Free version. It is very good and I run it with MS Essentials. Maybe you can get lucky with it.
User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Re: Virus: Win32.Downloader.gen

Post by CountryBoy »

I have heard that running two virus programs on one's machine can cause conflicts and false positives.

I already have one real positive on my hands..............
User avatar
soaring
Posts: 1441
Joined: Sun Nov 18, 2007 8:09 am
Location: North Central Florida

Re: Virus: Win32.Downloader.gen

Post by soaring »

CountryBoy wrote:I have heard that running two virus programs on one's machine can cause conflicts and false positives.

I already have one real positive on my hands..............
you don't actively run two anti-virus programs side by side. But when you download the second program run the search for issues with the new program. If it finds the issue and fixes it then uninstall the program and you will have your original program still there.

It is the same as MS essentials and malwarebytes and spybot. just run the avg search but don't make it your active running antivirus.

edit: by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.
Desiderata
dpc
Posts: 456
Joined: Sat Aug 27, 2011 1:41 pm

Re: Virus: Win32.Downloader.gen

Post by dpc »

You might check out www.emsisoft.com. They sell malware and virus protection software, but also have several products that you can download as 14 or 30 day trial versions. They also have a support forum that provides free help for people with infected computers. They were helpful in getting rid of a particularly nasty bit of malware that had infected on of our PCs.

No affiliation with this company.
"Worrying is like paying interest on a debt that you might never owe" -- Will Rogers
User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Re: Virus: Win32.Downloader.gen

Post by CountryBoy »

Turns out Spybot produced a false positive with that result.
Tom_T
Posts: 4836
Joined: Wed Aug 29, 2007 2:33 pm

Re: Virus: Win32.Downloader.gen

Post by Tom_T »

CountryBoy wrote:Turns out Spybot produced a false positive with that result.
Please do not use Spybot. That program stopped being effective years ago. There are plenty of other free programs you can use (AVG, Microsoft Security Essentials to name a couple.)
Pacific
Posts: 1609
Joined: Tue Mar 06, 2007 7:19 pm
Location: Lost in the middle of the Pacific

Re: Virus: Win32.Downloader.gen

Post by Pacific »

User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Re: Virus: Win32.Downloader.gen

Post by CountryBoy »

Tom_T: Please do not use Spybot.
Yes I uninstalled it.

Are there other AV pgms that are worthless?

Check out this list for what the different programs do:
http://en.wikipedia.org/wiki/Comparison ... s_software

If you do a quick review, that graphic re the last column and what country owns what company you get something that looks like this:
anti virus companies

Kaspersky - Russia
Symantec- white lists for fbi
avast-czech republic
avg-czech republic
avira-germany
avSoft-india
dr. web-russia
nano-russia
rising-China
panda-spain
trend-japan

Some people could say that the people in the west are paying companies in the east for computer protection. Are they right?
pheleven
Posts: 49
Joined: Wed Feb 20, 2013 12:56 pm

Re: Virus: Win32.Downloader.gen

Post by pheleven »

soaring wrote:... by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.
This is absolutely not true. I suggest avoiding them if at all possible. Always download from the source of the program if at all possible.

http://insecure.org/news/download-com-fiasco.html (they are not the only ones who complained... cnet has improved some after much egg on their face but still attempt to install crapware sometimes)

On a side note, we've been getting large numbers of malware infections from people searching for program installers on google (7-zip, safari, firefox, etc) and clicking the first link (a google ad) which claims to be the download source. It's not, it's a malware laden downloader, which may or may not also install the program you wanted. It's actually really peeving me at Google how bad this has been lately.

Do not run 2 active A/V programs at once. Running scans with multiple is fine, but it is not a good plan to run two active scanners at the same time. In fact you need to disable your active scanner when you run the second one-time scan (if you choose to do this).

While you can discuss the merits of any given A/V till you're blue in the face, MS Essentials is fine. It wont catch everything, just like AVG wont (which installs essentially malware search bars itself), and every other option wont either. Other options if you have something showing that the programs don't want to remove, Microsoft Standalone System Sweeper (offline scanner), and ComboFix (don't use unless other options are failing, it can break things pretty bad).

Paying attention to where you go and what you click on is the best defense.
User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Re: Virus: Win32.Downloader.gen

Post by CountryBoy »

Re: Virus: Win32.Downloader.gen

Unread postby pheleven » Wed Mar 06, 2013 3:39 pm

soaring wrote:... by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.

This is absolutely not true. I suggest avoiding them if at all possible. Always download from the source of the program if at all possible.
My Virus: Win32.Downloader.gen showed up soon after downloading IE10 from CNET.
pheleven
Posts: 49
Joined: Wed Feb 20, 2013 12:56 pm

Re: Virus: Win32.Downloader.gen

Post by pheleven »

CountryBoy wrote:My Virus: Win32.Downloader.gen showed up soon after downloading IE10 from CNET.
They usually install things that are simply advertising related and not truely hostile - or at least not trying to steal information or damage your computer/files. With the very generic name, it's possible the detection is against something CNET installed.

I should probaly clarify that I will download things from download.com if I simply can't find it anywhere reputable - by all means get it from download.com if the only other option is a search engine ad link, just make sure you uncheck every box that says I want X crapware you can and uninstall any cool toolbars and whatnot that it comes with.
User avatar
soaring
Posts: 1441
Joined: Sun Nov 18, 2007 8:09 am
Location: North Central Florida

Re: Virus: Win32.Downloader.gen

Post by soaring »

pheleven wrote:
soaring wrote:... by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.
This is absolutely not true. I suggest avoiding them if at all possible. Always download from the source of the program if at all possible.

http://insecure.org/news/download-com-fiasco.html (they are not the only ones who complained... cnet has improved some after much egg on their face but still attempt to install crapware sometimes)

On a side note, we've been getting large numbers of malware infections from people searching for program installers on google (7-zip, safari, firefox, etc) and clicking the first link (a google ad) which claims to be the download source. It's not, it's a malware laden downloader, which may or may not also install the program you wanted. It's actually really peeving me at Google how bad this has been lately.

Do not run 2 active A/V programs at once. Running scans with multiple is fine, but it is not a good plan to run two active scanners at the same time. In fact you need to disable your active scanner when you run the second one-time scan (if you choose to do this).

While you can discuss the merits of any given A/V till you're blue in the face, MS Essentials is fine. It wont catch everything, just like AVG wont (which installs essentially malware search bars itself), and every other option wont either. Other options if you have something showing that the programs don't want to remove, Microsoft Standalone System Sweeper (offline scanner), and ComboFix (don't use unless other options are failing, it can break things pretty bad).

Paying attention to where you go and what you click on is the best defense.
WOW! Thank You. I've used them for years. Live and learn.
Desiderata
User avatar
Toons
Posts: 14467
Joined: Fri Nov 21, 2008 9:20 am
Location: Hills of Tennessee

Re: Virus: Win32.Downloader.gen

Post by Toons »

I have removed quite a few viruses from computers including my own over the years.Sometimes as a last resort after working with a difficult virus removal I have restored the computer to factory default settings.
Below are a various steps you can try to assist you hope
they are useful. I have never paid someone to remove a virus. I would rather restore computer to original factory settings than pay someone(personal preference)

Reboot computer into Safe Mode with Networking
http://windows.microsoft.com/en-us/wind ... -safe-mode

Run Malwarebytes in Safe Mode.
See it it finds the virus
Run Your Antivirus Program in Safe Mode
Restart computer.
Other useful tools:

Kaspersky -rootkit utility -Download and run
http://support.kaspersky.com/5350

Trend Micro House Call-free online virus scan
http://housecall.trendmicro.com/

:happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
User avatar
LadyGeek
Site Admin
Posts: 95686
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Virus: Win32.Downloader.gen

Post by LadyGeek »

CountryBoy wrote:My Virus: Win32.Downloader.gen showed up soon after downloading IE10 from CNET.
Exactly the point of this thread. Only get software direct from the developer: Internet Explorer - Microsoft Windows

This is also a good time to see what's running at start-up. Here's another freeware utility I use: CCleaner, but you need to be tech-savvy to use it.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Re: Virus: Win32.Downloader.gen

Post by CountryBoy »

LadyGeek..
Here's another freeware utility I use: CCleaner, but you need to be tech-savvy to use it.
Gulp!!! I have just run it and deleted.
Should I be doing something more thoughtfully in the process? I use it as I would the scandisk and defrag utility,etc.
User avatar
jeffyscott
Posts: 13484
Joined: Tue Feb 27, 2007 8:12 am

Re: Virus: Win32.Downloader.gen

Post by jeffyscott »

pheleven wrote:
soaring wrote:... by the way I always download from http://www.download.com which is cnet. they verify no spyware with downloads.
This is absolutely not true. I suggest avoiding them if at all possible. Always download from the source of the program if at all possible.

http://insecure.org/news/download-com-fiasco.html (they are not the only ones who complained... cnet has improved some after much egg on their face but still attempt to install crapware sometimes)
I have used the cnet site also, because of their supposed screening, then I recently had a program that took over browser with something called "claro search". I had thought this was maybe an isolated problem, I did not realize it and similar crap is, instead, now basically a feature of downloading from there. Thanks for the information.
User avatar
bru
Posts: 1013
Joined: Fri Jul 23, 2010 6:32 pm

Re: Virus: Win32.Downloader.gen

Post by bru »

Toons wrote:Other useful tools:

Kaspersky -rootkit utility -Download and run
http://support.kaspersky.com/5350

Trend Micro House Call-free online virus scan
http://housecall.trendmicro.com/

:happy
Good tutorial. If still infected there are several other One Time On Demand scanners to try as well:

Bit Defender
Eset
Hitman Pro
Microsoft Safety Scanner
Comodo Cleaning essentials

to name a few.
User avatar
Toons
Posts: 14467
Joined: Fri Nov 21, 2008 9:20 am
Location: Hills of Tennessee

Re: Virus: Win32.Downloader.gen

Post by Toons »

bru wrote:
Toons wrote:Other useful tools:

Kaspersky -rootkit utility -Download and run
http://support.kaspersky.com/5350

Trend Micro House Call-free online virus scan
http://housecall.trendmicro.com/

:happy
Good tutorial. If still infected there are several other One Time On Demand scanners to try as well:

Bit Defender
Eset
Hitman Pro
Microsoft Safety Scanner
Comodo Cleaning essentials

to name a few.
Good idea,keep working with different scanners to eliminate a stubborn virus,sometimes over and over
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
User avatar
LadyGeek
Site Admin
Posts: 95686
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Virus: Win32.Downloader.gen

Post by LadyGeek »

CountryBoy wrote:
LadyGeek..
Here's another freeware utility I use: CCleaner, but you need to be tech-savvy to use it.
Gulp!!! I have just run it and deleted.
Should I be doing something more thoughtfully in the process? I use it as I would the scandisk and defrag utility,etc.
OK, then don't worry about it. I don't want to make this more complicated than it already is (based on what you are comfortable handling). It doesn't do anything special that you can't do by another way, except clean out the registry, which is probably OK to leave alone.

Let's keep this simple and use what you already have (built into Windows). Before you run scandisk and defrag, clean out the temporary (unused, unneeded) files. See: Delete files using Disk Cleanup. There's no need to use any additional software, it's guaranteed to work, and you have the full support of Microsoft behind it.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
NateW
Posts: 449
Joined: Tue Feb 23, 2010 10:44 am

Re: Virus: Win32.Downloader.gen

Post by NateW »

If the virus is active, i.e., if the executable file is running, the AV software and Malwarebytes can't remove it. It must be stopped first. Simply stopping the process in Task Manager usually won't do it. You can run a freeware called "Rkill" to stop the process and then Malwarebytes can remove it.

http://www.bleepingcomputer.com/download/rkill/

Lot's more great stuff here:

http://www.bleepingcomputer.com/virus-removal/

And Autoruns (freeware) can tell you what is running on start-up and you can control what runs and not (don't change anything you are unsure of because you can prevent your computer from booting up):

http://technet.microsoft.com/en-us/sysi ... 63902.aspx

--Nate
User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Re: Virus: Win32.Downloader.gen

Post by CountryBoy »

Just a reminder here:
Postby CountryBoy » Wed Mar 06, 2013 9:15 am
Turns out Spybot produced a false positive with that result.
All is fine now.

The consultant ran Kaspersky and Hitman Pro and neither turned up anything; so, we are calling it a false positive and deleting Spybot.

However, please tell me how I should be using CCleaner! I need to know; please! Please? Usually I just update it and let it delete whatever it wants...who am I to argue with it?

I am currently using MS Essentials and Malwarebytes with diskcan and defrag from time to time.
User avatar
LadyGeek
Site Admin
Posts: 95686
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Virus: Win32.Downloader.gen

Post by LadyGeek »

OK, I thought you had some problems with CCleaner. Go to CCleaner - Screenshots:

1. In the Cleaner menu, click on the Analyze button then Run Cleaner. That takes care of the temporary files. Don't change any of the checkboxes, the default settings are fine.
2. In the Registry menu, click on Scan for Issues, then Fix selected issues... It will ask if you want the registry backed up first. Say "Yes" (I say "No" - but that's me). The registry is cleaned.
3. In the Tools menu, click on Startup (5th screenshot down from the top). Here is where you find the programs which run on startup. I have everything disabled (or deleted) except for MS security essentials. The hard part is knowing which is bloatware. Usually, you'll find a ton of stuff running that you didn't know existed. Disable with care, which is why I was being cautious on knowing what to do.

The other menus, Uninstall and System Restore, are convenient versions of the built-in Windows utilities. I use the Uninstall menu all the time, haven't tried their System Restore (I use Windows for that).

In the Tools --> Uninstall menu, take a look and see if there's anything that can be removed. This is another area to be careful.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Re: Virus: Win32.Downloader.gen

Post by CountryBoy »

Ok LadyGeek; I ran it as you suggested.

This is a pic of my Start Menu but I don't see any MS Essentials starting up on it.

I have taken a picture of it...but when I try to post it, the error code I get says:
"It was not possible to determine the dimensions of the image."

CCleaner StartUp Pgms

How do I determine the dimensions for the code so I can post it?

Thanks.

Gulp!!! LadyGeek fixed it; that was fast and appreciated!!! - Sorry, I had to put the link back. See my post below. -- admin LadyGeek
Last edited by CountryBoy on Wed Mar 06, 2013 9:01 pm, edited 2 times in total.
User avatar
mike143
Posts: 1332
Joined: Thu Feb 02, 2012 7:55 pm

Re: Virus: Win32.Downloader.gen

Post by mike143 »

This usually knocks out 80% of infected computers: dslreports.com: Security Cleanup FAQ: Help - I'm Infected!: Mandatory Steps Before Requesting Assistance

From there a google search and knowing with forums have competent helpers gets the rest. Never had to request help just read through someone else help thread. There are people that do this all day long, no reason in reinventing the wheel.

The last computer I cleaned up gotten malware that filled the entire hard drive with tiny files it took more than 24 hours to delete all those tiny files. Before I could delete the files I first had to stop the malware from shutting down the machine after one minute, even in safe mode. For me the common theme of infected computers is lack of updates. This is a program I put on peoples personal computers to help with updating: secunia.com: Personal Software Inspector
Nothing is free, someone pays...You can't spend your way to financial freedom.
User avatar
LadyGeek
Site Admin
Posts: 95686
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Virus: Win32.Downloader.gen

Post by LadyGeek »

CountryBoy wrote:How do I determine the dimensions for the code so I can post it?
Sorry, I had the image there, but had to remove it. The FAQ for flikr states that direct links to images are not permitted. So, I put the link back.

Here's how to do it, but we need to follow the website policy: Click on the image, which goes into a preview mode. In the upper right corner is "View all sizes" - then you get the links to the images. You also get a message why the photo file links are gone. See: Flickr: Help: Photos
======================

Houston, we have a problem. There are a few things that could probably be removed, but do no harm to keep. Except for the one called "Conduit Search protect" - that's malware, it's hijacking your browser's search toolbar and home page settings. Google for conduit search protect - Google Search and you'll see nothing but suggestions to get rid of it. I don't know if any of the malware programs will take care of this for you, but it could explain a few problems that you've recently had.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Re: Virus: Win32.Downloader.gen

Post by CountryBoy »

LadyGeek,
Many thanks for the always quick and comprehensive answers.
I will work on this tomorrow and report back to everyone re my efforts to delete the problem software.
Again, thanks.
country boy
User avatar
Topic Author
CountryBoy
Posts: 1777
Joined: Wed Feb 28, 2007 9:21 am
Location: NY

Re: Virus: Win32.Downloader.gen

Post by CountryBoy »

Ok so I deleted it and all seems fine ..........for the moment.

My sincere thanks to LadyGeek and everyone for the very patient and persistant guidance. Greatly appreciate!

Let this be a lesson to all.............Never down load from CNET...never, never, never; and of course don't use Spybot, ever, ever, ever.

Thank you.
Post Reply