An interesting afternoon without a doubt. a couple of customers got in touch with us today, both of whom with computers evidently corrupted with the recently commonplace win32: malware-gen trojan.
Both customers detailed regular notifications from their anti-malware, Kaspersky and Avast, and of sloth-like, bordering on unusable, computers. The win32: malware-gen virus represents a dangerous attack on the system. In addition to causing sluggish operation, the malware may be used to redirect web searches and to upload backdoors and keyloggers. If left unmitigated, the virus may very well start a full os breakdown.
As usual, I start by uploading the essential diagnostic tools including: Avast, autoruns, ComboFix, OTL, and MalwareBytes. It’s valuable to note that I regularly obtain the most recent versions of these applications ahead of starting up any maintenance.
The first phase involves beginning an OTL analysis. I expect to see that there is a file in the c: windowsinstaller directory. Sure enough, in both scenarios, the OTL log shows corrupted files throughout the c: \windowsinstaller and c: Windowsassembly directories. Moreover, one system contained an corrupted file in the C: Users[USER]AppDataLocal directory. I develop a restoration script and execute an OTL fix for these issues.
Next, I begin a ComboFix scan which analyzes and recovers the services. exe system file. At this time everything seems to be desirable. I carry out one additional analysis of the computer system, with Avast, in order to guarantee no additional malware are left behind. Both computers now run close to perfect. I carry out several “spring cleaning” procedures like adding MalWareBytes and FileHippo update checker. I perform numerous windows updates to one device.