• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos1

win32.downloader.gen

I seem to be afflicted by a trojan/virus. It comes up in Spybot as win32.downloader.gen, and Spybot cannot remove. I am using Norton Internet Security 19.9.1.14 fully updated, and the quick scan shows nothing, I am still running a full scan. I was also recently afflicted by opt_content[1].js. These problems appear to stem from a download from CNET (who I usually trust) of Harry's Photo Filters, which also installed a bunch of crap into my browsers. So far there is no record of this threat on Norton. A search of the community doesn't come up with this, though it is recognized by Spybot.

One of the symptoms is that the browser opens new windows randomly. The windows appear to be legitimate websites, and vaguely related to the content I was attempting to access, but bears no relationship to the buttons I was clicking.

Replies

Kudos0

Re: win32.downloader.gen

I seem to be afflicted by a trojan/virus. It comes up in Spybot as win32.downloader.gen, and Spybot cannot remove. I am using Norton Internet Security 19.9.1.14 fully updated, and the quick scan shows nothing, I am still running a full scan. I was also recently afflicted by opt_content[1].js. These problems appear to stem from a download from CNET (who I usually trust) of Harry's Photo Filters, which also installed a bunch of crap into my browsers. So far there is no record of this threat on Norton. A search of the community doesn't come up with this, though it is recognized by Spybot.

One of the symptoms is that the browser opens new windows randomly. The windows appear to be legitimate websites, and vaguely related to the content I was attempting to access, but bears no relationship to the buttons I was clicking.

Kudos0

Re: win32.downloader.gen

Welcome,

It sounds like you have been infested with malware. Try a scan with

http://www.malwarebytes.org/products/malwarebytes_free

or the free version of

http://superantispyware.com/

do not activate the trials as they do conflict with your Norton product.

If this doeasn't clear the situation then I'd recommend you visit one of the free malware removal sites listed and work with one of their trained, volunteer staff to get your system cleaned

http://forums.whatthetech.com/
http://www.bleepingcomputer.com
http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/

Don't try too many self help solutions as they can make matters worse. The safest course is to go directly to one of the maleware sites, do not pass go and do not attempt to collect $200.00

Keep us posted

Dick Win7x64 SP1 current NSBU
Kudos0

Re: win32.downloader.gen

Hi Caleb

I’ve had the same problem with browser garbage from cnet and keep away from downloading from it now.  File hippo seems ok.  I have had success by running the software in safe mode which allowed the problems to be resolved that failed in normal mode, but Norton appears to be disabled in safe mode only allowing a full scan, so it might be wise to disconnect from the internet before booting into safe mode (see help and support from the start menu).

www. filehippo.com/

ATB

intesec

Kudos1

Re: win32.downloader.gen

So far, tried all of what Dick suggested (thank you Dick), and also what intesec suggested about running in safe mode. Malwarebytes, SuperAntiSpyware, and Norton only find cookies. McAfee found malicious websites visited, as a result of this pestilence. Only Spybot locates the critter but can't remove it.

Ran Norton and Malwarebytes in safe mode. Spybot wouldn't boot in safe mode.

What's up Norton? What am I paying you for? I've got to go to volunteers to fix my problem? So much for capitalism. From now on I stick with the little guys. You just lost a paying customer.

Kudos0

Re: win32.downloader.gen

Yeah, shows how behind I am on this stuff. One used to feel safe with CNET. Still haven't gotten it out yet. Tomorrow I'll try Dick's suggestion of the malware volunteers.

cheers!

Kudos0

Re: win32.downloader.gen

Hi Caleb

I’ve just run spybot in safe mode and it finished the scan.  I have some suggestions,

To try running spybot in safe mode again?

To get updates and try running spybot in safe mode again?

To download the latest version get updates and try running spybot in safe mode again?

The link below needs the basic version downloaded not the trial or the pro, the same when installing to avoid any real time protection.  You’ll need to uncheck a box at the bottom of a line of check boxes, if I remember correctly.

 

http://www.filehippo.com/download_spybot_search_destroy/

 

 

ATB

 

intesec

Kudos0

Re: win32.downloader.gen

Thread creatot please use the other forums (1 only though) as they protect your system by making sure your helper knows what they are doing and are trained in doing this work, being able to script, read logs, and use advanced programs.

Instead of this open dangerous forum that can give bad advice, dangerous advice, or chuck everything at it.

Good Luck on the other forum.

Quads

Kudos0

Re: win32.downloader.gen

Spybot S&D (or 2) will not remove  "Search Protect" by Conduit,   as found out myself and on Spybot Forum etc.  We have programs that will including scripting.   Spybot does not find it all,

No point in telling users to use programs that does not do the job

Quads

Kudos1

Re: win32.downloader.gen

dickevans has the best answer so far. still not resolved, but i posted to whatthetech.com, got a tech resonse, downloaded and ran a bunch of analysis, and now waiting for a reply. their response and instructions were quite precise. i'll post what happens next. i'm glad they are out there - as a recent post to this forum implied, this stuff is not to be messed with by amateurs such as myself.

Kudos0

Re: win32.downloader.gen

Found you, just for  users a heads up.

In your log has (some I can't give here as it will hyperlink

PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)

SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)

O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)

O4 - HKCU..\Run: [SearchProtect] C:\Users\Caleb Crawford\AppData\Roaming\SearchProtect\bin\cltmng.exe File not found

[2013/05/04 11:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/05/04 11:17:28 | 000,000,000 | ---D | C] -- C:\Users\Caleb Crawford\AppData\Local\Conduit
[2013/05/04 11:17:14 | 000,000,000 | ---D | C] -- C:\Users\Caleb Crawford\AppData\Local\CRE
[2013/05/04 11:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/05/04 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\Caleb Crawford\AppData\Roaming\SearchProtect

"SearchProtect" = Search Protect by conduit

 

 

There is more to tidy up then this PUP

 

Quads

 

Kudos0

Re: win32.downloader.gen

Thanks Quads,

Whatthetech had me uninstall SearchProtect by conduit.

Then use a program called OTL to scan and post the results. Based on this they provided me with a script to plug into OTL and run fix. Following a reboot I scanned again and posted the results. I am now awaiting further steps.

Replies are locked for this thread.