NIS 2013 - Win32.Downloader.gen question

I am a senior citizen and have a senior citizen friend several states away that I am trying to help.  I have NIS on my computer with Windows Vista.  My friend has AVG free AntiVirus with Windows XP Service Pack 3 on his computer. 

He also has SpyBot running in the background on his computer, which frequently picks up something named "Win32.Downloader.gen".  My question is, if he installs NIS on his computer, should it pick up and "fix" the "Win32.Downloader.gen" problem?  Thanks for any help!

Hi n9ejs

From the link below it appears that only spybot finds the infection.  May I suggest you read my post on the thread to try and delete it.  I would be grateful if you could repost with the results.

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/win32-downloader-gen/m-p/955271#M237893

 

 

ATB

 

intesec

Hi Intesec - Thanks for your prompt reply posting.  I assume you are referring to your 2/11/2013 posting.  I will review it thoroughly and get back with a reply posting when I can get together with my friend.

Yes, only SpyBot finds the infection.  One problem I have is that my friend and I are both in our mid-eighties - and I'm having trouble teaching him how to get in Safe Mode.  I've ran SpyBot in Safe Mode on my end, as well as Malware Bytes.  More info when I've discussed with my friend.

Hi n9ejs

There appears to be a slight confusion about the dates the thread I am referring to was started on ‎05-08-2013 at 07:21 PM and not 2/11/2013.  To clarify what I mean please click on the link below and refer to the posts by me there are two of them, which I have copied here for you to review.

 

Click on this text below.

http://community.norton.com/t5/Norton-Internet-Security-Norton/win32-downloader-gen/m-p/955271#M237893

 

Hi Caleb

I’ve had the same problem with browser garbage from cnet and keep away from downloading from it now.  File hippo seems ok.  I have had success by running the software in safe mode which allowed the problems to be resolved that failed in normal mode, but Norton appears to be disabled in safe mode only allowing a full scan, so it might be wise to disconnect from the internet before booting into safe mode (see help and support from the start menu).

 

http://www.filehippo.com/

 

 

ATB

 

intesec

 

Hi Caleb

I’ve just run spybot in safe mode and it finished the scan.  I have some suggestions,

To try running spybot in safe mode again?

To get updates and try running spybot in safe mode again?

To download the latest version get updates and try running spybot in safe mode again?

The link below needs the basic version downloaded not the trial or the pro, the same when installing to avoid any real time protection.  You’ll need to uncheck a box at the bottom of a line of check boxes, if I remember correctly.

 

http://www.filehippo.com/download_spybot_search_destroy/

 

 

ATB

 

intesec

 

 

 

Hi n9ejs,

 

IMHO, the best thing your friend can do is to follow dickevans information in regards to using one of the 4  malware removal sites he listed in his post  here

 

Also please read the last post in that thread by Quads - he is a fully trained malware removalist who has quit working malware removals on this forum because of information coming from many different sources (and causing in some cases) more harm than good.

 

 

Spybot S&D (or 2) will not remove  "Search Protect" by Conduit,   as found out myself and on Spybot Forum etc.  We have programs that will including scripting.   Spybot does not find it all,

 

No point in telling users to use programs that does not do the job

 

 

Quads

I really appreciate all the help my original inquiry brought. My friend already has SpyBot on his computer, so the question really does not concern SpyBot - except that SpyBot finds the Win32.downloader.gen every day when he runs it.  My question is,  can he install another program, such as Norton Internet Security (for Windows XP SP3) that will also find Win32.downloader.gen and fix it??  Thanks again!

Hi n9ejs

From calebcrawford’s information on the link below NIS cannot delete, win32.downloader.gen, as Caleb’s thread progresses to a malware removal site.  May I suggest trying spybot in safe mode, as Caleb could not run spybot in safe mode?

 

calebcrawford’s post below.

I seem to be afflicted by a trojan/virus. It comes up in Spybot as win32.downloader.gen, and Spybot cannot remove. I am using Norton Internet Security 19.9.1.14 fully updated, and the quick scan shows nothing, I am still running a full scan.

 

calebcrawford’s link below.

http://community.norton.com/t5/Norton-Internet-Security-Norton/win32-downloader-gen/m-p/955271#M237893

 

 

 

ATB

 

intesec

 

 

 

 

calebcrawford

 

Used a Malware Removal forum to fix the problem and make sure the system is cleaned and in order.  Please do the same and use people like myself to safely deal with things as we know what we are doing with the advanced tools we use.

 

Quads

Thanks Intesec - Please let us know if the full NIS scan detects Win32.downloader.gen!

The Spybot detection is not actually malware, so is not detected by Norton or the rest of the objects.

 

Spybot does not detect all of it either.

 

Quads

Hi Quads - SpyBot detects Win32.downloader.gen every time my friend runs it.  It gives the message that it cannot be fixed at the time, but may (I think) fix it next time SpyBot is run.  So far, it HAS fixed it the next time he runs  Spybot (which is usually immediately) - but then the next day, SpyBot detects it again.

 

Today, after he had re-run SpyBot and it showed fixed, I had him run a hard drive search for Win32.downloader.gen and it did not come up.  I asked him to run one of his daily web-sites, and then run the search again.  The search didn't find it.

 

The goal is to try to find an "automatic" detector, so that he doesn't have to keep running SpyBot manually twice to get it fixed.  I've sent an inquiry to Norton to  ask them if they have such a product; will post what I hear from them!  Thanks.

 

 

"I had him run a hard drive search for Win32.downloader.gen and it did not come up"  hahahahaha that is funny,   It doesn't work like that., you are way out of your depth so careful with what you do with the system.

 

As I said  Spybot does not detect it all.  But now you have a broken product  (if we can call it that ) even Spybot forums found that they have to manually script to get the rest.

 

Quads

Quick list of  objects that Spybot only detects one of as users are reporting as   in red below

 

C:\Program Files\Conduit

C:\Program Files\SearchProtect
C:\Users\[USER ACCOUNT]\\AppData\Local\Conduit
C:\Users\[USER ACCOUNT]\\AppData\LocalLow\Conduit
C:\Users\[USER ACCOUNT]\AppData\Roaming\SearchProtect
HKCU\Software\AppDataLow\Software\Conduit
HKCU\Software\AppDataLow\Software\ConduitSearchScopes
HKCU\Software\Conduit
HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
HKCU\Software\SearchProtect
HKLM\Software\Conduit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
HKLM\Software\SearchProtect
HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]

 

Quads

 

 

Hi n9ejs

I think Caleb’s full scan failed as he went to a malware removal site, so Norton is not the answer in this case at this time. 

 

 

ATB

 

intesec

Here's the latest.  When he runs Spybot, he gets the following message:

 

"(X) Win32.Downloader.gen

  (X) [SBI $BCCEBCBD]  Program Directory

         C:\Documents and Settings\GMac...\Application Data\Search Project\

WARNING

Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory).

This could be fixed after a restart.

May  Spybot-S&&D run on your next system startup?

 

                                          YES     NO"

 

The (X) are in red color.

He usually clicks on YES, and restarts the computer - and Spybot also starts.  When Spybot is finished running this 2nd time, it usually shows that Win32.Downloader.gen has been fixed, i.e., (X) in green.

 

I've looked at this web-site - http://www.safer-networking.org/faq/sometimes-malware-problems-reappear-when-i-reboot-the-computer-why-is-this-and-can-it-be-fixed/, and wondering if the Win32.Downloader.gen maybe one of the "rootkit" problems described there, and/or maybe harmless?

 

"Over my head"