Hello,
A new information is on the bottom with Note on it with large size after 4 hours of posting here, please read it first before reading this. Thank you.
I scanned Spybot Search and Destroy and it found 2 files of Win32.Downloader.Gen and only removed one of them. The other one could not be removed. I also scanned AVG, MalwareBytes, MalwareBytes Chameleon, and SuperAnti-Spyware. Four of them came up with a clean information. Only Spybot found it. I read that it may be a false positive, and people are saying Spybot is not good. I uninstalled it. I then scanned AdwCleaner, and the four softwares, I mentioned above several times after rebooting. All of them came up with the same information that it is clean and fine.
But, I am still not sure if Win32.Downloader.Gen is actually removed. I tried to locate it in Registry Editor that someone posted, Remove Win32.downloader.gen Virus Completely
It states 1. Press Ctrl+Alt+Del keys together and stop Win32.downloader.gen virus processes in the Windows Task Manager. 2. Go to Folder Options from Control Panel. Under View tab, select Show hidden files and folders and uncheck Hide protected operating system files (Recommended), and then click OK. Remember to back up beforehand. 3. Press Windows+ R keys and search for regedit in Run. Delete associated files and registry entries related to Win32.downloader.gen virus from your PC completely as follows:
%AllUsersProfile%
%AllUsersProfile%\Application Data\~r
%AllUsersProfile%\Application Data\~dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’0′
4. Reboot the computer normally to take effective, when the above steps are done.
I did it, but I could not locate
%AllUsersProfile%
%AllUsersProfile%\Application Data\~r
%AllUsersProfile%\Application Data\~dll
(Above three, I do not know where to find)
Or they may be removed when I used ADWCleaner.
NOTE: I am still not sure about this 4 hours later to locate.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’0′
(It only showed Policies folder after Current Version folder, there is nothing like a folder inside Policies that will open to Attachments folder. Policies only showed Default REG_SZ and ScanwithAntiVirus REG_DWORD, not SaveZoneInformation)
Again, it may be removed when I used ADWCleaner.
NOTE: I checked it 4 hours later, again, there is nothing like a folder inside Policies to open Attachments folder, but Policies now showed Default REG_SZ.
I did find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’1′.
ADWCleaner did not remove it?
NOTE: It is still in the folder 4 hours later, but is it supposed to be removed or remained there after using new Spybot?
What do HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’1′ actually mean? I googled and looks like it is fake anti-virus that installed itself? I use free AVG and it is not fake.
Should I removed it or few of them if the directions here are correct from the blog? Or is Win32.Downloader.Gen completely removed hence to those softwares and new Spybot that I mentioned? Or do I need to do some other softwares too?
Please help me. Much thanks!
NOTE: Hours later, I just learned that I had an old Spybot and installed the new one. I scanned, and it found 43 files, only one of them is from Win32.Downloader.Gen, and the rest of others are fine. I then fixed them all, and now they all are removed and moved to quarantine. I removed Win32.Downloader.Gen in quarantine and now it is removed. Here is the log,
13-06-03 04:37:01 Product Win32.Downloader.gen
[+] 13-06-03 04:37:01 Moving into quarantine C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
[+] 13-06-03 04:37:02 Successfully cleaned C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
13-06-03 05:18:06 Quarantine Start purge selected items...
13-06-03 05:18:16 Quarantine Purged Win32.Downloader.gen: All detected items of product - 2013-06-03 04:37:01
13-06-03 05:18:16 Quarantine Purged Win32.Downloader.gen: All detected items of product - 2013-06-03 04:36:46
13-06-03 05:18:16 Quarantine Finished purge selected items.
Looks like everything is good and fine. But, please do tell me what I need to do that I mentioned above and if I still need to do something as well. Really appreciate the help. Thank you so much again.
A new information is on the bottom with Note on it with large size after 4 hours of posting here, please read it first before reading this. Thank you.
I scanned Spybot Search and Destroy and it found 2 files of Win32.Downloader.Gen and only removed one of them. The other one could not be removed. I also scanned AVG, MalwareBytes, MalwareBytes Chameleon, and SuperAnti-Spyware. Four of them came up with a clean information. Only Spybot found it. I read that it may be a false positive, and people are saying Spybot is not good. I uninstalled it. I then scanned AdwCleaner, and the four softwares, I mentioned above several times after rebooting. All of them came up with the same information that it is clean and fine.
But, I am still not sure if Win32.Downloader.Gen is actually removed. I tried to locate it in Registry Editor that someone posted, Remove Win32.downloader.gen Virus Completely
It states 1. Press Ctrl+Alt+Del keys together and stop Win32.downloader.gen virus processes in the Windows Task Manager. 2. Go to Folder Options from Control Panel. Under View tab, select Show hidden files and folders and uncheck Hide protected operating system files (Recommended), and then click OK. Remember to back up beforehand. 3. Press Windows+ R keys and search for regedit in Run. Delete associated files and registry entries related to Win32.downloader.gen virus from your PC completely as follows:
%AllUsersProfile%
%AllUsersProfile%\Application Data\~r
%AllUsersProfile%\Application Data\~dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’0′
4. Reboot the computer normally to take effective, when the above steps are done.
I did it, but I could not locate
%AllUsersProfile%
%AllUsersProfile%\Application Data\~r
%AllUsersProfile%\Application Data\~dll
(Above three, I do not know where to find)
Or they may be removed when I used ADWCleaner.
NOTE: I am still not sure about this 4 hours later to locate.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’0′
(It only showed Policies folder after Current Version folder, there is nothing like a folder inside Policies that will open to Attachments folder. Policies only showed Default REG_SZ and ScanwithAntiVirus REG_DWORD, not SaveZoneInformation)
Again, it may be removed when I used ADWCleaner.
NOTE: I checked it 4 hours later, again, there is nothing like a folder inside Policies to open Attachments folder, but Policies now showed Default REG_SZ.
I did find HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’1′.
ADWCleaner did not remove it?
NOTE: It is still in the folder 4 hours later, but is it supposed to be removed or remained there after using new Spybot?
What do HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’1′ actually mean? I googled and looks like it is fake anti-virus that installed itself? I use free AVG and it is not fake.
Should I removed it or few of them if the directions here are correct from the blog? Or is Win32.Downloader.Gen completely removed hence to those softwares and new Spybot that I mentioned? Or do I need to do some other softwares too?
Please help me. Much thanks!
NOTE: Hours later, I just learned that I had an old Spybot and installed the new one. I scanned, and it found 43 files, only one of them is from Win32.Downloader.Gen, and the rest of others are fine. I then fixed them all, and now they all are removed and moved to quarantine. I removed Win32.Downloader.Gen in quarantine and now it is removed. Here is the log,
13-06-03 04:37:01 Product Win32.Downloader.gen
[+] 13-06-03 04:37:01 Moving into quarantine C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
[+] 13-06-03 04:37:02 Successfully cleaned C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
13-06-03 05:18:06 Quarantine Start purge selected items...
13-06-03 05:18:16 Quarantine Purged Win32.Downloader.gen: All detected items of product - 2013-06-03 04:37:01
13-06-03 05:18:16 Quarantine Purged Win32.Downloader.gen: All detected items of product - 2013-06-03 04:36:46
13-06-03 05:18:16 Quarantine Finished purge selected items.
Looks like everything is good and fine. But, please do tell me what I need to do that I mentioned above and if I still need to do something as well. Really appreciate the help. Thank you so much again.
Last edited:
My Computer
System One
-
- Manufacturer/Model
- Dell desktop-XPS
- CPU
- Intel Core 2 Duo-3.00GHz
- Memory
- 4.00 GB
- Graphics Card(s)
- NVIDIA Geforce GTX 285
- Hard Drives
- 450 GB
- Keyboard
- Logitech
- Mouse
- Microsoft
- Internet Speed
- High Speed Verizon
