If you can’t remove win32:malware-gen this is how we did it.
NMP Consulting has encountered an aggressive new variant on the Malware0gen virus. This new version is extremely difficult to remove.
The trickiest thing about this virus is that it creates and implements a seemingly legitimate Windows Service called “Windows System Express”. That service must first be disabled in order to locate and remove the hidden system file located in the system 32 directory.
If you suspect you are infected with this virus, please call us immediately (614) 358-5814
DETAILS:
The fake Windows Service was called “Windows System Express”. It had a seeming legitimate description having to do with optical scanning. It continuously generated processes with random filenames with names like “lib1614.exe”. These files were found and removed by the antivirus program, however the program was unable to remove the core file, which was “wsynelib.exe” because it was being used by the service.
In order to remove it:
1. Stop service.
2. Search for hidden files in system32.
3. Find wsynelib.exe and wysyndlib.exe.
4. Remove system and hidden file attributes from those files.
5. Those files can then be removed by the antivirus program.