Avast WEBforum

Other => Viruses and worms => Topic started by: Alcir on April 29, 2012, 03:07:33 AM

Title: Vírus win32:pup-gen
Post by: Alcir on April 29, 2012, 03:07:33 AM

O Avast sempre me notifica sobre o vírus win32:pup-gen, mas, ao tentar removê-lo para a quarentena (assim como excluí-lo), aparece a seguinte mensagem: erro: o Sistema não pode encontrar o arquivo especificado (2). Ao iniciar novo escaneamento, o Avast sempre o localiza, mas não consegue removê-lo. Como devo proceder?

Title: Re: Vírus win32:pup-gen
Post by: mchain on April 29, 2012, 07:37:07 AM

Buenos  Alcir,

Following is the google translation to english of above post:

Quote

Avast always notifies me about the virus Win32: pup-gen, but when trying to remove it to Quarantine (and delete it), the following message appears:  Error:  System cannot find the file specified (2).  When starting a new scan, Avast always finds it, but can not remove it.  How should I proceed?

Never delete.  If possible, always place in quarantine.  If the file is determined to be clean later, you can always restore it.  You cannot do this when delete is chosen, file is gone forever.
You can also post here in the non-english zone if you wish:  http://forum.avast.com/index.php?board=21.0 (http://forum.avast.com/index.php?board=21.0)

EDIT:  Update post.

On further analysis, see this thread about [PUP] alerts:  http://forum.avast.com/index.php?topic=93372.0 (http://forum.avast.com/index.php?topic=93372.0)

As Pondus says, PUP scan is off by default in the normal quick/full scan.  You have to turn it on to get this alert.

Title: Re: Vírus win32:pup-gen
Post by: Pondus on April 29, 2012, 10:17:43 AM

Quote

As Pondus says, PUP scan is off by default in the normal quick/full scan.  You have to turn it on to get this alert.

but it is on in boot scan........
so is it a boot scan you are using?
and what is the name / location on the file detected?

Title: Re: Vírus win32:pup-gen
Post by: Alcir on April 29, 2012, 10:57:03 PM

O Avast detecta esse win32:pup-gen quando faço escaneamento completo ou escaneamento de inicialização boot, mas não consegue colocá-lo em quarentena. O arquivo infectado é C:\$Recycle.Bin\S-1-5-21-2557965090-2794394387-507434409-1007\$RX4XUYZ.msi|>disk1.cab|>Isass.exe. Não consigo encontrar esse arquivo no windows explorer.
Aguardo ajuda.

Title: Re: Vírus win32:pup-gen
Post by: Asyn on April 29, 2012, 10:59:42 PM

Quote from: Alcir on April 29, 2012, 10:57:03 PM

O Avast detecta esse win32:pup-gen quando faço escaneamento completo ou escaneamento de inicialização boot, mas não consegue colocá-lo em quarentena. O arquivo infectado é C:\$Recycle.Bin\S-1-5-21-2557965090-2794394387-507434409-1007\$RX4XUYZ.msi|>disk1.cab|>Isass.exe. Não consigo encontrar esse arquivo no windows explorer.
Aguardo ajuda.

Please post English here..!! ;)
Thanks.

Title: Re: Vírus win32:pup-gen
Post by: magna86 on April 29, 2012, 11:10:47 PM

@Alcir
Yes english.  :D
For support on your language, try this subforum:
http://forum.avast.com/index.php?board=21.0

Code: [Select]

Isass.exeThis is an old worm using USB device to infect your PC.

Step#1
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

    * When done, DDS will open two (2) logs:
         1. DDS.txt
         2. Attach.txt

Save both reports to your desktop. Attach DDS.txt back to topic.

Step#2

Download  USBNoRisk  (http://amf.mycity.rs/personal/bobby/USBNoRisk/usbnorisk.exe) to your Desktop and run it by double clicking the program icon.

  - Wait a few seconds while the program performs a initial scan.

  - Inserts your USB storage devices into USB slot one by one and keep in each one in slot for 10 seconds. We need to whati for USBNoRisk to check them:

   >If you have multiple devices for scanning , then the piece of paper keeps track of the sequence are inserted, because we will need this information later.

  - When you're done with all devices, click the right mouse button in the middle window and select Save scrambled log . This log will automatically open in Notepad.

 Please attach the log from Notepad to the forum.

In the USB memory devices includes all devices that by connecting the computer to obtain your label partitions.
These include USB [and] flash [/ i] drives, external hard drives, memory cards, MP3 and MP4 players, some mobile phones, a GPS (navigation) devices and so on.

Title: Re: Vírus win32:pup-gen
Post by: mchain on April 30, 2012, 02:18:48 AM

Quote from Alcir on April 28, 2012 @ 8:57:03 PM  Google translation Portuguese to English.

Quote

Avast detects this win32: pup-gen when I scan or full scan boot boot, but can not put it in quarantine. The infected file is C: \ $ Recycle.Bin \ S-1-5-21-2557965090-2794394387-507434409-1007 \ $ RX4XUYZ.msi |> disk1.cab |> Isass.exe. I can not find this file in windows explorer.
I wait for help.

Hope this helps others to follow along.  Note that Pondus was right, seems detection is either on normal scan or Avast! boot scan.