Avast WEBforum

Other => Viruses and worms => Topic started by: megaman04 on August 16, 2004, 04:17:25 PM

Title: How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on August 16, 2004, 04:17:25 PM
Hello,

I'm new at this so hopefully this post will find an answer here. I'm trying to help a friend to find out how to remove the Win32: Trojan-gen {VB} virus. The Avast anti-virus protection program was installed just yesterday and it detected the "gen VB" virus. The Avast program cannot delete, repair, etc. the problem for some reason. I went to Google to get information and it took me to this place. Any experts out there that can inform me as to how to delete this Trojan virus would be greatly appreciated.

Thank you,
Frustrated
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: bob3160 on August 16, 2004, 04:32:48 PM
megaman04
Welcome to the forum.
Please help us help you.
What version of Avast! are you using
What vps version?
What OS?
What exactly is the error message? (If you are getting one.)
etc. etc.
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: maotze on August 16, 2004, 04:41:09 PM
Hi,
I have the same problem
Virus name: Win32:Trojan-gen. {VC}
File name : C:\Program Files\Common Files\updmgr\updmgr.exe
VPS version : 0433-3, 13/08/2004
I'm using Win XP pro.
 Please advice.

Thanks.
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: Eddy on August 16, 2004, 04:55:46 PM
Click on the link in my signature and follow the instructions.
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on August 16, 2004, 05:46:59 PM
Hello again,

I just got on to check for responses on how to remove the Trojan-gen {VB} virus. I noticed "Eddy" responded with "Click on the link in my signature and follow the instructions." Where is the link in your signature that I click on? I'm new to this so, please clarify. Thanks...
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: bob3160 on August 16, 2004, 05:51:00 PM
megaman04
Quote
Where is the link in your signature that I click on? I'm new to this so, please clarify. Thanks...
All the way on the bottom of his post. Next to the flag. ;D
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on August 16, 2004, 05:59:37 PM
megaman04
Welcome to the forum.
Please help us help you.
What version of Avast! are you using
What vps version?
What OS?
What exactly is the error message? (If you are getting one.)
etc. etc.

Hello,

This is a friend's computer so hopefully this is the correct info to your questions. The Avast version is 4, the vps version is 0434-0, the OS is Microsoft Windows Me, and these are some of the "error" messages: The files was not repaired - cannot process c:\windows\system\3drefd.exe file; another is Access denied - cannot process c:\windows\system\sexch40m.exe file; another is Access denied - cannot process c:\windows\system\ysinv.exe file. There seems to be a new file with an ".exe" name that comes up whenever I try to repair or delete. I don't know what is going on with the problem. Thanks...
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: Eddy on August 16, 2004, 06:07:38 PM
The problem is that the process is running when you try to remove the infected files as explaind on the page in my link. If you follow the instructions there, the system will be as clean as can be when you are done.
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on August 16, 2004, 06:14:50 PM
megaman04
Quote
Where is the link in your signature that I click on? I'm new to this so, please clarify. Thanks...
All the way on the bottom of his post. Next to the flag. ;D


Thank you Bob,

I did click on the link next to Eddy's flag. There's a lot to do and a lot to download. According to the link I need Avast, Ad-Aware, Spybot, Hijackthis, etc.. My friend's computer already has the Avast program. Do I download the rest? Also it suggests to use/get CWShredder, Spyware Blaster and Bazooka. Are these free to download? And are they necessary to delete the "gen VB" virus or are they for future prevention? Near the bottom there are 8 steps to follow. Step 3 advises to install a firewall. Can I delete the virus without installing a firewall? This is my friend's computer and I don't know what a firewall really is. I can guess that a firewall "acts" like a firewall in a car. Can you help me on this? Thanks for your time....
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: Eddy on August 16, 2004, 06:18:05 PM
Everything (!) on my page is free and fully working :D
Use at least the applications mentioned in the first table.
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on August 16, 2004, 06:21:57 PM
The problem is that the process is running when you try to remove the infected files as explaind on the page in my link. If you follow the instructions there, the system will be as clean as can be when you are done.


Hello Bob,

Thanks for your response. I think I understand what you mean by the "process is running when I try to remove the infected files." You wrote, "as explained on the page in my link." Is your link "Shortcuts for all" found on your first response? Do I follow Eddy's or your link to delete the virus? I don't mean to take up your time, but this is my first time trying to delete a virus. Thanks....
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on August 16, 2004, 06:36:04 PM
Everything (!) on my page is free and fully working :D
Use at least the applications mentioned in the first table.

Thank you Eddy,

Do I "open" or "save" to computer when I try to download the Ad-Aware, etc.? Thanks...
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on August 17, 2004, 02:44:16 AM
Thank you to Eddy and Bob for helping me figure out how to remove the "gen VB" virus. I clicked on Eddy's link and although it took a long time for me to remove the Trojan virus, it was worth it. There are still things I don't know and have to read up on, but it worked. I did receive an error message from the Spybot Search & Destroy program after I ran it. The message was "Spybotsd has caused an error in the KERNEL32.DLL." I am hoping it's not a critical error that needs to be fixed or deleted. I wasn't able to do anything with it. I just closed the error message. But again, thank you for your help. If something else comes up I'll send an S.O.S. on the board to get help. Thanks....
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: whocares on August 17, 2004, 12:17:52 PM
an error in the KERNEL32.DLL."

This can be caused by lots of things..

sometimes it's too many programs starting with WIN, but
it can also be Ad-/SpyWare

Have you tried running updated SPYBOT & Ad-AWARE in SafeMode (F8-Boot) ?
Are all Windowsupdates applied ?
You might also want to post a hijackthis-log and secure your Browser better
--> See Eddy's sig., or "VirusRemoval" below in my sig for links&info

 ;)
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on August 20, 2004, 12:56:10 AM
an error in the KERNEL32.DLL."

This can be caused by lots of things..

sometimes it's too many programs starting with WIN, but
it can also be Ad-/SpyWare

Have you tried running updated SPYBOT & Ad-AWARE in SafeMode (F8-Boot) ?
Are all Windowsupdates applied ?
You might also want to post a hijackthis-log and secure your Browser better
--> See Eddy's sig., or "VirusRemoval" below in my sig for links&info

 ;)


Thanks for the response "whocares." You mentioned running spybot & ad-aware in safemode. I was in safemode when I ran them. I didn't do any Windows updates though. I didn't know if I was going to mess up anything by trying to do all the updates, plus I didn't know when and how to do it so I skipped that part. Eddy's instructions also included installing a firewall. I didn't do that also because I didn't know where to get one, let alone know how to install one. And I also didn't got the Host file to make deletions. I didn't know how to do that either. Do you any of the above? Thanks...
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: Eddy on August 20, 2004, 12:58:41 AM
Read my page again. It has everything you need, or at least links to it. Including the firewall(s)
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on September 06, 2004, 09:22:18 PM
Read my page again. It has everything you need, or at least links to it. Including the firewall(s)

Hello again,

I have two questions I need help on. First, do I re-enable system restore in safe mode after going through avast, ad-aware, spybot, hijackthis, cwshredder...or is it done after I reboot the computer? Second, after using Hijackthis, a list of results appear (R1's, 03's, 04's, etc..). A website said to delete all the exe. files in 04 while in safemode. Is that the route to take? Thanks for your advice.

Megaman

Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: bob3160 on September 06, 2004, 11:25:58 PM
megaman04
You asked to delete them in Safe Mode because once you reboot, you no longer have access to them.
Re-eneble SystemRestore after you reboot and know your system is clean. Once you have it re-enabled, do a fresh restore point and you can call it SystemClean. ;D ;D
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: megaman04 on September 07, 2004, 08:58:36 PM
megaman04
You asked to delete them in Safe Mode because once you reboot, you no longer have access to them.
Re-eneble SystemRestore after you reboot and know your system is clean. Once you have it re-enabled, do a fresh restore point and you can call it SystemClean. ;D ;D

Thanks Bob, but I need to clarify something. I asked if I needed to delete the "exe 04 files" in safemode because I haven't done that yet. Didn't know if I had to. I assume your answer is to delete the "04" files in safemode. Also do I use CWShredder, Spyware Blaster or another program to create a "restore point?" Thanks for your help.

Megaman
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: Eddy on September 07, 2004, 09:13:36 PM
Quote
....do I re-enable system restore....
No, unless there is a reason for you to need it to be enabled.

And for your question about the Hijackthis log, I point you again to my page ;) It has the link to a HJT log analyzer I created, a online HJT log analyzer and explanation about the HJT log file.

Here are the direct links to them:
HJT log analyzer (http://members.home.nl/edeijl/download/hjt5.005.exe)
Online log analyzer (http://www.hijackthis.de/index.php?langselect=english)
Tutorial/Explanation about the HJT log file (http://members.home.nl/edeijl/acred/hjt.htm)
Several links to interesting sites about HJT (http://www.v1ru5help.org/smf/index.php?topic=23.0)
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: phenexfire on September 19, 2004, 10:56:47 PM
I am wondering, I cannot seem to find details about trojan-gen {vb} anywhere. I just installed avast and it says it is there on my system in a file called autoload.exe. I am running a full scan now but I wanted to look at details of the virus...like they have at symantec or trendmicro.... does anyone know where I can find those? other than that I have spybot, adaware and hijack this so I am just waiting for this scan to complete. thanks
Title: Re:How do I remove the Win32: Trojan-gen {VB} virus?
Post by: Eddy on September 19, 2004, 11:01:44 PM
 trojan-gen {vb}

Trojan speaks for itself
gen is short for general or generic
vb stands for visual basic

So it is just a name for a whole series of trojans with the same characteristics
Title: Re: How do I remove the Win32: Trojan-gen {VB} virus?
Post by: misterzuzu on June 22, 2005, 07:55:57 AM
To Eddy.  I clicked on the link in your signature and got this:
 
Gebruikersmap niet beschikbaar
De door u opgevraagde gebruiker heeft geen webspace, of de webspace van deze gebruiker kan niet worden getoond.

Why?
Title: Re: How do I remove the Win32: Trojan-gen {VB} virus?
Post by: misterzuzu on June 22, 2005, 08:13:14 AM
 :o I let Avast delete the infected files because they were all either in a restore directory or else buried in a temp directory.   :-X BUT NOW!!!  I don't know if this problem was caused by trojan-gen or something else but if any of you consider yourselves to be XP experts, try this for size:

I have a computer with XPHOME and when I boot it, I see the XP screen, I see the login screen but when it gets logged in, all I see is a black screen with a mouse cursor.  I can CTRL-ALT-DEL and get the task manager and run programs from it but I can't run explorer.exe.  I can see explorer.exe but when I try to run it, I get "Windows cannot find the file C:\windows\explorer.exe."  I can make a copy of it as XPLORER.EXE and that program will run!  I can rename explorer.exe to explorer.com and it will run!  If I then try to copy nodepad.exe to explorer.exe, I get "The system cannot find the file specified."  Something, somewhere, is not letting me run anything named "explorer.exe".  I can't even figure out how I would do that if I wanted to.  Any ideas?
Title: Re: How do I remove the Win32: Trojan-gen {VB} virus?
Post by: Lisandro on June 22, 2005, 04:30:25 PM
I have a computer with XPHOME and when I boot it, I see the XP screen, I see the login screen but when it gets logged in, all I see is a black screen with a mouse cursor.  I can CTRL-ALT-DEL and get the task manager and run programs from it but I can't run explorer.exe.  I can see explorer.exe but when I try to run it, I get "Windows cannot find the file C:\windows\explorer.exe."  I can make a copy of it as XPLORER.EXE and that program will run!  I can rename explorer.exe to explorer.com and it will run!  If I then try to copy nodepad.exe to explorer.exe, I get "The system cannot find the file specified."  Something, somewhere, is not letting me run anything named "explorer.exe".  I can't even figure out how I would do that if I wanted to.  Any ideas?
I'd suggest you schedule a boot time scanning or run a scanning booting the computer in Safe Mode (F8 while booting).