Avast WEBforum

Other => Viruses and worms => Topic started by: matan on September 20, 2004, 10:51:55 PM

Title: How to remove - win32: trojan-gen {other}
Post by: matan on September 20, 2004, 10:51:55 PM

When I scaned my computer with avast it found that file hxdefdrv.sys is infected with win32: trojan-gen {other}. I removed it with the same program, but it was not successful. I even disabled system restore, and boot in safe mode, and same thing happened. I also noticed that there are too many programs running in my task manager - expecialy lots of svchost.exe.    

Can somebody help me to remove it ?
Thanks

Title: Re:How to remove - win32: trojan-gen {other}
Post by: whocares on September 21, 2004, 03:30:54 PM

Hi,

Please read the link "VirusRemoval" below in my sig and then come back with more info, e.g.
- What Win do you use ?
- version of avast & VPS number/date ?
- Hijackthis-Log
- Results of Onlinescanners for the file

btw, your trojan is a bit of a toughy cause it's a rootkit:
- have you tried a boot-time scan with avast (if you have Win NT/2000/XP) ?

also try following the removal-procedure contained in these links..:
Trend-Info (http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=hxdefdrv%2Esys&alt=hxdefdrv%2Esys)


 ;) ;)

Title: Re:How to remove - win32: trojan-gen {other}
Post by: Davide on September 23, 2004, 01:26:52 PM

Hi, I'm woking with the Windows 2000 professional version, the Avast antivirus tells me I got the Win32:Trojan-gen!!! What should I do? Is it dangerous??

Thanx..

Title: Re:How to remove - win32: trojan-gen {other}
Post by: DavidR on September 23, 2004, 06:54:08 PM

You could start by following the request/suggestions of whocares.

We really need more information to help you fully.

Please Help us to Help you - we need more information to be able to help fully,
    - Your Operating System, is it up to date?
   - Your email program - if applicable.
   - avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
   - Virus Name - infected filename
   - Location of infected file, e.g. C:\windows\system32\infectedfilename.exe

visit the User's FAQ (http://forum.avast.com/index.php?board=9;action=display;threadid=4818) thread, it will give you a lot of useful advice.

A search of these forums for Win32:Trojan-gen will no doubt return many hit as this topic has been  previously discussed a number of times.

General Advice & Tools for virus/trojan/malware removal (http://forum.avast.com/index.php?board=4;action=display;threadid=5373)

A HijackThis log is also helpfull in searching out Trojans, Eddy's HiJackThis Info and Analysis page, HijackThis log file analyzer (http://members.home.nl/edeijl/acred/cleaning.htm) and follow the directions there and get back to us with more info if you need more help....

Title: Re:How to remove - win32: trojan-gen {other}
Post by: havfunky on October 11, 2004, 11:29:57 PM

hi, I HAVE ALSO RECENTLY FOUND THIS VIRUS ON MY SYSTEM, WHICH ISNT GOOD ME THINKS! ( win32: trojan-gen {other} )

I am running win xp sp2.

along with Avast version 4.1 home.
VSP:11.10.2004 file version 0442-0

this is a copy of the message that i get in the avast log file:

11/10/2004 20:08:01   NT AUTHORITY\SYSTEM   860   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{DF288C16-B6BD-4E42-8C84-84230AE9EE6D}\RP31\A0005138.exe" file.  


Dont look good.

Ive disabled system restore and used both avast and trend home call virus scans on this bitch but have come up with diddly squat! :-s

Could you please help?!

Title: Re:How to remove - win32: trojan-gen {other}
Post by: Eddy on October 11, 2004, 11:35:03 PM

Disabling system restore will take care of it havfunky. Did you reboot after disabling it and did you checked if it still is disabled?

Title: Re:How to remove - win32: trojan-gen {other}
Post by: havfunky on October 11, 2004, 11:41:39 PM

ive disabled it, and rebooted. yes, but didnt find it after. will it have gone now then?

Title: Re:How to remove - win32: trojan-gen {other}
Post by: Eddy on October 11, 2004, 11:46:24 PM

yup it is gone. This was a false positive caused by the way system restore puts the files in that folder. So nothing to worry about now that it is gone.

Title: Re:How to remove - win32: trojan-gen {other}
Post by: havfunky on October 11, 2004, 11:47:33 PM

can i put it back on now then (system restore i mean)?

thanks for your help eddy! :-)

Title: Re:How to remove - win32: trojan-gen {other}
Post by: Eddy on October 11, 2004, 11:55:44 PM

If you have a need for it, you can put it back on. But you can get the same false positive back also that way. The choice is yours.

Title: Re:How to remove - win32: trojan-gen {other}
Post by: njguy99007 on October 17, 2004, 06:29:47 AM

Hello, I have the same issue with win32: trojan-gen, getting rid of it is ok, but my question, Is this virus harmfull, also, why cant Avast take care of it when it finds it and you delete or move it to the chest.
Any help in this matter will be Appreciated.

Thank You All

Title: Re:How to remove - win32: trojan-gen {other}
Post by: Ruff Knight on October 19, 2004, 06:03:24 PM

I too have been having problems removing this virus, and I am running Windows 98, can somone please help me.

Title: Re:How to remove - win32: trojan-gen {other}
Post by: drussel on October 21, 2004, 12:52:32 AM

 ???How do you disable Dydtem Restore? I also have the virus and am on XPP.

Title: Re:How to remove - win32: trojan-gen {other}
Post by: DavidR on October 21, 2004, 12:52:11 PM

Well you could use the windows help file > Start > Help and Support and search for System Restore and look at the results it gives.

Or
Win XP-ME - How to disable System Restore (http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm)

My point is the information is on your computer, you only have to learn to use the tools.