Win32:Trojan-gen. {Other}

[eric]

I disabled the system restore.

I have another question about the "{Other}" in Win32:Trojan-gen{Other}. Does this "{Other}" means that it is a new unknown trojan found by heuristic scan and that all the new unknown trojans are classed under this name ?

This could explain why other anti-viruses can not detect this trojan, because it is a new one.

[raman]

No,  it is not a heuristic more a generic detection. Maybe one of the Avast Guy can explain it a bit more detailed.

The Problem is, that it sometimes produces false alarms and you are only able to find out by scanning that file with an other scanner or by sending the file to Avast.

In your case i would tend to a false alarm.

BTW: You should enable your System restore. If you use Windows me you need a patch to enable it again, if you haven´t patched it allready.

[eric]

You said that it is a false alarm. The strange thing is that all the infected files have the same filelength. I compared the EXE-files to each other with dos-command "fc /b". They are all the same.

Between the infected EXE-files and infected CLASS-files there is a difference of two bytes.

All the infected files were located in cache and temp folders. The cache and temp folders looks to me the best place for a trojan to hide.

Infected filenames:
Dc61.exe
Dc386.exe
99950062.exe
SecurityClassLoader.class-35b3d2a5-23a8bb2e.class
SecurityClassLoader.class-35b3d2a5-606607aa.class
SecurityClassLoader.class-35b3d2a5-6b11255e.class

[raman]

I said i would tend to say it is a false alarm, but you could send one to virus@asw.cz to be sure.

[Sandra28]

I'm having the same issues with this virus. I used Norton at first and switched to Avast. Norton never detected any Win32 trojan.gen, but Avast did. Anyhow, I quarantined it (put into virus chest) .... Yesterday, my internet just started doing its own thing. It went from yahoo to Google, then to a porn site, and it kept on just going to different sites so I clicked out of the internet because I assumed I was hacked. I checked my program files that were running and saw a suspicious JPG.exe ... Anyhow, I ended that program and did a thorough virus scan again. It picked up the Win32 trojan.gen, 5 times. They're all in the C:\Restore\Archive folder. I'm guessing the virus spread? Isn't it supposed to not be able to spread if it's been moved to the virus chest?

Another thing, I did an online scan with trend micro and panda which picked up NOTHING.

What the heck is going on? Should I just get rid of Avast and download something else? This is freaking me out and if it's not doing it's job, I need an antivirus program that will. I take online college classes and can't afford to be without a computer.

Sorry, I'm just really frustrated.

Also, in the custom settings, under Advanced .... it says "Here you can modify the list of locations that will not be scanned/and or tested. (Global exclusions are not appended) .. Anyhow, in there it has MSDOS.SYS and some other stuff. Shouldn't those be scanned too?

I'm so confused.

Thanks!

[raman]

To delete the files in the restore folder use this link: http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
You should try Spybot or Adaware. security.kolla.de and www.lavasoft.com

[Sandra28]

Okay! I found out what my problem was. What Avast was picking up and calling Win32 trojan.gen, was actually spyware. I guess that may be why other virus scanners didn't pick it up (some don't detect trojans like this) ...

Anyhow, I ran ad aware and deleted all those. I'm sure it was spyware because  the Winsock file that Avast quarantined, showed up on ad aware as being spyware and when I checked on item details, it told me that the JPG.exe changes your winsock file.

I guess it's good that Avast does indeed pick these up - it can be really scary at the same time though.

Does Avast drop spyware on your computer? I noticed the iNews on the splash screen when I started up Avast, and two spyware programs on my computer looked kinda similar. One was iClear and the other was iOneEigthy

[Walker]

One was iClear and the other was iOneEigthy

Hi Sandra,

I can't find those two files on my computer. Do you know the file extensions and paths/locations ?.

Walker.

[Sandra28]

Hmm, I don't remember exactly where they were located. I now have a new one though and am not sure if it's a real virus or spyware again.

Here are its details...

Virus has been detected!
File Name: trzA263.TMP
FileID: 5
Virus Description: Win32:Trojan-gen. {VC}

Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\WINDOWS\TEMP\asw9093.TMP
FileID: 0000000005  Original file name: c:\WINDOWS\TEMP\trzA263.TMP  New folder: C:\WINDOWS\TEMP\asw9093.TMP\5.TMP

Scan files in the temporary folder: C:\WINDOWS\TEMP\asw9093.TMP
C:\WINDOWS\TEMP\asw9093.TMP\5.TMP  Win32:Trojan-gen. {VC}
------------------------------------------------------------------------------------------

[SilvinoSilva]

I have, or better one friend of mine have this virus, before i install the avast, is the instalation infected?   If you solvem please tell-me






(im sorry to my bad english ))