Win32.Trojan-gen.

[tasha]

I just ran a scan for the first time with Avast.  It detected Win32.Trojan-gen.  It recommended "move to chest"  I did that and did not see any response, I don't even know what that means.  I also did the reboot. Does this mean I removed it or is there something else I have to do?

[DavidR]

Check in the chest and ensure that it is there, it should be in the Infected Files section.

[Lisandro]

I don't even know what that means.

It means that avast sent the infected file to a protected folder called Chest.
From there, the virus cannot scape and harm your computer.
Start avast antivirus and click on the 'crossed bones' icon to access the Chest.
There you'll see the file into the 'Infected files' section like David said 

[Bradyst]

I am also having trouble with this virus. 

I just got my computer hooked up to the internet and, started using Avast about two weeks ago.  For the last couple of days, it has detected this virus every time start my internet.  I always put it in the chest, and delete it later.   

How can I deal with this virus once and for all?
I would welcome any advice   

BRady

[rasta]

Avast! just detected this virus on my system as well. I have moved it to the chest but what I don't understand is that it found it on a program - uninstall.exe for YSIGet - that I have had on  my system for a some time. YSIGet is an application distributed by yousendit.com for resuming downloads.

Is there any way to find out if this is a false positive?

If not, what is the best way to go about cleaning the system of the culprit?

This is the first malware Avast! has ever detected on my system. I feel violated.

[Nicolas]

The uninstall.exe of the search program SVIZZER (G10 Software AG) is also detected as such.

[rasta]

Well, I just did a TrendMicro online scan with Avast! Resident Protection paused and it did not find anything.

I am beginning to think this is a false positive - at least in my case.

[rasta]

I just emailed the archive to virus@avast.com as instructed in the False Positives mini sticky after running an online scan on the file through http://virusscan.jotti.dhs.org which only had Avast! detecting it as a virus.

I am not sure how long it takes to correct this if it is indeed a false positive.

I guess I will just wait and see.

[Lisandro]

I am not sure how long it takes to correct this if it is indeed a false positive.

It should be faster but some of the team members are working outside of Czech office.
Maybe a week... Can you add the 'false positive' file (name and path) to the exclusions list of avast?
If it is on the Chest, you can test it again when we have a VPS update.

[Bradyst]

Hello, 

I am still waiting on some basic advice on how to deal with the Win32 Trojan-gen virus.  See my post below....


I am also having trouble with this virus. 

I just got my computer hooked up to the internet and, started using Avast about two weeks ago.  For the last couple of days, it has detected this virus every time start my internet.  I always put it in the chest, and delete it later.   

How can I deal with this virus once and for all?
I would welcome any advice   

BRady

[Lisandro]

I just got my computer hooked up to the internet and, started using Avast about two weeks ago.  For the last couple of days, it has detected this virus every time start my internet.  I always put it in the chest, and delete it later.   

Do you know the name and the path of the infected file (process)?
I can make some suggestions (hope they can help in anyway...):

1. Have you tried to delete the temporary Internet files? To do this go to Internet explorer >Tools > Internet options > Delete files > Click delete all offline content (just to be sure) > click ok. It might take some time to delete them.

2. Disable (and enable it after) System Restore: Start > Control Panel > System > System restore > Disable > Click Apply > Enable it again > Click Ok

3. Schedule a boot-time scanning: Start avast! > Right click the skin > Schedule a boot-time scanning > Select for scanning archives > Boot

[rasta]

I am not sure how long it takes to correct this if it is indeed a false positive.

It should be faster but some of the team members are working outside of Czech office.
Maybe a week... Can you add the 'false positive' file (name and path) to the exclusions list of avast?
If it is on the Chest, you can test it again when we have a VPS update.

Jah bless, Technical. I will wait patiently. I don't need to add it to the exclusions list as I don't use it very often anyway. I can wait.

If someone in the lab is brave enough to try, they can download the program from http://s38.yousendit.com/dmanagers.aspx. It's YSIGet version 0.99c.

If you go to the bottom of the page, there is also a link for the source. That's right. It's an open-source program released under the terms of the GNU License which is one of the reasons I suspected a false positive to start with.

It's possible the program could have been contaminated after I downloaded and installed it on my system but highly unlikely. Both the installer I downloaded and the unpacked uninstall.exe were getting flagged by Avast!

First time I have seen - and heard - Avast! talk to me in all the time I have been using it, by the way. Not a very pleasant introduction by any means but my heart rate is now back to normal. 

Sorry to pile on on this thread but it seemed to address the same problem at first.

Thanks for the reply, Technical, much appreciated.

[igor]

I believe it is a false alarm that will be fixed soon.

[rasta]

I believe it is a false alarm that will be fixed soon.

Thank you, igor, I suspected as much. Just waiting for a definitive answer.

Peace.

[Bradyst]

Thanks for the advice.  I deleted the Temp Int Files and disabled and enabled the System Restory.  I will do a boot time scan after this, and let you know how it is working out.

Oh, and I just read the very useful FAQ on Advice and Tools for Virus Removal.  Very interesting and useful.  I will go over some of the points there if I have trouble before troubling you again.

You guys are located in Prague right?  I lived there for 5 years.  I really miss it.  If I come back for a visit, I'll be sure to stop by the office and take you out for beers for helping me.  Thanks




Do you know the name and the path of the infected file (process)?
I can make some suggestions (hope they can help in anyway...):

1. Have you tried to delete the temporary Internet files? To do this go to Internet explorer >Tools > Internet options > Delete files > Click delete all offline content (just to be sure) > click ok. It might take some time to delete them.

2. Disable (and enable it after) System Restore: Start > Control Panel > System > System restore > Disable > Click Apply > Enable it again > Click Ok

3. Schedule a boot-time scanning: Start avast! > Right click the skin > Schedule a boot-time scanning > Select for scanning archives > Boot