Will Avast securely remove win32:trojan-gen (other)

[maxfl100]

Hi Guys: I have just downloaded the free home use version of Avast version 4.8, and a scan reveals I have a win32: Trojan-gen {other} residing at various places. Webroot hasn't picked this up despite updates and frequent scans- so thanks to Avast. Can I rely on Avast's removal process to get rid of it. If Avast re-scans and all is clear can I rely on that?

[DavidR]

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

[Lisandro]

If after following David's advices, VirusTotal shows the files as being infected, I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

residing at various places

This is what made me think that they could be not a false positive...
Although, David is right, win32: Trojan-gen {other} signature is a very common trigger for false positives.

[postmandan]

ive just got win32:trojan-gen on my mac ive put it in virus chest what do i do now please??

[wyrmrider]

While you are waiting for a mac specific answer do the upload to virus total as shown above
and report back

[Twigs]

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

Hi, I read your help instructions you posted here for maxfl100 after I'd already sent my file to virustotal and when I uploaded my Win32:Trojan-gen {other} file to virustotal, I didn't receive any warnings, and I was able to upload it straight from the original location it was still at as I hadn't yet sent it to the chest.

[DavidR]

It isn't unusual not to get an avast detection in virustotal as there database isn't updated in real time as your is. The reason for uploading to virustotal is to see what other scanners report, this is what would confirm or deny your system detection.

So what were the results or did your "I didn't receive any warnings" mean:
a. there were no other detections at VT ?
b. there was no detection on your system when you uploaded it ?

Have you rescanned it on your system and is it still detected ?
It may well be that this has been corrected or avast would have alarmed when you accessed it to upload it to VT.

[Twigs]

Here is a link to virustotal results, http://www.virustotal.com/analisis/4f4743b5f004527f8de9a80c2e9cad03

Also here's a link to my on-going problem in the forum, http://forum.avast.com/index.php?topic=37134.0


I scanned the file just before I wrote this reply, it is still infected.  But when I uploaded it to virustotal, I didn't receive any error's, or messages from avast, the file was sent to virustotal without warning.

Something else that is interesting about all of this is I placed this file onto a backup DVD disk I created in June, and the file back then was clean.  Now all of a sudden when it hits my hard drive it gets infected.  Also the game was running 100% fine, no errors, no warnings, nothing.  When I went to play about 2 weeks or so ago, I got a message from Avast telling me the file Zuma.exe is infected with Win32:Trojan-gen {other}.

I purchased the game, Zuma Deluxe, in 2005, 100% legit from Yahoo's websites, so I know it's not a suspicious file.

Also, before I created the DVD backup disk, every file was scanned with Avast 6/18/2008 and all files at that time were fine.  Apparently even on the disk now, the Zuma Deluxe file is coming back infected, and it was put on that disk with no infections.

[Maxx_original]

it's a known issue.. we're waiting for the file to be analysed afaik...

[Twigs]

yes, so there is work being done on this then?  kinda sucks when you can't play your games  :'( :'( :'( :'( :'(

[wingha]

i have a win32:trojan-gen{other} virus and it is currently in the virus chest. It was found in the temporary folder and i deleted all of the temporary internet files, did a scan,
and it now says no infected files but the virus is still in the virus chest, why? how do i get rid of it?

[DavidR]

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

[Deeth]

i have a Win32: Trojan-gen {Other} in  my C:\System Volume Information\_restore.......bunch of numbers.... .exe
i was doing an avast! system scan and 30 min into it a avast! warning popped up claiming that i have that trojan. i have not decided whether i should move it to the chest or if i should try and delete it. moving it to the chest could mean more work right?
I do not know how to get rid of this.
How do i get rid of it safely without harming my system restore file?

also in windows task manager. explorer.exe and iexplore.exe seem to be taking up too much CPU time each are both taking up about 6:00 min. does not sound right.

I don't know what to do.

Help!

[DavidR]

Well things in the C:\System Volume Information\ folder are there because they have been removed/replaced or moved from the system folders, so it is a back-up for that action. This means that it isn't crucial, at worst that restore point wouldn't be available in the future.

However, it could mean that if you use the system restore in the future (if you didn't move it to the chest) you could reinfect your system when using system restore to a point in time that would include that restore point.

It could be that at some point you removed an infected file in the system folders and system restore saved a copy in the C:\System Volume Information\ restore point.

Moving to the chest is the safest option as it isn't the same as it is a protected area and also allows for reversal of any decision where deletion doesn't. Moving it to the chest is zero work run the scan again (folder select, just the system volume information folder) and when detected, click the Move to chest button, done.

I know this I wouldn't like to have a suspect restore point in the C:\System Volume Information\ folder just waiting to bite me in the rear.

I would be looking at the CPU % that they use, iexplore and explorer from because time is irrelevant and if you use IE for your default browser. For both of these files I would expect them to be in use for much more than 6 minutes, of course it would depend on how long the system was up overall.

I generally don't monitor CPU time, but currently my total for explorer is only 14 seconds, I don't use IE but firefox is 55 seconds, my system has only been on for 2 hours 21 minutes and I have been on-line for a little over an hour.

So I would report what their CPU % is as this is an actual figure and not cumulative and see if it is excessive.

[Deeth]

it will not let me. it says the virus chest server isn't running and the communication failed soo basically.. where do i go from here?