Author Topic: Vírus win32:pup-gen  (Read 3167 times)

Offline Alcir

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Vírus win32:pup-gen
« on: April 29, 2012, 01:07:33 AM »
O Avast sempre me notifica sobre o vírus win32:pup-gen, mas, ao tentar removê-lo para a quarentena (assim como excluí-lo), aparece a seguinte mensagem: erro: o Sistema não pode encontrar o arquivo especificado (2). Ao iniciar novo escaneamento, o Avast sempre o localiza, mas não consegue removê-lo. Como devo proceder?

Offline mchain

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2176
  • Gender: Male
  • Spartan Warriors
    • Personal Message (Offline)
Re: Vírus win32:pup-gen
« Reply #1 on: April 29, 2012, 05:37:07 AM »
Buenos  Alcir,

Following is the google translation to english of above post:
Quote
Avast always notifies me about the virus Win32: pup-gen, but when trying to remove it to Quarantine (and delete it), the following message appears:  Error:  System cannot find the file specified (2).  When starting a new scan, Avast always finds it, but can not remove it.  How should I proceed?
Never delete.  If possible, always place in quarantine.  If the file is determined to be clean later, you can always restore it.  You cannot do this when delete is chosen, file is gone forever.
You can also post here in the non-english zone if you wish:  http://forum.avast.com/index.php?board=21.0

EDIT:  Update post.

On further analysis, see this thread about [PUP] alerts:  http://forum.avast.com/index.php?topic=93372.0

As Pondus says, PUP scan is off by default in the normal quick/full scan.  You have to turn it on to get this alert.
« Last Edit: April 29, 2012, 06:05:58 AM by mchain »
XP Pro SP3 P4 3.2 HT 2GB RAM AIS v 2014.9.0.2011 Secunia PSI version 2.0.0.3003 TREND Micro RUBotted Beta Javacool SpywareBlaster version 5.0 Sandboxie v. 4.09 32-bit WOT (Web Of Trust) Browser reputation-based add-on http://www.mywot.com/   New: avast! listing of vendor uninstall tools:  http://www.avast.com/faq.php?article=AVKB11#artTitle
W7 Home Premium 64-bit SP1, 2.8 Pentium D, 3 GB RAM AIS v 2014.9.0.2016 (running same programs as above) Sandboxie 4.09 64-bit

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21696
  • Gender: Male
    • Personal Message (Offline)
Re: Vírus win32:pup-gen
« Reply #2 on: April 29, 2012, 08:17:43 AM »
Quote
As Pondus says, PUP scan is off by default in the normal quick/full scan.  You have to turn it on to get this alert.
but it is on in boot scan........
so is it a boot scan you are using?
and what is the name / location on the file detected?
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Alcir

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: Vírus win32:pup-gen
« Reply #3 on: April 29, 2012, 08:57:03 PM »
O Avast detecta esse win32:pup-gen quando faço escaneamento completo ou escaneamento de inicialização boot, mas não consegue colocá-lo em quarentena. O arquivo infectado é C:\$Recycle.Bin\S-1-5-21-2557965090-2794394387-507434409-1007\$RX4XUYZ.msi|>disk1.cab|>Isass.exe. Não consigo encontrar esse arquivo no windows explorer.
Aguardo ajuda.

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24914
  • Frohe Ostern
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: Vírus win32:pup-gen
« Reply #4 on: April 29, 2012, 08:59:42 PM »
O Avast detecta esse win32:pup-gen quando faço escaneamento completo ou escaneamento de inicialização boot, mas não consegue colocá-lo em quarentena. O arquivo infectado é C:\$Recycle.Bin\S-1-5-21-2557965090-2794394387-507434409-1007\$RX4XUYZ.msi|>disk1.cab|>Isass.exe. Não consigo encontrar esse arquivo no windows explorer.
Aguardo ajuda.

Please post English here..!! ;)
Thanks.
XP SP3 - avast! 9.0.2018 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3245
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Offline)
Re: Vírus win32:pup-gen
« Reply #5 on: April 29, 2012, 09:10:47 PM »
@Alcir
Yes english.  :D
For support on your language, try this subforum:
http://forum.avast.com/index.php?board=21.0

Code: [Select]
Isass.exeThis is an old worm using USB device to infect your PC.

Step#1
Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

    * When done, DDS will open two (2) logs:
         1. DDS.txt
         2. Attach.txt

Save both reports to your desktop. Attach DDS.txt back to topic.

Step#2


Download USBNoRisk to your Desktop and run it by double clicking the program icon.

  - Wait a few seconds while the program performs a initial scan.

  - Inserts your USB storage devices into USB slot one by one and keep in each one in slot for 10 seconds. We need to whati for USBNoRisk to check them:

   >If you have multiple devices for scanning , then the piece of paper keeps track of the sequence are inserted, because we will need this information later.

  - When you're done with all devices, click the right mouse button in the middle window and select Save scrambled log . This log will automatically open in Notepad.

 Please attach the log from Notepad to the forum.

In the USB memory devices includes all devices that by connecting the computer to obtain your label partitions.
These include USB [and] flash [/ i] drives, external hard drives, memory cards, MP3 and MP4 players, some mobile phones, a GPS (navigation) devices and so on.



Offline mchain

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2176
  • Gender: Male
  • Spartan Warriors
    • Personal Message (Offline)
Re: Vírus win32:pup-gen
« Reply #6 on: April 30, 2012, 12:18:48 AM »
Quote from Alcir on April 28, 2012 @ 8:57:03 PM  Google translation Portuguese to English.
Quote
Avast detects this win32: pup-gen when I scan or full scan boot boot, but can not put it in quarantine. The infected file is C: \ $ Recycle.Bin \ S-1-5-21-2557965090-2794394387-507434409-1007 \ $ RX4XUYZ.msi |> disk1.cab |> Isass.exe. I can not find this file in windows explorer.
I wait for help.
Hope this helps others to follow along.  Note that Pondus was right, seems detection is either on normal scan or Avast! boot scan.
XP Pro SP3 P4 3.2 HT 2GB RAM AIS v 2014.9.0.2011 Secunia PSI version 2.0.0.3003 TREND Micro RUBotted Beta Javacool SpywareBlaster version 5.0 Sandboxie v. 4.09 32-bit WOT (Web Of Trust) Browser reputation-based add-on http://www.mywot.com/   New: avast! listing of vendor uninstall tools:  http://www.avast.com/faq.php?article=AVKB11#artTitle
W7 Home Premium 64-bit SP1, 2.8 Pentium D, 3 GB RAM AIS v 2014.9.0.2016 (running same programs as above) Sandboxie 4.09 64-bit

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now