Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: billshintos on September 06, 2004, 08:23:30 PM

Title: Win32: Trojan-gen
Post by: billshintos on September 06, 2004, 08:23:30 PM
Sorry I am sure you hear this alot but I just installed Avast and ran the virus check and it found virus Win32: Trojan-gen.  What is it and what should I do?  I can't repair it... should i delete it or what?  I don't know how to use this program...

Help me,
billshintos
Title: Re:Win32: Trojan-gen
Post by: Delta on September 06, 2004, 09:13:23 PM
Hi, first of all, can you answer these questions please?

Which OS are you using? and what is the path and file name Avast reports?

If you answer these I'm sure one of the experts will be along to help you.
Title: Re:Win32: Trojan-gen
Post by: cappysocks on September 06, 2004, 10:57:09 PM
I've got the same problem.  The virus name is Win32:Trojan-gen. {UPX!}  The file name is c:\windows\olehelp.exe and the VPS version is 0436-4, 09/03/2004  My OS is Windows XP Home Edition.  Please help, I don't know what to do! ???
Title: Re:Win32: Trojan-gen
Post by: bob3160 on September 06, 2004, 11:44:37 PM
Cappysocks
Welcome to the forum.
Please get, and run Eddy's Program. See Shortcuts for ALL to USE in my signature for the link.
Come back here and let us know what you've found.
Title: Re:Win32: Trojan-gen
Post by: cappysocks on September 07, 2004, 07:49:16 AM
Thank you Bob.  Ok, so I downloaded, and ran the analyzer, and it turned out a really long list of bad, and a really long list of good.  I don't know what to do from here.  Am I supposed to delete all of the items in the bad database?  How do I do that?  I'm sorry, I'm just really bad with computers.  Thanks for all of your help. :)
Title: Re:Win32: Trojan-gen
Post by: Eddy on September 07, 2004, 12:00:06 PM
In the file result.log under the header "THESE ITEMS SHOULD BE REMOVED:" you will find all things that are definatly not belong on your system. Check them in HijackThis and choose fix.

All items in the databases of the analyzer are double checked. If there is something wrong in one of them, I am sure someone would have reported it to me.
Title: Re:Win32: Trojan-gen
Post by: cappysocks on September 08, 2004, 08:15:30 AM
In the "THESE ITEMS SHOULD BE REMOVED" list, it first list a couple of files, and then it shows running processes.  I've checked and fixed those above the "running processes" list, but more keep showing up.  And I keep getting an alert that I have the virus.  So when I looked at the result log again, it shows everything that came up after the HijackThis scan.  So I checked everything, and when I clicked fix, I got a warning.  When I fix, is it just going to delete those files?  How do I know that I'm not going to lose something important?  Thank you all for your help!
Title: Re:Win32: Trojan-gen
Post by: Eddy on September 08, 2004, 10:59:25 AM
Go HERE (http://members.home.nl/edeijl/acred/cleaning.htm) and follow all 8 steps as explained there.
Title: Re:Win32: Trojan-gen
Post by: cappysocks on September 10, 2004, 06:37:46 AM
Ok, just a few more questioins:

Do I need to download Ad-Aware and Spybot s&d?

Should I install the XP security pack 2?

If, or when do I turn system restore back on?

Do I run HijackThis anytime a virus is found, or just when it can't be repaired?

Once again, I appreciate all of your help!  It's great to know that there are decent guys like yourselves who can help people who are not good with computers, like myself.

THANKS!!! ;D
Title: Re:Win32: Trojan-gen
Post by: Eddy on September 10, 2004, 02:34:42 PM
Get and use at least all the applications ment in the first table on that page. Do not turn system restore back on after you have finished cleaning your system unless there is really a reason for you to have it on.
Title: Re:Win32: Trojan-gen
Post by: bob3160 on September 10, 2004, 03:50:55 PM
cappysocks
I personally use System Restore. What you must realize, if you make a restore point and your system has a virus, you will get a warning whenever you do a full scan and you can't fix, move or delete the virus because it's in a system protected folder. If this happens, you would then again have to disable System Restore in order to clear the files in that Folder.
Once your system is completely clean of all viruses and malware, you have to decide if you want to restart System Restore or not. This is a personal choice. I feel safer with it enabled but some users would rather not use it because it does use large amounts of HardDrive space.
Hope this helps.
Title: Re:Win32: Trojan-gen
Post by: cappysocks on September 11, 2004, 07:43:09 AM
Cool!  Thanks, Guys!!! 8)
Title: Re:Win32: Trojan-gen
Post by: Dralex on September 11, 2004, 10:26:14 AM
Hello everybody!

I am new to this forum as I used different AV software until recently. Now I got a warning about Trojan-gen but I know for sure that Avast is crying wolf in this case. The program in question is the Scenario Creating System which is part of third-party add-ons for the TRS2004 train simulator. I added the program file to the exclusion list (I think that's what this list is good for), but on a virus scan this program is still recognized as having the Trojan. Of course I just click on the Proceed button. But I believe that a program file that is on the exclusion list should not be checked in a virus scan. Or should I put the full path to the program file itself on the list and not just the path to its program file?

Thank you for your help,

Dralex
Title: Re:Win32: Trojan-gen
Post by: DavidR on September 11, 2004, 03:31:44 PM
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner www.virusscan.jotti.dhs.org (http://www.virusscan.jotti.dhs.org) if any other scanners here detect them it is less likely to be a false positive.

HTH David
Title: Re:Win32: Trojan-gen
Post by: cappysocks on September 12, 2004, 08:26:42 PM
Ok, one more thing:


The Spybot- Search & Destroy keeps finding this error, DSO Exploit, and everytime I fix it, but it always comes back.  Is there anything I can do?

Thanks!
Title: Re:Win32: Trojan-gen
Post by: Jeccu on September 12, 2004, 11:30:36 PM
Ok, one more thing:
The Spybot- Search & Destroy keeps finding this error, DSO Exploit, and everytime I fix it, but it always comes back.  Is there anything I can do?
Thanks!

http://forum.avast.com/index.php?board=1;action=display;threadid=7240

Title: Re: Win32: Trojan-gen
Post by: seabass76 on April 14, 2009, 02:25:02 PM
mmmmmmm, I just as I thought Avast was bomb proof I get this trogen !, ownly to find the ownly recommendations on the forum is another program ! has Avast no answers to this ?
Title: Re: Win32: Trojan-gen
Post by: DavidR on April 14, 2009, 04:12:54 PM
Well since you give zero information on your detection we can't say if your problem is one and the same, because this signature can detect multiple trojans and variants. Not to mention you are opening a topic that is almost 5 years old and much would have changed since this trojan-gen detection.

The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe - Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
Title: Re: Win32: Trojan-gen
Post by: seabass76 on April 14, 2009, 05:08:34 PM
hi ,David R , sorry just seeing if theres life out there in Avastland , would this be of any help
 
      c:\system volume imformation \_restore{40acd310-cabc-45a4-97c   
Title: Re: Win32: Trojan-gen
Post by: Lisandro on April 14, 2009, 05:27:20 PM
hi ,David R , sorry just seeing if theres life out there in Avastland , would this be of any help
 
      c:\system volume imformation \_restore{40acd310-cabc-45a4-97c  
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).

Steps 2 and 6 should get rid of these files.
Title: Re: Win32: Trojan-gen
Post by: DavidR on April 14, 2009, 05:41:44 PM
hi ,David R , sorry just seeing if theres life out there in Avastland , would this be of any help
 
      c:\system volume imformation \_restore{40acd310-cabc-45a4-97c  

I would say that this may be an old restore point now detected or something previously found as infected and dealt with being saved into system volume information folder by system restore and now detected by avast.

Remember the reason why thins are in the volume information folder is because they were deleted or moved from the system folders, etc. and a copy of it saved by system restore. If there is any element of doubt in a restore point it should be out of the volume information folder, so at some point in the future if you use system restore you could infect your system.

Personally if you have no other symptoms and have sent to file to the chest there is little to worry about. However we tend to suggest other tools to confirm that all is clean, personally I wouldn't go overboard and just use two tools MBAM and SuperAntiSpyware.

I wouldn't disable system restore unless I had a problem in removing an infected restore point as that removes ALL restore points, not just the infected one.
Title: Re: Win32: Trojan-gen
Post by: Lisandro on April 14, 2009, 05:47:05 PM
If people consider Windows System Restore non reliable, what will we say in case of infection... clean restore points won't be the solution in a lot of cases...
Title: Re: Win32: Trojan-gen
Post by: seabass76 on April 15, 2009, 12:38:52 PM
Hi again , well I did a MBAM and superantispyware scans they did dredge up a lot of stuff for sure but it did'ent do it for the 'win32 trojan gen'.
              Also did a AVASTROOTKIT scan ,came up clean ,so turned off system restore ,rescaned with AVAST 4.8 ,came up clean ! SO it would appear job done ?   
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
Title: Re: Win32: Trojan-gen
Post by: bob3160 on April 15, 2009, 07:25:39 PM
Now that your clean, create a fresh restore point.  :)
Title: Re: Win32: Trojan-gen
Post by: seabass76 on April 15, 2009, 09:39:28 PM
Hi , Yes I will bob..... I will ! ,I am so clean thanks to all you Guys , MANY THANKS !!!!  YOUR MY GEEKIE HERO'S  :)