Avast WEBforum

Other => General Topics => Topic started by: mario on October 22, 2004, 07:49:51 PM

Title: win32:trojan-gen (VC)
Post by: mario on October 22, 2004, 07:49:51 PM

Hello,
    my avast antivirus finds "win32:trojan-gen (VC)" on my  pc.
 My operating system is windows xp. I have not yet problems with pc, but avast finds the virus.
Please, help me. :'(
  Thanks,
  Mario

Title: Re:win32:trojan-gen (VC)
Post by: Eddy on October 22, 2004, 08:33:17 PM

Is this with the latest vps installed? (443-3)
If so what file is infected and what is its location?

Title: Re:win32:trojan-gen (VC)
Post by: mario on October 25, 2004, 04:19:54 PM

The name of infected file is:

C:\WINDOWS\Temp\Adrave\cd-install-329.exe\cd-client.dll

The VPS installed version is 0433-3.

Thanks,
   Mario

Title: Re:win32:trojan-gen (VC)
Post by: mario on October 25, 2004, 05:07:54 PM

Also infected files are:

kernell32.dll in C:\WINDOWS\System32

winsock.dll in C:\wINDOWS\System32

wsock32.dll in C:\WINDOWS\System32

Bye,
       Mario.

Title: Re:win32:trojan-gen (VC)
Post by: Lisandro on October 25, 2004, 07:07:06 PM

Quote from: mario on October 25, 2004, 05:07:54 PM

Also infected files are:
kernell32.dll in C:\WINDOWS\System32
winsock.dll in C:\wINDOWS\System32
wsock32.dll in C:\WINDOWS\System32

Mario, these files specifically could be restored from Chest...
Can you try?
If you have Windows XP/2k, why don't you schedule a boot time scanning?

Title: Re:win32:trojan-gen (VC)
Post by: Eddy on October 25, 2004, 07:15:18 PM

Looks like there is a winsock hijacker on that system.

Title: Re:win32:trojan-gen (VC)
Post by: Lisandro on October 25, 2004, 07:29:28 PM

Microsoft release specifically patches (hotfixes) for correcting corrupted winsock files. Just search Microsoft webpage for your specific OS and the word 'winsock'  ;)

Title: Re:win32:trojan-gen (VC)
Post by: mario__ on November 12, 2004, 10:03:26 AM

Quote from: Technical on October 25, 2004, 07:29:28 PM

Microsoft release specifically patches (hotfixes) for correcting corrupted winsock files. Just search Microsoft webpage for your specific OS and the word 'winsock'  ;)

Hello,
this is the first time in this forum  for me....
I have a serious problem: my computer use an internal 56k modemto navigate in internet but yesterday it doesn't connect. I scan my compute whit avast anivirus and it says that there is a Win32:Troyan-gen.{VC}. How can i resolv my problem and connect to internet???  
p.s. my operative system is Windows Millenium ME

Thanks

Title: Re:win32:trojan-gen (VC)
Post by: whocares on November 12, 2004, 10:49:02 AM

Quote from: mario__ on November 12, 2004, 10:03:26 AM

there is a Win32:Troyan-gen.{VC}.

Hi mario__,

please work through the link "VirusRemoval" below and then:
- tell us Where exactly the worm was found (full path/folder/filename)
- please post a hijackthis-Log here
- report the results of Onlinescanners KAV, RAV & Trend on it (avast shield needs to be paused while scanning online)

*

@1. mario:

the .DLL-files C:\WINDOWS\System32:
An educated guess:
avast didn't alert you to them, but you found them in the CHEST ?
-> There are several sections in the Chest; those 3 are probably in the SYSTEM-files section and are clean backup copies

The infected DLL file C:\WINDOWS\Temp\Adrave\cd-install-329.exe\cd-client.dll:
just delete it manually or with avast in SafeMode (F8-Boot)



 ;)