Avast WEBforum

Other => Viruses and worms => Topic started by: Jeff B on January 14, 2012, 03:46:24 AM

Title: trojan win32 generic is back
Post by: Jeff B on January 14, 2012, 03:46:24 AM

Essexboy it is back. This time avast saw it. Attaching the logs. The e-mail I first got it from has been deleted days ago. I am going to scan all my USB memory sticks next. I disabled and reenabled System restore and set a new restore point after the full system scan and the boottime scan. I told the full system scan to put it in the chest. Is that correct? I just upgraded my wifes computer to Win7 and am thinkin of doing it to my computer but short of money right now. Do the scans tell how it is getting in? Is it hiding in the appollo folder I can not delete? I have even tried using a program called unlocker but it says it will delete it on next boot but doesn't. The mouse still takes off on its own and the CD roms still eject themselves, so I am not confedent that it is gone.   Jeff B.

Title: Re: trojan win32 generic is back
Post by: DavidR on January 14, 2012, 02:39:32 PM

Re the boot-time scan:
You are saying it is back (but I can't see any instances of Win32:Trojan-gen on the logs), but this on is in restore point, which was possibly placed there when dealing with the original infection and from the actions you have deleted it (which is fine when dealing with a suspect/infected restore point)

Quote

C:\System Volume Information\_restore{DC918390-1AB6-42D3-95D0-6A159150E971}\RP710\A0089552.exe|>[PECompact] is infected by Win32:Rootkit-gen [Rtk], Deleted

Re: the Full System scan:

Quote

C:\WINDOWS\PEV.exe|>[PECompact] [L] Win32:Rootkit-gen [Rtk] (0)

There is another topic started by 'oldman' (another malware removal specialist) about PEV.exe and the suspicion is that this is a false positive, try a forum search for pev.exe.

This however is Win32:Rootkit-gen [Rtk] and not Win32:Trojan-gen that your topic Subject implies (and not in either log), so are there any other instances of avast detections of Win32:Trojan-gen ?

Title: Re: trojan win32 generic is back
Post by: essexboy on January 14, 2012, 10:17:24 PM

Pev is one of those good or bad files

I would have thought that it would have been removed from the defs by now

Clear the restore points and the other should go - Probably a backup of Pev

Title: Re: trojan win32 generic is back
Post by: oldman on January 15, 2012, 10:35:25 AM

The avast log in this topic shows VPS: 120112-1

I downloaded a copy of the tool with vps-1201130-1 late Friday afternoon. No detection during download or scanning the file afterwards. Haven't seen any reports of avast still flagging it.