Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Tire on August 26, 2003, 03:40:28 PM

Title: W32.Kuang2+ W32.Trojan-gen{UPX!}
Post by: Tire on August 26, 2003, 03:40:28 PM
Avast detected at me 2 viruses W32.Kuang2.
What is this the virus?
Title: Re:W32.Kuang2
Post by: raman on August 26, 2003, 03:53:09 PM
Let me guess. Avast reports the imscan.dll as infected? If so, it is a false alarm. You may use the boardsearch and search for kuang or Panda.
Title: Re:W32.Kuang2
Post by: Tire on August 27, 2003, 03:05:29 PM
................and Win32.Trojan-gen{UPX!}
Title: Re:W32.Kuang2
Post by: raman on August 27, 2003, 03:09:02 PM
Can you give us a filename and the folder where is it located?
Title: Re:W32.Kuang2
Post by: Tire on August 27, 2003, 03:21:48 PM
C:\Program Files\......\SystemVolume Inf........
D:\..........\SystemVolume
Title: Re:W32.Kuang2
Post by: Tire on August 27, 2003, 03:24:12 PM
Every day Avast removes him and is every day!
Title: Re:W32.Kuang2
Post by: raman on August 27, 2003, 03:35:51 PM
The whole path and filename would be fine!;)
And what windows do you use.

BTW: You could check the file using this link: http://www.kaspersky.com/remoteviruschk.html (http://www.kaspersky.com/remoteviruschk.html)
Title: Re:W32.Kuang2
Post by: Tire on August 27, 2003, 04:03:26 PM
C;\Documents and Settings\M.... M.............\Ustawienia lokalne\Temporary Internet Files\Content.IE5\WDEFOXQR\favs[1].eml=MIME part]=>MIME part]=>message body] is suspect with Exploit.Iframe.Vulnerability



What is this?

System Windows XP Home Edition SP 1
Title: Re:W32.Kuang2
Post by: raman on August 27, 2003, 04:17:03 PM
This means that one of your Emails or an Email you recieved maybe  contains code that  "forces" unpatched Outlook Versions to automatical execute attachements.

BTW: It is safe to delete all files and folders that are located in the"Content.IE5" folder, if Outlook and the Internetexplorer are closed.

BTW: can you find the filenames  (given by Avast) in the registry?
Title: Re:W32.Kuang2
Post by: Tire on August 27, 2003, 04:52:46 PM
1/Trojans Win32.Trojan-gen{UPX!} it is already in the quarantine Avast!v.4 HE.
2/C:\Documents and Settings\M.....M....\....I cannot find the file name.
Avast alarms are all the time.
 ???
Title: Re:W32.Kuang2
Post by: raman on August 27, 2003, 04:56:39 PM
Okay, maybe we need a second opinion here.  Use the Link to Bitdefender and/or Trend micro shown on this link: http://www.rokop-security.de/main/onlinescan.php
I just saw that the Bitdefenderlink is in german language. Try this: http://bitdefender.com/scan/licence.php

Title: Re:W32.Kuang2
Post by: Tire on August 27, 2003, 05:47:57 PM
OK.Thanks
BitDefender Scanner shows the error in the Polish option.
 :)
Title: Re:W32.Kuang2
Post by: raman on August 27, 2003, 05:50:08 PM
Please inform us what the other Av-Programm say or maybe find! Thanks
Title: Re:W32.Kuang2
Post by: Tire on August 27, 2003, 06:20:26 PM
Avast individually does not know to delete trojan Win32.Trojan-gen{UPX!}.
Does this by BitDefender Antivirus Free and places in the quarantine - Avast
Why?

PS:Norton Antivirus 2003 does not see this trojan >:(
Title: Re:W32.Kuang2
Post by: whocares on August 27, 2003, 06:26:13 PM
Hi,
please give us more details...
that means FULL pathnames, filenames and virusnames, found by the different scanners.
and explain your question a bit..
I'm not sure what you mean..
 ;)
Title: Re:W32.Kuang2
Post by: Tire on August 27, 2003, 06:35:32 PM
Hi,
Scanning resident BitDefender AV Free 7 causes the reaktion Avast.
Avast individually does not remove trojan Win32.........
Title: Re:W32.Kuang2
Post by: raman on August 27, 2003, 07:52:46 PM
Sorry to say that, because my english is far away from being perfect, but it is not very easy for me to understand exactly what you  mean. Has Bitdefender found a virus and if so what virus was found? That is important to give you advice what to do, or what the Virus had done.

Does avast still find a Virus or  does it report your system as clear?
Title: Re:W32.Kuang2
Post by: whocares on August 27, 2003, 08:17:47 PM
Hi,
Scanning resident BitDefender AV Free 7

Bitdefender Free does not have a "resident scanner", afaik
only Avast does
???
Title: Re:W32.Kuang2
Post by: Tire on August 27, 2003, 10:13:39 PM
Avast generates errors. >:(
The result of scanning other resident antivirus:
NOD32 II
McAfee VS 7 Pro
PC-Cillin 2003
AntiVir PE 6

"N0 viral code", "No trojan found"

 :)
Title: Re:W32.Kuang2+ W32.Trojan-gen{UPX!}
Post by: Pavel on August 28, 2003, 12:14:02 AM
OK, the best thing to do is to send the suspected file either to support@asw.cz or directly to me: baudis@asw.cz

We will let you know about the result!

Pavel
Title: Re:W32.Kuang2+ W32.Trojan-gen{UPX!}
Post by: Captn on August 28, 2003, 01:56:08 AM
This is what i get on my PC

Virus Name: Win32:Trojan-gen. {UPX!}
File name: C:\Program Files\WinRAR\Zip.SFX
VPS version: 0308-2, 08/26/2003

I got this after installing the NEWEST version of Winrar v3.20, I also just finished installing Windows XP Home. So I believe this is a false positive scan.    ???   Can someone let me know, Thank You in advance
Title: Re:W32.Kuang2+ W32.Trojan-gen{UPX!}
Post by: igor on August 28, 2003, 09:38:59 AM
Yes, you are right, it is a false positive.
Hopefully, it will be fixed soon.
Title: Re:W32.Kuang2+ W32.Trojan-gen{UPX!}
Post by: Captn on August 28, 2003, 09:41:03 AM
I have faith in Avast   ;) ;D
Title: Re:W32.Kuang2+ W32.Trojan-gen{UPX!}
Post by: Tire on August 28, 2003, 03:27:13 PM
 ;) I deinstalled WinRar.
OK
Title: Re:W32.Kuang2+ W32.Trojan-gen{UPX!}
Post by: Captn on August 30, 2003, 08:57:24 AM
TY for fixing the false positive scan, Avast Rules!    ;D
Title: Re:W32.Kuang2+ W32.Trojan-gen{UPX!}
Post by: Tire on August 31, 2003, 06:58:03 PM
OK ;D ;D ;D