Win32:Trojan-gen {UPX}

[rogertheme]

Hi there, i have seen forums here discussing about a similar "virus" file - Win32:Trojan-gen {UPX}.

However, for my case, this "infected" file is found in my thumbdrive

Here are some further details revealed by my Avast! Virus Chest.....

Original File Name: Recycler.exe

Can you kindly assist me in this? Thanks alot!

[rogertheme]

Hi there, so sorry, it appears that my C drive is "infected" with the same "virus" as well.

Further details....

Original file name: confi.exe
Original folder: C:\WINDOWS\system32

really appreciated if any1 can help mi on this....     :'(

[DavidR]

The Win32:Trojan-gen is trying to detect multiple trojans with this signature, ones using the UPX packing method so it may be that there are multiple topics they could well be different.

See this about the recycler.exe  http://www.bleepingcomputer.com/startups/recycler.exe-8236.html.

The confi.exe also has numerous google hits and would appear to be a good detection.

When avast detects an infection you get an alert and you have a number of choices, what action did you choose (move to chest, delete, etc. what) ?

[rogertheme]

I chose to move it to the chest as advised.

However, it is the continuous siren alert Avast has that i cant stand, it is quite inconvenient as i need my laptop for presentation purposes but at the same time, i do not wish to remove the Avast program either.

[DavidR]

It would have been nice if you mentioned the sound as what you were more concerned and a suggestion could have been given.

The free (for Home and non-commercial use) version of avast has an interactive requirement, the Pro version has more flexibility and you can set it up to take actions automatically when an infection is detected.

What version of avast do you have ?

You can disable avast sounds, but that disables all avast sounds, Program Settings, Sounds.

There are other options which are dependant on the version of avast you use.

[Lisandro]

However, it is the continuous siren alert Avast has that i cant stand, it is quite inconvenient as i need my laptop for presentation purposes but at the same time, i do not wish to remove the Avast program either.

I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[rogertheme]

thanks guys for all yr recommendations.

but i m just curious (i m not good at such stuff, so sorry), would this trojan virus affect my friends when i send them email?

this is 1 of my greatest concern too.

[DavidR]

1. Remember avast scans outbound email so if your email were infected avast should alert and block the sending of it.

2. Assuming you sent an email that had an infected attachment or link to a malicious web site, the recipient would need to open/run the attachment or click on the link in the email.

So If you and your friend and contacts exercise safe hex, don't click on links or open attachments in unsolicited emails. Always check never assume because it comes from the email address of a friend that it comes from them, it is so easy to fake who it comes from. Never open an attachment from the email, save it to your hard disk and scan it with avast, you could also scan it at VirusTotal - Multi engine on-line virus scanner if that proves clean you have reasonable confidence that it is OK.

[Lisandro]

As David said, there is such possibility. Not only by email, but also IM (attached file) or P2P.