Author Topic: Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}  (Read 9015 times)

0 Members and 1 Guest are viewing this topic.

Jools66

  • Guest
Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« on: September 05, 2003, 05:03:03 PM »
Hi there

I would like to know how remove the above virus, Avast has now encoutered it on two systems, XP Pro and Windows ME, in the ME machine it had infected a file called "csrss.exe" Avast has also found it to have infected "explorer.exe" then seemed to switch back to infecting "csrss.exe" and seems to be stopping "ctrl-alt-del", any fuction using the "windows key" and also effecting the shut down.
It came via a file named "tennis" which was sent via MSM.
the "csrss.exe" file is located in the c: windows directory and had these properties
Company Name - EM
File Version - 1.0.0.0
Value - 1.00
Internal - csrss
Product name - EXPLORER

Win32:trojan-gen{vb} ME system
Win32:trojan-gen{UPX!} Xp system

Thanks
 :-\

Jools

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #1 on: September 05, 2003, 05:51:28 PM »
It seems to be a kind of sd-bot. Start your PC in safe mode and let Avast scan your system. Put the files reported as "trojan-gen"  in the viruschest or just rename them. Then search the registry for the filenames of the "Trojans" and delete the references to these files.

MfG Ralf

Jools66

  • Guest
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #2 on: September 06, 2003, 02:47:02 AM »
Thank you  :) I will try that.

Just one more thing is there any reason way Avast will not let me do a "boot-time scan" The version is registered, but the option is "grayed out" IE not available? ???

Thanks

Jools


Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #3 on: September 06, 2003, 03:03:32 AM »
Boot-time scan is available only on Windows NT/2k/XP/2k3 platforms (not Win95/98 or ME).

Jools66

  • Guest
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #4 on: September 06, 2003, 09:57:20 AM »
Thank You, that answered that one  :)


Nitro

  • Guest
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #5 on: September 07, 2003, 01:08:54 AM »
Hi out there,
I too have a similar problem: Win32:Trojan-gen{UPX!}, and it is located in my C:\Windows\winlogon.exe and another in C:\System Information\_restore{EC17F582-FB-4C2F-ACCA-9D86A44095E4}\RP587. I have moved them to the Virus Chest. Should I delete them and will my system still boot up if I shut it down? It will not repair. My system has slowed down to crawl. Please help!

Thanks in advance,
Nitro

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #6 on: September 07, 2003, 10:16:09 AM »
You  will be able to delete, or better first rename the file in safe mode. You maybe need to delete some entries in the registry too.  It could be a deborm variant, but to find out use this link:  http://www.kaspersky.com/remoteviruschk.html
MfG Ralf

Nitro

  • Guest
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #7 on: September 07, 2003, 10:56:14 AM »
Raman,
I am thankful for the response. Any thoughts on the registry files that I may have to delete?

The second post was to identify a new problem (Avast 4 crash), by touching on the first problem, which I was trying to fix and thus led to the crash. Any thoughts on this?

Thanks in advance

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #8 on: September 07, 2003, 11:00:18 AM »
That may be cause, because of the virus, Anyway avast should work in safe mode too!? But first please "visit" the link i gave and follow the instruction. To give you a more valuable answer we need the "real" name of the Malware.

Sorry i did not read your post  correctly enough.  Uninstall all AV-Programms you do not need or try to deactivate all entries belong to antitrojanshield(?) and NAI/Mcafee, by using MSCONFIG.EXE .  Try it should not be "dangerous". But first of all get rid of the Virus. Does Avast or mcafee still find the Virus in safe mode?
« Last Edit: September 07, 2003, 11:05:57 AM by raman »
MfG Ralf

Nitro

  • Guest
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #9 on: September 09, 2003, 04:22:02 AM »
Raman,
I've gotten rid of the virus or aleast it does not show up anymore with the reloaded Avast. All other AV programs are deactivated.

Now, my system is using so much time trying to load Internet Explorer 6.0 (1-2 mins) and crashing evertime I it does load or just hangs up. I get "IE has encountered an error and must shut down", an error reporter but no solution from Mircosoft.

All other office programs are also slow to load, and startup is taking for ever to load my desktop. My system is barely reacting to commands. Do have other damage that cannot be detected by my AV?

Thank you in advance.
Nitro


Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32:trojan-gen{vb} & Win32:trojan-gen{UPX!}
« Reply #10 on: September 09, 2003, 09:53:20 AM »
Not easy to say, could be a some problems between your Mcafee antitrojan Avast combination. Did you uninstall the AV-Programm which you do not want to use anymore?
You should only one AV-Programm for all. If you want a second or third one you have to choose costume installation and install only the Scanner and the updater of these Products..

BTW:  Did you use the link i gave to identify the malware/Trojans you had?
MfG Ralf