Author Topic: What exactly is Win32:Trojan-gen. {xxx} ?  (Read 7667 times)

0 Members and 1 Guest are viewing this topic.

TAP

  • Guest
What exactly is Win32:Trojan-gen. {xxx} ?
« on: January 27, 2005, 03:31:09 AM »
Sorry if this has asked before. I've noticed that avast! always specifies malware name (especially to trojan-like) as the following.

VBS:Malware [Gen]
VBS:Generic-Direct
VBS:Malware [Encrypted]
VBS:Malware [Script]
Win32:Trojan-gen. {UPX!}
Win32:Trojan-gen. {VC}
Win32:Trojan-gen. {Delphi}
Win32:Trojan-gen. {Other}

I know from somewhere that all these called " generic name ".

- Are these generic names automatically generate by some special kind of malware detection method or something similar to traditional heuristics (as far as I know avast! has no heuristics in its on-demand scanner) for an unknown/generic malware?

- Or, some insignificant malware detected by avast!'s traditional signature-based method but ALWIL's virus analyst simply gives generic names to those malware instead of specific name?

Please give me some explanations about that or drop some URLs for its meaning.

Thanks

TAP

  • Guest
Re: What exactly is Win32:Trojan-gen. {xxx} ?
« Reply #1 on: January 27, 2005, 10:02:21 AM »
I think I found an answers my self by do a search and try to read that huge search results, there no needs to answer me.

Thanks  ;)

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87667
  • No support PMs thanks
Re: What exactly is Win32:Trojan-gen. {xxx} ?
« Reply #2 on: January 27, 2005, 03:06:38 PM »
If you think you have found the answer, why not post the answer, it can be confirmed and it may help others.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.4.6062 (build 23.4.8118.762) UI 1.0.762/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9411
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: What exactly is Win32:Trojan-gen. {xxx} ?
« Reply #3 on: January 27, 2005, 03:13:54 PM »
I'm still wondering if ALL of these signatures are really pure generic or are also malware files that are not worth having it's own name?
Visit my webpage Angry Sheep Blog

TAP

  • Guest
Re: What exactly is Win32:Trojan-gen. {xxx} ?
« Reply #4 on: January 29, 2005, 12:43:25 AM »
Personally, I hardly believe that some of them must be generic names that automatically generate by generic detection, no more no less.

For example, on machine infected by VBS/Redlof (polymorphic/encrypted Visual Basic Script virus) avast! detect most of them as VBS:Redlof but some of them detected as VBS:Malware [Script]  ;D. It just like Macro virus created by some virus generator and most of them would detected as Macro virus.gen (detected by some kind of generic/family detection). But I haven't seen something like Win32:Worm-gen. {UPX!}, it would be great if avast! can detect some or most of ITW worms by its generic detection like Trojan-like

But that's just my guess, I may be completely wrong.
« Last Edit: January 29, 2005, 04:07:08 AM by TAP »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9411
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: What exactly is Win32:Trojan-gen. {xxx} ?
« Reply #5 on: January 29, 2005, 10:35:40 AM »
I have seen Win32:SpyBot-GEN signature few times on Jotti but i don't know what exactly does that GEN mean in the end. Maybe the generic signature is only for non packed SpyBot versions (supporting so many packers can be problematic,but unpacked is always the same).
Visit my webpage Angry Sheep Blog