Author Topic: Suspicious file  (Read 5309 times)

0 Members and 1 Guest are viewing this topic.

Offline o2xygen

  • Jr. Member
  • **
  • Posts: 70
  • I'm not a llama!
Suspicious file
« on: August 22, 2005, 03:53:34 PM »
Today avast poped up a message that a file named gendel32.exe  (DOS) is infected Win32:Trojan-gen. {Delphi}

This file has been sitting in my C:// for ages. I thought it was an XP core file so I didn't mess with it. Do you have such a file in your C: (right at the beginning)..?


Jotti viruscan
AntiVir     
Found SPR/Hcktool.Gende.A
ArcaVir    
Found Virtool.Gendel.A
Avast                Found Win32:Trojan-gen. {Delphi}
AVG Antivirus    Found nothing
BitDefender    Found nothing
ClamAV              Found VirTool.Gendel.A
Dr.Web              Found not a virus Tool.Gendel
F-Prot Antivirus    Found nothing
Fortinet        Found HackerTool/Generic.8315
Kaspersky Anti-Virus    Found nothing
NOD32               Found nothing
Norman Virus Control    Found nothing
UNA                Found nothing
VBA32              Found nothing
 

Offline XMAS

  • Avast translator
  • Super Poster
  • ***
  • Posts: 1211
  • Santa is watching you ;)
    • avast! in Bulgarian
Re: Suspicious file
« Reply #1 on: August 22, 2005, 03:55:49 PM »
I don't have such file  ;)
You've Got To Get Close To The Flame To See What It's Made Of...

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84912
  • No support PMs thanks
Re: Suspicious file
« Reply #2 on: August 22, 2005, 04:05:20 PM »
There are very few system files that sit in the C:\ folder and that isn't one of them.

Your friend google knows, a search for 'Gendel32.exe' without the quotes basically confirms the results on Jotti, its bad so move it to the chest.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Ricky

  • Poster
  • *
  • Posts: 428
Re: Suspicious file
« Reply #3 on: August 24, 2005, 12:08:42 PM »
i dont have it neither

Offline jib

  • Newbie
  • *
  • Posts: 3
Re: Suspicious file
« Reply #4 on: August 27, 2005, 08:17:30 PM »
I also had this file for a long time and recently Avast popped up with the same message as the initial poster has. I moved it to the chest.

But "my friend Google" doesnt seem to know what this is, exactly. Couldn't find any trustworthy information on this.

Would be very interesting to know how it got into my system.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Suspicious file
« Reply #5 on: August 27, 2005, 08:23:28 PM »
I also had this file for a long time and recently Avast popped up with the same message as the initial poster has. I moved it to the chest.
Would be very interesting to know how it got into my system.
Restore it to a floppy or USB drive and test it against Jotti or Virus Total.
Let us know the results, i.e., if it is or not a false positive.
The best things in life are free.

Offline jib

  • Newbie
  • *
  • Posts: 3
Re: Suspicious file
« Reply #6 on: August 27, 2005, 09:21:13 PM »
Seems I'm getting the same results as the inital poster. I kind of remember I searched for info on this file earlier but now I can't for the life of me find any conclusive information. I'm on the verge of trying to do my own analysis of it using vmware and sysinternals tools but I was hoping someone here would know what it is ..

 File:      gendel32.exe
Status:    
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5    35bc2808ed08326dac79dc41cdf3d61c
Packers detected:    
-
Scanner results
AntiVir    
Found SPR/Hcktool.Gende.A
ArcaVir    
Found Virtool.Gendel.A
Avast    
Found Win32:Trojan-gen. {Delphi}
AVG Antivirus    
Found nothing
BitDefender    
Found nothing
ClamAV    
Found VirTool.Gendel.A
Dr.Web    
Found not a virus Tool.Gendel
F-Prot Antivirus    
Found nothing
Fortinet    
Found HackerTool/Generic.8315
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found nothing
Norman Virus Control    
Found nothing
UNA    
Found nothing
VBA32    
Found nothing
« Last Edit: August 27, 2005, 09:25:00 PM by jib »

Offline jib

  • Newbie
  • *
  • Posts: 3
Re: Suspicious file
« Reply #7 on: August 27, 2005, 09:30:26 PM »
I found a description of it .. in german, which I don't understand  :P

http://www.viruslist.com/de/viruses/encyclopedia?virusid=63636

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84912
  • No support PMs thanks
Re: Suspicious file
« Reply #8 on: August 27, 2005, 10:32:08 PM »
Then try your friend http://babelfish.altavista.com/ and translate the URL rather than paste what you want translated.

Or edit the URL and change /de/ to /en/ english, I tried this and it worked, interestingly there are differences between what is on the German page translated to english, to what is on the English page (no description).

In any case the file if moved to the chest will do no harm rather than delete, leave the file in the chest for a week or two (it can do no harm from there) to ensure no adverse effect from being moved to the chest. Then scan the file again in the chest to ensure it is still detected as infected and if so delete it from the chest.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security