Author Topic: Avast! cannot remove Win32:Trojan-gen! (Read 5359 times)

alcllee · « **on:** November 12, 2005, 03:39:11 PM »

My com is new!
but when i take it from the com shop n open, then i install avast! anti virus n found Win32:Trojan-gen!
but i try 2 remove many time but stil cannot remove!
anybody can help?
tnks!

DavidR · « **Reply #1 on:** November 12, 2005, 03:50:37 PM »

It is not so much that avast can't remove it, rather because it is in use windows protects it from deletion of being moved.

- What OS are you using? is it up to date?
- What avast! version and VPS file (virus database) number, e.g. 0436-4 (see about avast!)
- What was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
- What actions have you taken to try and resolve the problem?

If you are using winXP or an NT based OS then I suggest you schedule a boot-time scan from within avast.

alcllee · « **Reply #2 on:** November 12, 2005, 04:10:40 PM »

My os is Windows XP (sp1)
i use Avast! Ver. 4.6 pro.
VPS file - 0545-2 (11 oct 2005)
there write the infected file is : C:\windows\system32\msdirectx.sys and C:\document and settings\user\xpjava.exe

FreewheelinFrank · « **Reply #3 on:** November 12, 2005, 04:21:07 PM »

A new computer with SP1? Surely new computers come with SP2 now?

Anyway, you've been infected by a rootkit. Fortunately there's a cure:

http://forum.avast.com/index.php?topic=14618.msg142666#msg142666

Hint: The random.exe file you'll need to kill will be xpjava.exe

Here's somebody else who had the xpjava.exe infection:

http://forum.avast.com/index.php?topic=14837.0

When you've cleaned up the infection, you'll need to install a firewall and visit the Microsoft update site and download every critical update or you're just going to get reinfected again very quickly.

DavidR · « **Reply #4 on:** November 12, 2005, 04:25:45 PM »

Once you have worked through FWFs very useful information, you might want to consider giving yourself a fighting chance by not allowing viruses to have administrator privileges.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator.

FreewheelinFrank · « **Reply #5 on:** November 12, 2005, 04:30:13 PM »

Skip my blundering attempts to remove the malware and use Noahdfear's much more concise explanation of how to remove the rootkit!

Author Topic: Avast! cannot remove Win32:Trojan-gen! (Read 5359 times)

alcllee

Avast! cannot remove Win32:Trojan-gen!

DavidR

Re: Avast! cannot remove Win32:Trojan-gen!

alcllee

Re: Avast! cannot remove Win32:Trojan-gen!

FreewheelinFrank

Re: Avast! cannot remove Win32:Trojan-gen!

DavidR

Re: Avast! cannot remove Win32:Trojan-gen!

FreewheelinFrank

Re: Avast! cannot remove Win32:Trojan-gen!