Author Topic: Win32:Trojan-gen. {VC} ERROR! (Read 10240 times)

ginacy · « **on:** February 07, 2004, 02:29:26 PM »

HELP! i detected this virus during my scan using avast! Antivirus (downloaded from www.download.com). some were unable to be deleted; i also detected another .eml virus cant remember the full name.. it starts with an 'N'.. i recieved an ERROR msg saying some cannot be deleted. then i had another re-scan done 2days ago and i clicked "Move Files" and when i juz switched on my laptop, a msg saying there is some error or bug that doesnt allow avast! Antivirus to work!!! now when i do a re-scan using the avast! Virus Cleaner.. there is no Virus found!!! what should i do?!?! :'( now i cant run my avast! antivirus with the following msg => avast!: The AAVM subsystem detected a RPC error. The operation could not be completed. how???

by the way the following files could not be scanned!

Files scanning started...
C:\WINDOWS\system32\config\system.LOG... file could not be scanned!
C:\WINDOWS\system32\config\software.LOG... file could not be scanned!
C:\WINDOWS\system32\config\default.LOG... file could not be scanned!
C:\WINDOWS\system32\config\SAM.LOG... file could not be scanned!
C:\WINDOWS\system32\config\SECURITY.LOG... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat... file could not be scanned!
No virus body found.
Files scanning finished (44867 files, 0 infected, 536.7s).
Drives scanned: C:

igor · « **Reply #1 on:** February 07, 2004, 04:05:52 PM »

Well, the avast! Virus Cleaner removes only the most common viruses - the ones listed in its about box.

Where did you move the infected files? Do you remember some filenames? Could the eml virus be "Nimda"?

(The files that were not possible to scan in your Cleaner log are perfectly OK - it's not any problem.)

ginacy · « **Reply #2 on:** February 07, 2004, 05:21:25 PM »

Quote from: igor on February 07, 2004, 04:05:52 PM

Well, the avast! Virus Cleaner removes only the most common viruses - the ones listed in its about box.

Where did you move the infected files? Do you remember some filenames? Could the eml virus be "Nimda"?

(The files that were not possible to scan in your Cleaner log are perfectly OK - it's not any problem.)

yep. i just checked the avast! Log Viewer (avast!antivirus program). the most common files are under Win32:Nimda-E [Eml]. Some of these files could not be deleted.. i was scared if i delete them it will affect the system. some files could be scanned either. anyway.. 4 trojan-gen files were found...
1. 'Sign of "Win32:Trojan-gen. {VC} has been found in "C:\System Volume Information\_restore{C1521D37-32F7-4F3D-8AF4-BEB9F7CDC1A7}\RP211\A0067864.exe" file.'

2. 'Sign of "Win32:Trojan-gen. {VC} has been found in "C:\System Volume Information\_restore{C1521D37-32F7-4F3D-8AF4-BEB9F7CDC1A7}\RP213\A0068477.exe" file.'

3. 'Sign of "Win32:Trojan-gen. {VC} has been found in "C:\System Volume Information\_restore{C1521D37-32F7-4F3D-8AF4-BEB9F7CDC1A7}\RP213\A0069234.exe" file.'

4. 'Sign of "Win32:Trojan-gen. {VC} has been found in "C:\Program Files\Square Soft, Inc\FINAL FANTASY VIII\igh-ff8-12-v17.exe" file.' -> this is the only file i deleted... from my games file..

And the problem is i DO NOT know the files were moved to $:-\$ the Log Viewer shows all the files it has detected with virus but does not state which ones has been removed..

now my avast!antivirus cant be opened also.. say there is problem bug or invalid data entry $:-\$ what can i do? thank you... in advance..

ginacy · « **Reply #3 on:** February 08, 2004, 03:04:04 PM »

?! anyone knows how to deal with such cases? $:-\$

whocares · « **Reply #4 on:** February 08, 2004, 03:52:29 PM »

Quote from: ginacy on February 07, 2004, 05:21:25 PM

yep. i just checked the avast! Log Viewer (avast!antivirus program). the most common files are under Win32:Nimda-E [Eml]. Some of these files could not be deleted.. i was scared if i delete them it will affect the system. some files could be scanned either. anyway.. 4 trojan-gen files were found...
1. 'Sign of "Win32:Trojan-gen. {VC} has been found in "C:\System Volume Information\_restore{C1521D37-32F7-4F3D-8AF4-BEB9F7CDC1A7}\RP211\A0067864.exe" file.'

2. 'Sign of "Win32:Trojan-gen. {VC} has been found in "C:\System Volume Information\_restore{C1521D37-32F7-4F3D-8AF4-BEB9F7CDC1A7}\RP213\A0068477.exe" file.'

3. 'Sign of "Win32:Trojan-gen. {VC} has been found in "C:\System Volume Information\_restore{C1521D37-32F7-4F3D-8AF4-BEB9F7CDC1A7}\RP213\A0069234.exe" file.'.

Hi,
the Files in the _RESTORE-folder are not a problem anymore,
just deactivate SystemRestore and reboot, and they will be gone..:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

the most pressing problem is whether Nimda has been removed:
post every useful bit of information, e.g. file and pathnames where avast/the cleaner has found it, and what it did with it..

run the avast-virus-cleaner again, and maybe some other removal-tools, e.g. from the following AV-Sites:
www.bitdefender.com
www.f-secure.com
www.symantec.com
http://vil.nai.com/vil/stinger

Only after your system is completely clean may you reactivate the RESTORE-function

ginacy · « **Reply #5 on:** February 08, 2004, 04:34:43 PM »

AHHHHHHHHHHHH...... had this warning!!!

Virus name: Win32:Trojan-gen. {VC}
File Name: C:\Program Files\Avast4\DATA\moved\A0067964.exe
VPS version: 0401-10, 02/06/2004

O.O what now?!

whocares · « **Reply #6 on:** February 08, 2004, 11:38:16 PM »

Quote from: ginacy on February 08, 2004, 04:34:43 PM

AHHHHHHHHHHHH...... had this warning!!!

Virus name: Win32:Trojan-gen. {VC}
File Name: C:\Program Files\Avast4\DATA\moved\A0067964.exe
VPS version: 0401-10, 02/06/2004

O.O what now?!

Hi Gina,

harmless..
avast found a trojan and moved it there (on your request)
just delete it/have avast delete it

And you might want to read a bit in the program documentation/help and in the FAQ's on www.avast.com

Damian · « **Reply #7 on:** March 12, 2004, 11:14:42 AM »

Hi guys. Im new here and yesterday(11 March 2004) I got the Win32:Trojan-gen {VC} and {Other virus. Avast could not get rid of it and so i did a reboot scan. It found around 8 viruses which were in the P2P Networking folder(from Kazaa) and the rest in the C:\System Volume Information\ folder. I got rid of them easily(well I think I did) but then after I turned my PC off and turned it back on Avast found the same virus in the P2P folder again, the same one, and I think it will keep coming back. The P2P file is called MARSHAL.dll and I was thinking that I could stop it from getting back if I uninstalled Kazaa. Could someone help with this, how I can get rid of it. Also could someone tell me what this virus does?

Thx alot guys

whocares · « **Reply #8 on:** March 12, 2004, 11:21:36 AM »

Hi,

uninstalling kazaa is always a good Idea, you alos want to restrict acces to folders open for filesharing (don't share all your PC) just a special, new folder) and use a bit more care with P2P, especially with software and documents

read the other topics in the board on trojan.gen and follow the advice,e.g. scannign with onlinescanners
then come back here if with more info (e.g. the scan results) if the problem persists

Damian · « **Reply #9 on:** March 12, 2004, 11:27:42 AM »

Thanks alot m8, I will try that and I will try them online scanners, but can you assure me 100% that there is no viruses or stuff attached to that web site because I really got enough of viruses and stuff.

whocares · « **Reply #10 on:** March 12, 2004, 11:45:20 AM »

I never got one from there, and they are routinely proposed & used here in the board

Damian · « **Reply #11 on:** March 12, 2004, 07:39:15 PM »

Hey.I didnt do that scan with that web site you gave me coz I got rid of all the viruses I had but 1 keeps coming back. But the thing is it always comes back when I go on my user name (on XP) and when for example my brother goes on nothing happenes. And one more thing, Kazaa isnt installed on me its installed on my dad. But the thing that really gets me is how the f*** does the MARSHAL.dll file gets back onto my computer. The actual place whre the virus is, is :

C:\Windows\system32\P2P Networking\MARSHALL.dll

well I think anyway. Its in the P2P Networking folder in the system32 folder in Windows. I can easily delete it even just by clicking delte and putting it in the bin. And one more thing could someone please tell me wot this virus does so that I know wot 2 expect?
Thx alot if someone could help me out

Damian · « **Reply #12 on:** March 13, 2004, 07:05:45 PM »

Ok guys. I uninstalled kazaa and now i dont av the virus. The thing hat I found out though is that when i got rid of the virus and then turned kazaa on the virus came back by itself, and i couldnt even use kazaa. So if there is anyone with similar problem just get rid of the program thats causing the trouble(in my case kazaa).Btw whocares thx for your help m8.Bye

whocares · « **Reply #13 on:** March 14, 2004, 02:58:41 PM »

Hi,
please scan the dll file with the mentioned onlinescanners, then come back with the results

Author Topic: Win32:Trojan-gen. {VC} ERROR! (Read 10240 times)

ginacy

Win32:Trojan-gen. {VC} ERROR!

igor

Re:Win32:Trojan-gen. {VC} ERROR!

ginacy

Re:Win32:Trojan-gen. {VC} ERROR!

ginacy

Re:Win32:Trojan-gen. {VC} ERROR!

whocares

Re:Win32:Trojan-gen. {VC} ERROR!

ginacy

Re:Win32:Trojan-gen. {VC} ERROR!

whocares

Re:Win32:Trojan-gen. {VC} ERROR!

Damian

Re:Win32:Trojan-gen. {VC} ERROR!

whocares

Re:Win32:Trojan-gen. {VC} ERROR!

Damian

Re:Win32:Trojan-gen. {VC} ERROR!

whocares

Re:Win32:Trojan-gen. {VC} ERROR!

Damian

Re:Win32:Trojan-gen. {VC} ERROR!

Damian

Re:Win32:Trojan-gen. {VC} ERROR!

whocares

Re:Win32:Trojan-gen. {VC} ERROR!