« previous next »
Pages: [1]   Go Down

Author Topic: win32:trojan-gen{upx}  (Read 4294 times)

0 Members and 1 Guest are viewing this topic.

parmstro

  • Guest
win32:trojan-gen{upx}
« on: November 07, 2007, 02:25:44 PM »
found today by avast thorough scan and put into chest.
how can I be sure that everything is clean - anything esle I need to do?
Thanks
Peter
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89129
  • No support PMs thanks
Re: win32:trojan-gen{upx}
« Reply #1 on: November 07, 2007, 02:58:50 PM »
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

Well the thorough scan is as its name implies very thorough and it would be as clean as it could be based on its detection signatures, so you shouldn't have to do anything further. Though avast does a good job in detecting adware/spyware, there are specialist anti-spyware applications that would compliment avast's detections.

These can be periodically run as a back-up scan (on-demand), some are resident (on-access) scanners to provide real-time protection. They shouldn't conflict with avast.

If you haven't already got this software try one (freeware), download, install, update and run it periodically.
1.  If using winXP SUPERantispyware On-Demand only in free version. Or AVG anti-spyware (formerly Ewido) Resident scanner during trial On-Demand after trial ends. Or Spyware Terminator Resident scanner. Or a-Squared free On-Demand only with free version(if using win98/ME).
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

parmstro

  • Guest
Re: win32:trojan-gen{upx}
« Reply #2 on: November 07, 2007, 03:07:03 PM »
Thanks - it was in a bit torrent that i decided i didn't like
I have spybot that i run regularly, but not convinced it catches everything - have just installed PC Tools Spyware Doctor (as one of your forum entries led me there). Will check  out the other sites you pointed me at.
Many thanks
Peter
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89129
  • No support PMs thanks
Re: win32:trojan-gen{upx}
« Reply #3 on: November 07, 2007, 03:24:10 PM »
No problem, welcome to the forums.

I too share your concern about S&D I feel it is becoming rather lightweight, though still useful and as an on-demand scanner doesn't take up any resources other than disk space until you run it, assuming you don't use the resident options. The ones I mentioned I feel provide better protection as does Spyware Doctor, though I'm not convinced it is worth paying for given the quality of the freeware options about.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ew84

  • Guest
Re: win32:trojan-gen{upx}
« Reply #4 on: November 19, 2007, 06:03:59 PM »
Hi,
   I recently had this problem. AVAST detected that I have a trojan by the name of win32:Trojan-gen {UPX} in my c:\windows\system32\confi.exe.

   How should i rectify the problem?

   Please advise me. Thanks

Regards

EW84
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: win32:trojan-gen{upx}
« Reply #5 on: November 19, 2007, 06:26:02 PM »
Quote from: ew84 on November 19, 2007, 06:03:59 PM
How should i rectify the problem?
Rectify? Seems an infected file...
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
Other possibility is JOTTI. VirusTotal and Jotti both have file size limits 10 and 15MB each.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be carefull, you should 'exclude' that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file -  there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
Logged
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33916
  • malware fighter
Re: win32:trojan-gen{upx}
« Reply #6 on: November 19, 2007, 06:26:18 PM »
Hi ew84,

confi.exe - Dangerous
confi.exe
    Confi.exe is W32.Lecna.H.
    W32.Lecna.H is a worm that spreads by copying itself to mapped drives. It also opens a back door and may download potentially malicious code on to the compromised computer.
    Related files:
    %System%\AUTORUN.INF
    %System%\confi.exe
    %System%\Config.ini
    %System%\Recycler.exe
    %System%\uninstx.exe
    %System%\keyvect.dll
    %System%\netscv.exe
    Read more: http://www.symantec.com/en/au/enterprise/security_response/writeup.jsp?docid=2007-082212-5844-99&tabid=2
    Kill the process confi.exe and remove confi.exe from Windows startup

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »