Author Topic: Win32:Trojan-gen.vb  (Read 5971 times)

0 Members and 1 Guest are viewing this topic.

jlkoppe

  • Guest
Win32:Trojan-gen.vb
« on: March 12, 2004, 04:21:53 PM »
Could use some help fixing this one, seems to be a good hider! Run WIN98, avast w/lastest updates/resident scanner/shield/email and spybot. Getting recent notices that a file called

c:\windows\system\updater.exe is Win32:Trojan-gen.vb infected.

Delete it and it just comes back. Safe boot scan with avast comes up empty as does a spybot scan. I see from some previous dealings on this forum that I errored when I tried the online scanner to ID the bug in that I did not stop the avast resident scanners, so I can try this again when I get back to my home PC. Any other advice? Thanks in advance...

Summoner Yuna

  • Guest
Re:Win32:Trojan-gen.vb
« Reply #1 on: March 12, 2004, 04:47:22 PM »
see if trend will dig it up. Post the name of the trojan trend finds. I can look up the specific removal instructions then. Http://housecall.trendmicro.com

jlkoppe

  • Guest
Re:Win32:Trojan-gen.vb
« Reply #2 on: March 12, 2004, 04:52:05 PM »
Thanks! Will try this later today, and report what I find...

jlkoppe

  • Guest
Re:Win32:Trojan-gen.vb
« Reply #3 on: March 12, 2004, 06:58:16 PM »
Hmmm, trend did not find anything either. I would say it's a false positive but the suspect file keeps reappearing after deleting it?!?

Summoner Yuna

  • Guest
Re:Win32:Trojan-gen.vb
« Reply #4 on: March 12, 2004, 11:32:56 PM »
can you sent a copy to the alwil team?

jlkoppe

  • Guest
Re:Win32:Trojan-gen.vb
« Reply #5 on: March 13, 2004, 05:21:45 AM »
Ok, I Zipped/pwd a copy and send it to alwil. Thanks!

jlkoppe

  • Guest
Re:Win32:Trojan-gen.vb
« Reply #6 on: March 13, 2004, 04:30:04 PM »
Looking through forum again and found/used KAV, ID'd the bug as

updater.exe Infected: Trojan.Win32.Wingor

Searching for info now, but advise still welcomed...

jlkoppe

  • Guest
Re:Win32:Trojan-gen.vb
« Reply #7 on: March 13, 2004, 04:51:29 PM »
Investigating further... found this in registry

C:\WINDOWS\SYSTEM\winregsrv.exe

when I look at the properties, the internal name is

synrg.exe

Searching on this filename turns up a number of hits on various worms, so I think this is the culprit.

jlkoppe

  • Guest
Re:Win32:Trojan-gen.vb
« Reply #8 on: March 13, 2004, 05:15:11 PM »
I removed that reg entry and the trojan updater.exe, all seems well now after reboot. Cross my fingers but I think that was the worm/virus and it's dead! Thanks again for your help.