Author Topic: [b]Help to remove win32:Trojan-gen (other)[/b]  (Read 12085 times)

0 Members and 1 Guest are viewing this topic.

jenijoplin

  • Guest
[b]Help to remove win32:Trojan-gen (other)[/b]
« on: September 03, 2008, 10:53:26 AM »
Hi guys: Help to remove win32:Trojan-gen (other)

Evrey time I scan my computer with avast, avast tell me that I have a virus, but evrey time I try to move to chest, remove or any action avst sent me an error message, please help me I don't know what to do.

I pasted the avast report below, one more thing I have vista plataform.

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on 31 August 2008 10:43:14
* VPS: 080830-0, 30/08/2008
*

C:\$Recycle.Bin\S-1-5-21-3646361635-137373463-58021350-1000\$RJZGKRN.iso\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
C:\Applications\OEM\DVD1.iso\WIMFILES\SPL_VISTA.SWM [E] The file is a decompression bomb. (42110)
C:\Documents and Settings [E] The system cannot find the path specified (3)
C:\Program Files\Alwil Software\Avast4\DATA\moved\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
File was successfully deleted...
C:\ProgramData\Application Data [E] The system cannot find the path specified (3)
C:\ProgramData\Desktop [E] The system cannot find the path specified (3)
C:\ProgramData\Documents [E] The system cannot find the path specified (3)
C:\ProgramData\Favorites [E] The system cannot find the path specified (3)
C:\ProgramData\Start Menu [E] The system cannot find the path specified (3)
C:\ProgramData\Templates [E] The system cannot find the path specified (3)
C:\Users\All Users [E] The system cannot find the path specified (3)
C:\Users\Default\AppData\Local\Application Data [E] The system cannot find the path specified (3)
C:\Users\Default\AppData\Local\History [E] The system cannot find the path specified (3)
C:\Users\Default\AppData\Local\Temporary Internet Files [E] The system cannot find the path specified (3)
C:\Users\Default\Application Data [E] The system cannot find the path specified (3)
C:\Users\Default\Cookies [E] The system cannot find the path specified (3)
C:\Users\Default\Documents\My Music [E] The system cannot find the path specified (3)
C:\Users\Default\Documents\My Pictures [E] The system cannot find the path specified (3)
C:\Users\Default\Documents\My Videos [E] The system cannot find the path specified (3)
C:\Users\Default\Local Settings [E] The system cannot find the path specified (3)
C:\Users\Default\My Documents [E] The system cannot find the path specified (3)
C:\Users\Default\NetHood [E] The system cannot find the path specified (3)
C:\Users\Default\PrintHood [E] The system cannot find the path specified (3)
C:\Users\Default\Recent [E] The system cannot find the path specified (3)
C:\Users\Default\SendTo [E] The system cannot find the path specified (3)
C:\Users\Default\Start Menu [E] The system cannot find the path specified (3)
C:\Users\Default\Templates [E] The system cannot find the path specified (3)
C:\Users\Default User [E] The system cannot find the path specified (3)
C:\Users\Public\Documents\My Music [E] The system cannot find the path specified (3)
C:\Users\Public\Documents\My Pictures [E] The system cannot find the path specified (3)
C:\Users\Public\Documents\My Videos [E] The system cannot find the path specified (3)
Infected files: 2
Total files: 353144
Total folders: 16097
Total size: 43.0 GB

*
* Task stopped: 31 August 2008 13:49:47
* Run-time was 3 hour(s), 6 minute(s), 33 second(s)
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on 03 September 2008 00:18:26
* VPS: 080902-0, 02/09/2008
*

C:\$Recycle.Bin\S-1-5-21-3646361635-137373463-58021350-1000\$RJZGKRN.iso\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on 03 September 2008 08:40:33
* VPS: 080902-0, 02/09/2008
*

C:\$Recycle.Bin\S-1-5-21-3646361635-137373463-58021350-1000\$RJZGKRN.iso\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
While moving file to chest, error occurred: The operation is not supported for this type of archive.
C:\Applications\OEM\DVD1.iso\WIMFILES\SPL_VISTA.SWM [E] The file is a decompression bomb. (42110)
C:\Documents and Settings [E] The system cannot find the path specified (3)
Infected files: 1
Total files: 239901
Total folders: 3498
Total size: 26.3 GB

*
* Task stopped: 03 September 2008 09:36:40
* Run-time was 56 minute(s), 7 second(s)
*

« Last Edit: September 03, 2008, 10:56:32 AM by jenijoplin »

lind

  • Guest
Re: [b]Help to remove win32:Trojan-gen (other)[/b]
« Reply #1 on: September 03, 2008, 12:34:50 PM »
    Hi guys: Help to remove win32:Trojan-gen (other)

    Evrey time I scan my computer with avast, avast tell me that I have a virus, but evrey time I try to move to chest, remove or any action avst sent me an error message, please help me I don't know what to do.

    I pasted the avast report below, one more thing I have vista plataform.

    *
    * avast! Report
    * This file is generated automatically
    *
    * Task 'Simple user interface' used
    * Started on 31 August 2008 10:43:14
    * VPS: 080830-0, 30/08/2008
    *

    C:\$Recycle.Bin\S-1-5-21-3646361635-137373463-58021350-1000\$RJZGKRN.iso\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
    While moving file to chest, error occurred: The operation is not supported for this type of archive.
    C:\Applications\OEM\DVD1.iso\WIMFILES\SPL_VISTA.SWM [E] The file is a decompression bomb. (42110)
    C:\Documents and Settings [E] The system cannot find the path specified (3)
    C:\Program Files\Alwil Software\Avast4\DATA\moved\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
    File was successfully deleted...
    C:\ProgramData\Application Data [E] The system cannot find the path specified (3)
    C:\ProgramData\Desktop [E] The system cannot find the path specified (3)
    C:\ProgramData\Documents [E] The system cannot find the path specified (3)
    C:\ProgramData\Favorites [E] The system cannot find the path specified (3)
    C:\ProgramData\Start Menu [E] The system cannot find the path specified (3)
    C:\ProgramData\Templates [E] The system cannot find the path specified (3)
    C:\Users\All Users [E] The system cannot find the path specified (3)
    C:\Users\Default\AppData\Local\Application Data [E] The system cannot find the path specified (3)
    C:\Users\Default\AppData\Local\History [E] The system cannot find the path specified (3)
    C:\Users\Default\AppData\Local\Temporary Internet Files [E] The system cannot find the path specified (3)
    C:\Users\Default\Application Data [E] The system cannot find the path specified (3)
    C:\Users\Default\Cookies [E] The system cannot find the path specified (3)
    C:\Users\Default\Documents\My Music [E] The system cannot find the path specified (3)
    C:\Users\Default\Documents\My Pictures [E] The system cannot find the path specified (3)
    C:\Users\Default\Documents\My Videos [E] The system cannot find the path specified (3)
    C:\Users\Default\Local Settings [E] The system cannot find the path specified (3)
    C:\Users\Default\My Documents [E] The system cannot find the path specified (3)
    C:\Users\Default\NetHood [E] The system cannot find the path specified (3)
    C:\Users\Default\PrintHood [E] The system cannot find the path specified (3)
    C:\Users\Default\Recent [E] The system cannot find the path specified (3)
    C:\Users\Default\SendTo [E] The system cannot find the path specified (3)
    C:\Users\Default\Start Menu [E] The system cannot find the path specified (3)
    C:\Users\Default\Templates [E] The system cannot find the path specified (3)
    C:\Users\Default User [E] The system cannot find the path specified (3)
    C:\Users\Public\Documents\My Music [E] The system cannot find the path specified (3)
    C:\Users\Public\Documents\My Pictures [E] The system cannot find the path specified (3)
    C:\Users\Public\Documents\My Videos [E] The system cannot find the path specified (3)
    Infected files: 2
    Total files: 353144
    Total folders: 16097
    Total size: 43.0 GB

    *
    * Task stopped: 31 August 2008 13:49:47
    * Run-time was 3 hour(s), 6 minute(s), 33 second(s)
    *

    *
    * avast! Report
    * This file is generated automatically
    *
    * Task 'Simple user interface' used
    * Started on 03 September 2008 00:18:26
    * VPS: 080902-0, 02/09/2008
    *

    C:\$Recycle.Bin\S-1-5-21-3646361635-137373463-58021350-1000\$RJZGKRN.iso\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
    *
    * avast! Report
    * This file is generated automatically
    *
    * Task 'Simple user interface' used
    * Started on 03 September 2008 08:40:33
    * VPS: 080902-0, 02/09/2008
    *

    C:\$Recycle.Bin\S-1-5-21-3646361635-137373463-58021350-1000\$RJZGKRN.iso\AUTORUN.EXE [L] Win32:Trojan-gen {Other} (0)
    While moving file to chest, error occurred: The operation is not supported for this type of archive.
    C:\Applications\OEM\DVD1.iso\WIMFILES\SPL_VISTA.SWM [E] The file is a decompression bomb. (42110)
    C:\Documents and Settings [E] The system cannot find the path specified (3)
    Infected files: 1
    Total files: 239901
    Total folders: 3498
    Total size: 26.3 GB

    *
    * Task stopped: 03 September 2008 09:36:40
    * Run-time was 56 minute(s), 7 second(s)
    *



    Hi jenijoplin

    This is some information about win32:Trojan-gen (other)

    Win32:Trojan-gen.(Avast AV name) - a Backdoor Trojan horse that allows a compromised computer to be used as a Web proxy. This Trojan also attempts to steal cached passwords from an infected computer.
    Backdoor.Berbew.B - Symantec name
    Symantec description and removal instructions

    I Suggest
     you use the ffl. program to try to remove the malicious software from your system


    1st We have SuperAntiSpyware

    Download link

    Quote
    http://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe

    Instruction:
    Download the software then install after wards update to current version then go to setting then check the Full System Scan ( this is very important )
    when the program detect the spyware/trojan/malware delete it after deletion it would require a system
    Restart then scan again if the malicious software came back (just for double check^_^

    2nd
    We Have Malwarebytes'

    If you follow these instructions, everything should go smoothly.


        Please download Malwarebytes' Anti-Malware and save it to a convenient location.
    [list=1]
       
    • Double click on mbam-setup.exe to install it.
         
    • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
        Update Malwarebytes' Anti-Malware
            Launch Malwarebytes' Anti-Malware
      • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
           
      • Select the Scanner tab. Click on Perform full scan, then click on Scan.
           
      • Leave the default options as it is and click on Start Scan.
           
      • When done, you will be prompted. Click OK, then click on Show Results.
           
      • Checked (ticked) all items and click on Remove Selected.
           
      • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
      Next,
           
      • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
           
      • Double click on RSIT.exe to run RSIT.
           
      • Click Continue at the disclaimer screen.
           
      • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
      Please post the following:
      • The Malwarebyte's Anti-Malware log
      • The contents of log.txt
      • The contents of info.txt

      Reminder:

      You can use Avast to remove the trojan u can only use the ffl. program if avast is unable to remove the malicious software from your PC  You can Use 30 days trial of Avast Pro it's a very good device :3 promise

      « Last Edit: September 03, 2008, 12:37:37 PM by lind »

      lind

      • Guest
      « Last Edit: September 03, 2008, 12:53:04 PM by lind »

      lind

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #3 on: September 03, 2008, 12:46:20 PM »
      Hi jenijoplin

      There are the same discussion about this malicious software in the ffl. site
      1st
      Quote
      http://www.pcadvisor.co.uk/forums/index.cfm?action=showthread&threadid=335312&forumid=1
      2nd
      Quote
      http://www.computing.net/answers/security/win32trojangenother-virus/18391.html
      3rd
      Quote
      http://www.techsupportforum.com/security-center/hijackthis-log-help/280247-vbs-malware-gen-win32-trojan-gen-other.html
      4th
      http://www.techspot.com/vb/topic72536.html

      This is From our own Furom

      Quote
      http://forum.avast.com/index.php?topic=37434.0

      This is a discussion form Microsoft (i recommend you read them)

      Quote
      http://support.microsoft.com/kb/309531



      Note:
      If my first guide dint work feel free to look around the fll. site there a thing or two to learned ^^
      ( I post this b4 my :3 )
      Hope this Help XD
      « Last Edit: September 03, 2008, 02:41:05 PM by lind »

      Tripp

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #4 on: September 07, 2008, 02:35:58 AM »
      I have the virus too. It sounds like the tools you recommend delete the infected files. My Avast scanner says that the infected file is in the folder called "System Volume Information", file name "A0080105". I am a bit squeamish about deleting a system file, assuming the system will even allow it. It is so sacred that the system will not even allow me to open the folder to look at its contents.

      What should I do?

      I have Windows XP Pro x64 v. 2003 SP2 on an AMD Athlon 64-bit processor # 3200+

      Offline DavidR

      • Avast Überevangelist
      • Certainly Bot
      • *****
      • Posts: 89420
      • No support PMs thanks
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #5 on: September 07, 2008, 02:40:25 AM »
      If you have moved it to the chest successfully personally I would leave it at that. Files in the System Volume Information folder are there because they have either been deleted or moves from the system folders by system restore as a back-up. So I would say it has limited value.

      There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
      Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

      Tripp

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #6 on: September 07, 2008, 03:16:07 AM »
      Sorry, I had not read all your references. I managed to get access to the file, and since it was fairly old, I just deleted it. I hope it was a false positive. I'll call you back if anything bizzare happens.

      Offline Tarq57

      • Avast Evangelist
      • Massive Poster
      • ***
      • Posts: 3694
      • If at first you don’t succeed; call it version 1.0
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #7 on: September 07, 2008, 03:24:28 AM »
      For info, "System volume information" refers to the files which may be used by system restore. A protected area, difficult (but not impossible) to access. (Not recommended nor, usually, required.)
      I've found that the worst that happens upon deleting malware found in this area of the PC is that it sometimes disables a restore point from working.
      Windows 10,Windows Firewall,Firefox w/Adblock.

      wyrmrider

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #8 on: September 07, 2008, 05:50:36 AM »
      Guys Guys
      Files in Restore do not require Nuclear War techniques
      neither do Avast move on reboot files
      Here we have an avast detection of a move of a file in restore
      big question is where did this bad boy come from and how do we keep from getting it again
      since the source of the file is not shown- if it was I missed it let's just do a general clean up

      first If you have not run a boot time Avast scan Rt click the ball and "update programs"
      the rt click again and schedule a boot time scan
      reboot
      OR if you have done this already recently run a Kaspersky on line scan
      or do one now one later
      then
      Download, install, update and run malware bytes anti malware
      if any hits put a check in the box
      then click REMOVE CHECKED
      post the log

      now Run CCleaner or ATV cleaner
      defrag
      set a new restore point

      If the posts lind referrs to indicate anything else needs to be done post back

      BobWatson

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #9 on: September 10, 2008, 04:00:24 AM »
      Thanks for your post. I downloaded the WIN:32TROJAN-GEN{OTHER} from an e-mail from 123Greetings.com. I checked the site and it seemed kosher and then I saved to a pen driver. Open and installed the bad boy thinking it was a greeting card from one of my Italian friends.

      I checked the forums of other victims and decided your guidance was the most recent and didn't appear to involve rocket science or, my 6 yr old son's help.

      Ok, so it's 3am but the trojan hasn't appeared and Avast isn't going ding a ling. Hopefully it won't re occur and I can get on with my life.

      I forgot to do a new restore point, could this cause any issues?

      Thanks again!

      wyrmrider

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #10 on: September 10, 2008, 04:15:11 AM »
      Nah
      have your 6 year old set a new restore point
      today was MS monthly update day
      always a good time to run secunia software inspector
      if you java is out of date run JAVARA to do a clean up prior to upgrading

      BobWatson

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #11 on: September 12, 2008, 01:37:36 AM »
      Hi, thanks again for your help about the trojan. I was wondering about the memory stick I downloaded the the trojan app onto, will this be best burned or can I re use the stick?

      wyrmrider

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #12 on: September 12, 2008, 05:24:39 AM »
      MS has that stick protector thingie  someone can give you the link
      I would think avast could scan it if it shows up as a drive, so could the other apps
      USB stick expert out there?

      wyrmrider

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #13 on: September 12, 2008, 07:57:42 PM »
      see this spybot post for one answer
      http://forums.spybot.info/showthread.php?t=34034

      BB67

      • Guest
      Re: [b]Help to remove win32:Trojan-gen (other)[/b]
      « Reply #14 on: September 12, 2008, 08:37:31 PM »
      Ive been searching this forum for 2 days for some help with my trojan, rootkit prob.  Much like many I see, I am a complete idiot when it come to the guts of this computer.  I can tell you that:
      1. I have no idea where I picked it up.  Let Nortons expire, no protection for 12 wksish. Just noticed a little slow motion in my picture files, clips.  Got concerned.  Meanwhile, also worried about online security compromise, banking etc.
      2. Downloaded Avast free to my Vista platform.  Immediatle got this, and put it in chest.
      A1127-tmpapi.exe       c:users\lisa\app data\local\temp           5-4-08
      imgtask.exe                c:\windows                                       12-2006

      3.Decided to run antirootkit, gotthis.  Did not fix. Too scared.
      avast! Antirootkit, version 0.9.6
      Scan started: Thursday, September 11, 2008 3:43:07 PM

      File C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JWRL662M\bind[2].htm  **HIDDEN**
      File C:\Windows\Temp\_avast4_\unp150944326.tmp  **HIDDEN**

      Scan finished: Thursday, September 11, 2008 3:49:07 PM
      Hidden files found: 2
      Hidden registry items found: 0
      Hidden processes found: 0
      Hidden services found: 0
      Hidden boot sectors found: 0


      Can anyone help. Not sure how to proceed, need clean registry, or what.

      Thanks