win32 trojan-gen

[cristian14]

my avast 4.8 home edition detected 5 trojans of win32 trojan-gen type. first time I deleted the files .at the end of scanning it shows that the antivirus has not deleted the trojans because it was found in archive format. second scanning , tryed to put the trojans in the virus chest, but again I could not succed with that. Please give me a solution!
After that I've scanned with the online scanner from Eset nod 32 and did not found any viruses. nothing.thank you verry much

[DavidR]

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

Why it can't delete or move from the archive may become apparent when you post the info about the detections. Some archives are using multiple levels of archive making it difficult depending on the archive type.

The on-line scanner may not even be scanning the archive, so it is hard to say one way or another without the information I asked for.

[cristian14]

dear david , indeed you are right about this, avast had found about 5 trojans of that kind.3 in System volume information : restore , binary toolbar.exe and the rest in a download from google, a toolbar of some kind.thank you for your help and I am waiting for a new ideea how to delete these monsters.

[DavidR]

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, 'Schedule boot-time scan...' Or see http://www.digitalred.com/avast-boot-time.php.

That should hopefully be able to deal with those in the system volume information folder.

[cristian14]

Well I have seen another topic of this tipe and turning off restore ,rebooting the pc ,restarting restore,remaking an virus scan , has shown nothing else and now I'm free of these bloody trojans.thank you again.If I can help you with something , don't hesitate calling.

[polonus]

Hi cristian14,

You already helped us by visiting this forum. And yes you have experienced now yourself that the makers of malware use the system restore feature to keep their creations undisturbed onto the Operational System. This forum is a repository of anti-malware knowledge, and it is the source where I learned to help other and this helped me also in various ways,

stay secure and safe,

polonus

[DavidR]

Personally I think that is a flawed conclusion.

System Restore doesn't give a stuff what the file is that is saves in to the system volume information folder as a restore point. All it has to be is removed from a system folder, anything in the system volume information folder is effectively inert as it is a protected area, the files don't retain their original name so can't be run, etc.

The issue is using system restore in the future and restoring what might be an infected restore point.