Please help: Win32: Trojan-gen {Other} found in C:Program Files

[optirobk]

What do I do once I've moved the Win32: Trojan-gen {Other} to the chest? I do most of my business online and I want to know if I will be safe to continue? How do I delete and search for others?
It is located in C:Program Files\Updates from HP\137903\Program\BackWeb-137903.exe.

I looked for the file but could not find it? Please help...

[polonus]

Hi optirobk,

Consider this here: http://www.file.net/process/backweb-137903.exe.html
It is however possible this is a heuristic find and therefore could be a FP.
Before moving to the chest, you could have uploaded BackWeb-137903.exe to virustotal.com and see what other av scanners flag it, then make a decision. It is a non-essential from HP so that is reassuring,

polonus

[DavidR]

A file that is moved to the chest a protected area (quarantine) can do no harm.

You don't say where you looked, if in the original location you won't find it there it has been moved.

If you used explorer to check the chest folder you won't see the original file name there either. Files are encrypted and renamed in the chest, so that you can't tell what is in the chest. It is part of the protection so there effectively can't be any interaction from outside the chest.

If you open the Chest and look in the Infected Files section, there you will see the original file name. To open the chest start the Simple User Interface, Menu (or right click on the skin) and select Virus Chest or direct access C:\Program Files\Alwil Software\Avast4\ashChest.exe (make a shortcut for quicker access).

####
You should also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

[optirobk]

Thank you, I will do that. Once they are in the chest are they there for good?

I am currently running Spybot, Avast and most recently Zone Alarm, the subscription expired 2 days ago. Is there a combination of programs that is most effective that I should be running? If so, what are they? Also, what should I use to clean my system? And how should I do it?

Thank you!

[DavidR]

Yes - There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

I would say Spybot is a little dated but some rate it. You only nee to look at my signature under my posts to see what I use

1. SUPERantispyware On-Demand only in free version.
2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

I'm not a fan of zone alarm, I feel it has become too bloated, but if you are comfortable with it.
There are many freeware firewalls such as, Comodo (care required now it is a suite not to install the anti-virus element), PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.

Welcome to the forums.